详解Java拦截器以及自定义注解的使用
时间:2022-03-10 20:56:38|栏目:JAVA代码|点击: 次
1,设置预处理,设置不需要拦截的请求
@Component
public class MyWebConfig implements WebMvcConfigurer {
private final UserTokenInterceptor userTokenInterceptor;
private final SecurityInterceptor securityInterceptor;
public MyWebConfig(
UserTokenInterceptor userTokenInterceptor, SecurityInterceptor securityInterceptor) {
this.userTokenInterceptor = userTokenInterceptor;
this.securityInterceptor = securityInterceptor;
}
@Override
public void addInterceptors(InterceptorRegistry registry) {
// 定义排除swagger访问的路径配置
String[] swaggerExcludes =
new String[] {"/swagger-ui.html", "/swagger-resources/**", "/webjars/**"};
registry
.addInterceptor(userTokenInterceptor)
.addPathPatterns("/**")
.excludePathPatterns(
"/user/login", "/static/**", "/*.html", "/*.ico", "/*.json", "/*.png", "/heartbeat/**")
.excludePathPatterns(swaggerExcludes);
registry
.addInterceptor(securityInterceptor)
.addPathPatterns("/maintain/**", "/user/**")
.excludePathPatterns("/user/login");
}
}
2.UserTokenInterceptor ,securityInterceptor分别处理不同的请求拦截,执行不同的拦截逻辑。
2个处理的类请求上可以有交集,2个处理类都执行。
@Component
public class UserTokenInterceptor implements HandlerInterceptor {
private final EmpInfoService empInfoService;
public UserTokenInterceptor(EmpInfoService empInfoService) {
this.empInfoService = empInfoService;
}
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
// 校验handler是否是HandlerMethod
if (!(handler instanceof HandlerMethod)) {
return true;
}
// 从请求头中获取token
String token = request.getHeader("Authorization");
/**
* update:2021/11/30 ShengJieLi
* 增加逻辑:Authorization的值不为本系统生成的token时,解密Authorization,获取token并验证
*/
if (StrUtil.isNotEmpty(token)) {
EmpInfo securityEmployee = empInfoService.queryToken(token);
if(securityEmployee != null){
// token有效
String ref = empInfoService.isRef(token);
if (StrUtil.isNotBlank(ref)) {
response.setHeader("Access-Control-Expose-Headers", "token");
response.addHeader("token", ref);
}
}else{
//Authorization为PBE加密数据
securityEmployee = empInfoService.analyticQueryToken(token,response);
}
if (securityEmployee != null) {
// token有效
// 将User对象放入到ThreadLocal中
UserLocal.set(securityEmployee);
return true;
}
return false;
}
// String s = JSONUtil.toJsonStr(ResponseResult.error(ErrorCode.TOKEN_ERROR));
// response.setContentType("text/html;charset=UTF-8");
// JSONUtil.toJsonStr(s, response.getWriter());
// response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
InterceptorExceptionResolver.interceptorError(response,ErrorCode.TOKEN_ERROR);
//update 结束
return false;
}
@Override
public void afterCompletion(
HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
throws Exception {
// 响应结束后刪除對象
UserLocal.remove();
}
}
@SecurityGrade({"SUPER_ADMIN", "SYSTEM_ADMIN"})
public class SecurityController {
private final EmpInfoService empInfoService;
public SecurityController(EmpInfoService empInfoService) {
this.empInfoService = empInfoService;
}
@GetMapping("getUserInformation")
@ApiOperation("登陸用户信息")
@NoAuthorization
public ResponseResult getUserInformation(@ApiIgnore HttpServletResponse response) {
return empInfoService.getUserInformation(response);
}
}
3.关于注解的使用
@SecurityGrade({"SUPER_ADMIN", "SYSTEM_ADMIN"})
public class SecurityController {
private final EmpInfoService empInfoService;
public SecurityController(EmpInfoService empInfoService) {
this.empInfoService = empInfoService;
}
@GetMapping("getUserInformation")
@ApiOperation("登陸用户信息")
@NoAuthorization
public ResponseResult getUserInformation(@ApiIgnore HttpServletResponse response) {
return empInfoService.getUserInformation(response);
}
}
method.getMethodAnnotation(SecurityGrade.class) 获得注解信息,methodAnnotation.value()获得注解内容"SUPER_ADMIN", "SYSTEM_ADMIN"。
总结
上一篇:spring的xml文件打开没有namespace等操作选项的解决方案
栏 目:JAVA代码
下一篇:java中的各种修饰符作用及范围
本文标题:详解Java拦截器以及自定义注解的使用
本文地址:http://www.codeinn.net/misctech/195741.html
阅读排行
- 1Java Swing组件BoxLayout布局用法示例
- 2java中-jar 与nohup的对比
- 3Java邮件发送程序(可以同时发给多个地址、可以带附件)
- 4Caused by: java.lang.ClassNotFoundException: org.objectweb.asm.Type异常
- 5Java中自定义异常详解及实例代码
- 6深入理解Java中的克隆
- 7java读取excel文件的两种方法
- 8解析SpringSecurity+JWT认证流程实现
- 9spring boot里增加表单验证hibernate-validator并在freemarker模板里显示错误信息(推荐)
- 10深入解析java虚拟机