拦截器:
- 自定义一个拦截器 继承 HandlerInterceptorAdapter
- 将自定义拦截器添加到springmvc中,,实现WebMvcConfigurer,,重写addInterceptors()
代码:
配置类:
@Component
public class AuthInterceptor extends HandlerInterceptorAdapter {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
String requestURI = request.getRequestURI();
// 不需要登录就可以访问的路径
if (requestURI.contains(".") || requestURI.startsWith("/"+ MyConstant.RESOURCE_COMMON+"/")) {
return true;
}
// 未登录的用户 直接拒绝
if(request.getSession().getAttribute(MyConstant.FLAG_CURRENTUSER) == null){
response.setCharacterEncoding("utf-8");
response.getWriter().write("please login first");
return false;
}else {
// 登录的用户 判断他是否具备权限
UserBean currentUser = (UserBean) request.getSession().getAttribute(MyConstant.FLAG_CURRENTUSER);
if(requestURI.startsWith("/"+MyConstant.RESOURCE_MOBILE+"/") && currentUser.havePermission(MyConstant.RESOURCE_MOBILE)){
return true;
}else if(requestURI.startsWith("/"+MyConstant.RESOURCE_SALARY+"/") && currentUser.havePermission(MyConstant.RESOURCE_SALARY)){
System.out.println("===================================");
// 换个不存在的路径,满足这个条件,,也会走else 。。。 估计是抛异常,没有将true返回,, 为什么要走下面的else????
return true;
}else{
// 没得权限
response.setCharacterEncoding("utf-8");
response.getWriter().write("no auth to visit---");
return false;
}
}
}
}
@Component
public class MyWebAppConfigurer implements WebMvcConfigurer {
@Autowired
private AuthInterceptor authInterceptor;
@Override
public void addInterceptors(InterceptorRegistry registry) {
// 配置拦截器 ,,除开error。。产生错误时,不走拦截器,直接返回
registry.addInterceptor(authInterceptor).addPathPatterns("
public boolean havePermission(String resource){
return this.resourcebeans.stream().filter((resourceBean)->{
return resourceBean.getResourceName().equals(resource);
}).count() > 0;
}
public class RoleBean {
private String roleId;
private String roleName;
private List resources;
public RoleBean() {
}
public RoleBean(String roleId, String roleName) {
this.roleId = roleId;
this.roleName = roleName;
}
public class ResourceBean {
private String resourceId;
// 资源属性
private String resourceType;
// 资源名字
private String resourceName;
public ResourceBean() {
}
public ResourceBean(String resourceId, String resourceName) {
this.resourceId = resourceId;
this.resourceName = resourceName;
}
工具类:
public class MyConstant {
public static final String FLAG_CURRENTUSER="currentUser";
public static final String RESOURCE_COMMON="common";
public static final String RESOURCE_MOBILE="mobile";
public static final String RESOURCE_SALARY="salary";
}
@Component
public class TestData {
private List allUser;
private List getAllUser(){
if(null == allUser){
allUser = new ArrayList<>();
// 模拟了两个资源
ResourceBean mobileResource = new ResourceBean("1", "mobile");
ResourceBean salaryResource = new ResourceBean("2", "salary");
// 两种资源权限
ArrayList adminResources = new ArrayList<>();
adminResources.add(mobileResource);
adminResources.add(salaryResource);
ArrayList managerResources = new ArrayList<>();
managerResources.add(salaryResource);
// admin 角色 可以访问 mobile 和 salary
RoleBean adminRole = new RoleBean("1", "admin");
adminRole.setResources(adminResources);
// manager 角色 只能访问 salary
RoleBean managerRole = new RoleBean("1", "manager");
managerRole.setResources(managerResources);
// admin 用户,,具备admin角色
UserBean admin = new UserBean("1", "admin", "admin");
admin.setUserRoles(Arrays.asList(adminRole));
admin.setResourcebeans(adminResources);
// manager用户 具备 manager角色
UserBean manager = new UserBean("2", "manager", "manager");
manager.setUserRoles(Arrays.asList(managerRole));
manager.setResourcebeans(managerResources);
// worker用户 ,,不具备角色
UserBean worker = new UserBean("3", "worker", "worker");
allUser.add(admin);
allUser.add(manager);
allUser.add(worker);
}
return allUser;
}
public UserBean queryUser(UserBean user){
// 符合要求的user
List userList = this.getAllUser().stream().filter(userbean -> {
return userbean.getUserName().equals(user.getUserName()) && userbean.getUserPass().equals(user.getUserPass());
}).collect(Collectors.toList());
return userList.size()>0?userList.get(0):null;
}
}
controller:
@RestController
@RequestMapping("/common")
public class LoginController {
private final Logger logger = LoggerFactory.getLogger(this.getClass());
@Autowired
private AuthService authService;
@PostMapping("/login")
public UserBean login(UserBean loginUser, HttpServletRequest req){
// 如果验证成功,返回user
UserBean user = authService.userLogin(loginUser);
if(user != null){
logger.info("user login success");
req.getSession().setAttribute(MyConstant.FLAG_CURRENTUSER,user);
}else{
logger.info("user login failed");
}
return user;
}
@PostMapping("/getCurrentUser")
public Object getCurrentUser(HttpSession session){
return session.getAttribute(MyConstant.FLAG_CURRENTUSER);
}
@PostMapping("/logout")
public void logout(HttpSession session){
session.removeAttribute(MyConstant.FLAG_CURRENTUSER);
}
}
@RestController
@RequestMapping("/mobile")
public class MobileController {
@GetMapping("/query")
public String query(){
return "mobile";
}
}
@RestController
@RequestMapping("/salary")
public class SalaryController {
@GetMapping("/query")
public String query(){
return "salary";
}
}
service:
@Service
public class AuthService {
private final String demoUserName = "admin";
private final String demoUserPass = "admin";
@Autowired
TestData testData;
public UserBean userLogin(UserBean user) {
// 查找是否有这个 user
UserBean userBean = testData.queryUser(user);
if(userBean != null){
userBean.setUserId(UUID.randomUUID().toString());
}
return userBean;
}
遇到的问题:
- 拦截器中springmvc访问404后,为什么不返回404内容,会去执行else逻辑
因为404报错后,返回的error页面,也被拦截器拦截执行else,,相当于拦截了两次
引用: https://blog.csdn.net/cainiao1412/article/details/124609024
https://blog.csdn.net/qq_39552993/article/details/120300799
