• notice
  • Congratulations on the launch of the Sought Tech site

How SpringBoot implements login interception detailed process through ThreadLocal

1 Introduction

Registration and login can be said to be the most common thing in normal development, but generally after entering the company, functions like this have been developed long ago, unless it is a new project. In the past two days, I happened to encounter such a need to complete the registration and login function on the PC side.

There are many ways to achieve such a requirement: like


2) Filter filter

3) Security Framework Shiro (Lightweight Framework)

4) Security framework Spring Securety (heavyweight framework)

And I use the first Spring HandlerInterceptor+WebMvcConfigurer+ThreadLocal technology to implement.

2 specific classes


HandlerInterceptor is an interface provided for interceptors in springMVC, which is similar to the filter in Servlet development. It is used for processor preprocessing and postprocessing, and three methods need to be rewritten.


Call time: before the controller method is processed

Execution order: In the case of chained Intercepters, Intercepters are executed one by one in the order of declaration

If it returns false, the execution will be interrupted. Note: afterCompletion will not be entered


Call premise: preHandle returns true

Call time: After the Controller method is processed, before the DispatcherServlet renders the view, that is to say, the ModelAndView can be operated in this method

Execution order: In the case of chained Interceptors, the Interceptors are executed in the order of declaration

Note: Although postHandle starts with post, post requests and get requests can be processed


Call premise: preHandle returns true

Call time: after DispatcherServlet renders the view

Mostly used to clean up resources


The WebMvcConfigurer configuration class is actually an Springinternal configuration method. It adopts JavaBeanthe form to replace the traditional xmlconfiguration file form to customize the framework. Some Handler, Interceptor, ViewResolver, and MessageConverter can be customized. Based on the java-based spring mvc configuration, you need to create a configuration class and implement the WebMvcConfigurerinterface;

In Spring Boot version 1.5, custom interceptors, message converters, etc. are added by overriding the method of WebMvcConfigurerAdapter. After SpringBoot 2.0, this class is marked as @Deprecated. The official recommendation is to directly implement WebMvcConfigurer or directly inherit WebMvcConfigurationSupport. The first method implements the WebMvcConfigurer interface (recommended), and the second method inherits the WebMvcConfigurationSupport class.

3 Code Practice

1) Write the interceptor HeadTokenInterceptor to inherit HandlerInterceptor

package com.liubujun.config;
import com.liubujun.moudle.UserToken;
import com.liubujun.util.SecurityContextUtil;
import lombok.extern.slf4j.Slf4j;
import org.springframework.http.HttpStatus;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.ws.handler.Handler;
import java.io.IOException;
* @Author: liubujun
* @Date: 2022/5/21 16:12
@Component@Slf4j public class HeadTokenInterceptor implements HandlerInterceptor {
   public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
       String authorization = request.getHeader("Authorization");
       if (authorization == null ) {
           unauthorized(response) ;
           return false;
       //The value of userToken is generally parsed here, and UserToken is directly new here for convenience
       userToken = new UserToken();
       return false;
   public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
   public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
   private void unauthorized(HttpServletResponse response) {
       try {
       } catch (IOException e) {
           log.error("HttpServletResponse writer error.msg",HttpStatus.UNAUTHORIZED.getReasonPhrase());

2) Write MyWebMvcConfigurer to inherit WebMvcConfigurationSupport

package com.liubujun.config;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.context.annotation.Configuration;import org.springframework.web.servlet.config.annotation.InterceptorRegistry;import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;import org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport;import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;import java.util.ArrayList;/**
* @Author: liubujun
* @Date: 2022/5/21 16:40
*/@Configurationpublic class MyWebMvcConfigurer extends WebMvcConfigurationSupport {
   private HeadTokenInterceptor headTokenInterceptor;
    * Similar to the whitelist, requests added here will not go through the interceptor
    * @param registry
   public void addInterceptors(InterceptorRegistry registry) {
       ArrayList<String> pattres = new ArrayList<> ();
    * add static Resource
    * @param registry

3) Write a ThreadLocal class to store user information

package com.liubujun.util;import com.liubujun.moudle.UserToken;import org.springframework.core.NamedThreadLocal;/**
* @Author: liubujun
* @Date: 2022/5/23 9:41
*/public class SecurityContextUtil {
   private static ThreadLocal<UserToken> threadLocal = new NamedThreadLocal<>("user");
   public static void addUser(UserToken user){
   public static UserToken getUser(){
       return threadLocal.get();
   public static void removeUser(){
   public static String getPhoneNumber(){
       return threadLocal.get().getPhoneNumber();
   public static Integer getId(){
       return threadLocal.get().getId();
   public static String getUserText(){
       return threadLocal.get().getUserText();

4) Write a test controller

@RestController @RequestMapping(value = "/login",produces = {"application/json;charset=UTF-8"}) public class Login { 
   public String login(){
       return "Login request No need to intercept";
   public String other(){
       return "Other requests need to be intercepted";
   } }

5) Test

Test the login interface, (let it go directly without passing the token)

Test other interfaces without passing the token to be intercepted


Technical otaku

Sought technology together

Related Topic


Leave a Reply