很难深入研究它,但发现它
ResponseBodyAdvice可能适合我的目的。因此,在StackOverflow上查找一些示例时,发现这个家伙不得不操作
Object body。
responses?noredirect=1#comment91188511_52118594)
@ControllerAdvicepublic class CSRFHandler implements ResponseBodyAdvice<Object> { @Value("${security.csrf.enabled}") private String csrfEnabled; @Value("${security.csrf.headerName}") private String csrfHeaderName; @Value("${security.csrf.salt}") private String salt; @Override public boolean supports(MethodParameter returnType, Class<? extends HttpMessageConverter<?>> converterType) { return true; } @Override public Object beforeBodyWrite(Object body, MethodParameter returnType, MediaType selectedContentType, Class<? extends HttpMessageConverter<?>> selectedConverterType, ServerHttpRequest request, ServerHttpResponse response) { if (new Boolean(csrfEnabled).booleanValue()) { String csrfValue = SecureUtil.buildCsrfValue(salt, StringUtil.toJson(body)); response.getHeaders().add(csrfHeaderName, csrfValue); } return body; }}
