1 自定义权限注解
@Retention(RetentionPolicy.RUNTIME)
@Target(ElementType.METHOD)
public @interface NeedPermissions {
String permission() default "";
}
2 定义拦截器拦截请求
@Component
@Slf4j
public class PermissionInterceptor implements HandlerInterceptor {
@Autowired
private IUserService userService;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
if (handler instanceof HandlerMethod) {
HandlerMethod handlerMethod = (HandlerMethod) handler;
NeedPermissions methodAnnotation = handlerMethod.getMethodAnnotation(NeedPermissions.class);
if (methodAnnotation == null) {
return true;
}
String permission = methodAnnotation.permission();
if (StrUtil.isBlank(permission)) {
return true;
}
List<Menu> menus = userService.selectMenuByUserId(1);
Set<String> collect = menus.stream().map(Menu::getPerms).collect(Collectors.toSet());
log.info("请求需要的权限:{}", permission);
if (collect.contains(permission)) {
return true;
}
setResponseData(response, "权限不足");
return false;
}
return HandlerInterceptor.super.preHandle(request, response, handler);
}
private void setResponseData(HttpServletResponse response, String message) throws IOException {
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
response.setContentType("application/json;charset=UTF-8");
response.getWriter().write("{\"status\":401,\"message\":\"" + message + "\"}");
}
}
3 注册拦截器
@Configuration
public class WebConfig implements WebMvcConfigurer {
@Autowired
private LoginInterceptor loginInterceptor;
@Autowired
private PermissionInterceptor permissionInterceptor;
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(loginInterceptor).addPathPatterns("/**")
.excludePathPatterns("/doc.html", "/v3/api-docs/**");
registry.addInterceptor(permissionInterceptor).addPathPatterns("/**")
.excludePathPatterns("/doc.html", "/v3/api-docs/**");
}
}