使用场景：通常我们需要对每一个请求进行过滤，比如权限或者是登录状态（token），此时我们不必再每个请求中传递token和username这两个参数，可以将其放在HttpServletRequest对象，然后从中获取，再使用spring mvc的拦截器进行验证，成功则返回true。

1.下面我们以token拦截器为例：创建拦截器TokenInterceptor.java

package com.a.b.common.web.interceptor;

import com.a.b.common.util.AccessRestProxy;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * token登录拦截器
 * <p>
 * <code>HandlerInterceptorAdapter</code>
 * </p>
 *
 * @author Mcchu
 * @version 1.0 @date 2017-07-27
 * @since 1.0
 */
public class TokenInterceptor extends HandlerInterceptorAdapter {

    private static final Log log = LogFactory.getLog(TokenInterceptor.class);

    private static final String NO_AUTHORITY_ACTION = "/tokenInvalid";

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception{
        String userAccount=request.getParameter("userAccount");
        String token=request.getParameter("token");
        Boolean hasToken = AccessRestProxy.hasToken(userAccount,token);
        if (hasToken){
            log.info("token验证通过");
            return true;
        }else {
            response.sendRedirect(request.getContextPath() + NO_AUTHORITY_ACTION);
            log.info("token验证失败，没有权限");
            return false;
        }
    }

}

2.token验证失败重定向到一个返回失败信息的请求路径：

    /**
     * Token验证失败返回信息
     * @return
     */
    @GetMapping("/tokenInvalid")
    @ResponseBody
    public ResponseEntity<ResponseVo<String>> noTokenAuthority(){
        ResponseVo<String> responseVo = new ResponseVo<>("false", GpsMsgKey.getTipMsg("no_authority"), "Token验证失败，请重新登陆");
        ResponseEntity<ResponseVo<String>> responseEntity = new ResponseEntity<ResponseVo<String>>(responseVo, HttpStatus.OK);
        return responseEntity;
    }

3.mvc拦截器设置，spring mvc配置文件里：

    <mvc:interceptors>
        <mvc:interceptor>
            <mvc:mapping path="/gps/setting/getGPSSetting"/>
            <mvc:mapping path="/gpsDateCtl/uploadGPS/"/>
            <mvc:mapping path="/gps/law/getLaw"/>
            <mvc:mapping path="/gps/user/setting/isValidGPS"/>
            <mvc:exclude-mapping path="/resources/**" />
            <bean class="com.a.b.common.web.interceptor.TokenInterceptor" />
        </mvc:interceptor>-->
    </mvc:interceptors>