增加管理员登陆验证的过滤器，接口分设备调用、管理员调用进行分别鉴权

src/main/java/cn/efunbox/audio/aop/AdminInterceptor.java

@@ -0,0 +1,66 @@
+package cn.efunbox.audio.aop;
+
+import cn.efunbox.audio.consts.Consts;
+import cn.efunbox.audio.entity.Admin;
+import cn.efunbox.audio.entity.Device;
+import cn.efunbox.audio.service.AdminService;
+import cn.efunbox.audio.service.DeviceService;
+import cn.efunbox.audio.util.ApiCode;
+import cn.efunbox.audio.util.HttpUtil;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.data.redis.core.StringRedisTemplate;
+import org.springframework.data.redis.core.ValueOperations;
+import org.springframework.web.servlet.HandlerInterceptor;
+import org.springframework.web.servlet.ModelAndView;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * 管理员验证拦截器
+ * Created by yao on 17-9-29.
+ */
+
+public class AdminInterceptor implements HandlerInterceptor {
+
+    @Autowired
+    AdminService adminService;
+    @Autowired
+    StringRedisTemplate stringRedisTemplate;
+
+    @Override
+    public boolean preHandle(HttpServletRequest request,
+                             HttpServletResponse response, Object handler) throws Exception {
+        String id = request.getParameter("id");
+        String token = request.getParameter("token");
+        if(id==null || token==null){
+            HttpUtil.responseApiCode(request, response, ApiCode.PARAMETER_ERROR);
+            return false;
+        }
+        ValueOperations valueOperations = stringRedisTemplate.opsForValue();
+        String tokenSes = valueOperations.get(Consts.REDIS_ADMIN+id)==null?
+                "":valueOperations.get(Consts.REDIS_ADMIN+id).toString();
+        if(false == tokenSes.equalsIgnoreCase(token)){
+            HttpUtil.responseApiCode(request, response, ApiCode.INVALID_TOKEN);
+            return false;
+        }
+
+        return true;
+    }
+
+    @Override
+    public void postHandle(HttpServletRequest request,
+                           HttpServletResponse response, Object handler,
+                           ModelAndView modelAndView) throws Exception {
+    }
+
+    @Override
+    public void afterCompletion(HttpServletRequest request,
+                                HttpServletResponse response, Object handler, Exception ex)
+            throws Exception {
+
+    }
+
+}

src/main/java/cn/efunbox/audio/config/AuthConfig.java

@@ -1,5 +1,6 @@
 package cn.efunbox.audio.config;
 
+import cn.efunbox.audio.aop.AdminInterceptor;
 import cn.efunbox.audio.aop.AuthInterceptor;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.EnvironmentAware;
@@ -28,11 +29,19 @@ public class AuthConfig extends WebMvcConfigurerAdapter{
         return new AuthInterceptor();
     }
 
+    @Bean
+    AdminInterceptor adminInterceptor(){
+        return new AdminInterceptor();
+    }
+
     @Override
     public void addInterceptors(InterceptorRegistry registry) {
         registry.addInterceptor(authInterceptor())
+                .addPathPatterns("/audio/search");
+
+        registry.addInterceptor(adminInterceptor())
                 .addPathPatterns("/**")
-                .excludePathPatterns("/device/**", "/admin/**", "/channel/insert");
+                .excludePathPatterns("/device/**", "/admin/**", "/audio/search");
     }
 
 }

src/main/java/cn/efunbox/audio/consts/Const.java

@@ -3,6 +3,6 @@ package cn.efunbox.audio.consts;
 /**
  * Created by yao on 17-10-16.
  */
-public class Const {
+public class Consts {
     public static final String REDIS_ADMIN = "efunbox_audio_admin_";
 }

src/main/java/cn/efunbox/audio/controller/AdminController.java

@@ -1,28 +1,27 @@
 package cn.efunbox.audio.controller;
 
-import cn.efunbox.audio.consts.Const;
+import cn.efunbox.audio.consts.Consts;
 import cn.efunbox.audio.entity.Admin;
-import cn.efunbox.audio.entity.Channel;
 import cn.efunbox.audio.service.AdminService;
-import cn.efunbox.audio.service.ChannelService;
 import cn.efunbox.audio.util.ApiCode;
 import cn.efunbox.audio.util.Common;
 import cn.efunbox.audio.util.HttpUtil;
 import lombok.extern.slf4j.Slf4j;
-import org.apache.tomcat.util.security.MD5Encoder;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.data.redis.core.StringRedisTemplate;
 import org.springframework.data.redis.core.ValueOperations;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RestController;
-import sun.security.provider.MD5;
-import sun.security.rsa.RSASignature;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import java.text.SimpleDateFormat;
+import java.util.Date;
 import java.util.List;
 import java.util.UUID;
+import java.util.concurrent.TimeUnit;
 
 /**
  * Created by yao on 17-9-26.
@@ -36,6 +35,8 @@ public class AdminController {
     AdminService adminService;
     @Autowired
     StringRedisTemplate stringRedisTemplate;
+    @Value("${admin.token.expire}")
+    int tokenExpire = 24*30;
 
     @RequestMapping(value = "/login" ,method = RequestMethod.POST)
     public void Search(HttpServletRequest request, HttpServletResponse response){
@@ -55,7 +56,7 @@ public class AdminController {
 //        System.out.println(pwdMD5);
 //        System.out.println(admin.getPwd());
         if(pwdMD5.equalsIgnoreCase(admin.getPwd())){
-            String token = UUID.randomUUID().toString().substring(0, 16);
+            String token = UUID.randomUUID().toString().replaceAll("-","");
             admin.setToken(token);
             adminService.Update(admin);
             admin.setPwd("");
@@ -79,8 +80,8 @@ public class AdminController {
         }
         if(idChannel==null || idChannel.length()==0)
             idChannel = "0";
-        String salt = UUID.randomUUID().toString().substring(0, 16);
-        String token = UUID.randomUUID().toString().substring(0, 16);
+        String salt = UUID.randomUUID().toString().replaceAll("-","");
+        String token = UUID.randomUUID().toString().replaceAll("-", "");
         String pwdMD5 = Common.getMD5(Common.getMD5(pwd) + salt);
 
         List<Admin> list = adminService.SearchByName(name);
@@ -107,6 +108,6 @@ public class AdminController {
      */
     public void SaveRedis(Admin admin){
         ValueOperations valueOperations = stringRedisTemplate.opsForValue();
-        valueOperations.set(Const.REDIS_ADMIN+admin.getId(), admin.getToken());
+        valueOperations.set(Consts.REDIS_ADMIN+admin.getId(), admin.getToken(), tokenExpire*3600, TimeUnit.SECONDS);
     }
 }

src/main/resources/application.properties

@@ -65,4 +65,11 @@ oss.auth.endpoint = oss-cn-beijing.aliyuncs.com
 #bucket名称，如"efunaudio"
 oss.auth.bucketName = efunaudio
 #url授权链接的过期时间
-oss.auth.url_expiration = 3600
+oss.auth.url_expiration = 3600
+
+
+########################################################
+### Admin 管理员基本配置；
+########################################################
+# 管理员token的过期时间为24小时
+admin.token.expire=24