拦截器抽象类继承spring的HandlerInterceptorAdapter
package com.hsr.component.auth;
import com.hsr.core.annotations.AuthAdmin;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
public abstract class AuthAdminInterceptorDefault extends HandlerInterceptorAdapter {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
//认证用户
if(handler == null || !handler.getClass().isAssignableFrom(HandlerMethod.class)){
return true;
}
HandlerMethod handlerMethod = (HandlerMethod) handler;
Class beanType = handlerMethod.getBeanType();
AuthAdmin classLevelAuthAnnotation = null;
AuthAdmin methodLevelAuthAnnotation = null;
if(beanType != null){
classLevelAuthAnnotation = (AuthAdmin) beanType.getAnnotation(AuthAdmin.class);
}
methodLevelAuthAnnotation = handlerMethod.getMethodAnnotation(AuthAdmin.class);
//先判断方法级别的限制
if(methodLevelAuthAnnotation != null){
if(methodLevelAuthAnnotation.validate() == false){
return true;
}
else{
return _validateUser(request, response);
}
}
//如果方法级别没有注解在判断类级别的
if(classLevelAuthAnnotation != null){
if(classLevelAuthAnnotation.validate() == false){
return true;
}
else{
return _validateUser(request, response);
}
}
return true;
}
private boolean _validateUser(HttpServletRequest request,HttpServletResponse response) throws IOException {
//所有的请求都是要进行登陆认的
Object obj = ensureCurrentUser(request,response);
if(obj == null){
//判断请求是否是ajax请求
String requestType = request.getHeader("X-Requested-With");
if(requestType != null && !"".equals(requestType.trim())){
if("XMLHttpRequest".toUpperCase().equals(requestType.toUpperCase())){
//getOutputStream与getWriter调用的问题
if(!response.isCommitted()) {
response.reset();
}
//告诉浏览器用UTF-8的编码格式
response.setHeader("Content-type", "application/html;charset=UTF-8");
//是告诉servlet用UTF-8转码
response.setCharacterEncoding("UTF-8");
response.getWriter().write("LOGIN_TIME_OUT");
}
}
else{
response.sendRedirect(ensureRedirectLoginUrl(request,response));
}
return false;
}else{
return true;
}
}
protected abstract Object ensureCurrentUser(HttpServletRequest request,HttpServletResponse response);
protected abstract String ensureRedirectLoginUrl(HttpServletRequest request,HttpServletResponse response);
}
注解代码package com.edu.admin.base; import com.hsr.component.auth.AuthAdminInterceptorDefault; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class AdminAuth extends AuthAdminInterceptorDefault { @Override protected Object ensureCurrentUser(HttpServletRequest request, HttpServletResponse response) { return AdminUtil.getCurrentUser(); } @Override protected String ensureRedirectLoginUrl(HttpServletRequest request, HttpServletResponse response) { return "login"; } }
springmvc的xml文件配置package com.hsr.core.annotations; import java.lang.annotation.*; /** 认证管理端用户 */ @Documented @Inherited @Target({ElementType.METHOD, ElementType.TYPE}) @Retention(RetentionPolicy.RUNTIME) public @interface AuthAdmin { boolean validate() default true; }
然后在需要验证登录的controller上使用注解就行了<mvc:interceptors> <bean class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor"/> <mvc:interceptor> <mvc:mapping path="/admin/**"/> <bean class="com.edu.admin.base.AdminAuth"/> </mvc:interceptor> </mvc:interceptors>