1.自定义拦截器, 实现HandlerInterceptor接口
判断用户是否登录; 判断用户是否有权限访问某url (基于角色的权限控制)
/**
* 登陆拦截,判断用户是否有权限
*/
@Component
@Slf4j
public class AuthorityInterceptor implements HandlerInterceptor {
@Autowired
private AuMenuService auMenuService;
private static ThreadLocalRandom threadLocalRandom = ThreadLocalRandom.current();
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
User user = SessionUtils.getSessionUser();
if (user == null) {
log.info("未登录");
response.sendRedirect("/logout.html");
return false;
}
String uri = request.getRequestURI();
//判断当前访问的路径是否在该用户所属角色的权限列表里
if (!auMenuService.validate(uri, user.getRoleId())) {
log.info("暂无权限url: " + uri + "");