添加jar包,这个jar包不是必须的,只是在拦截器里用到了,如果不用的话,完全可以不引入
- <dependency>
- <groupId>org.apache.commons</groupId>
- <artifactId>commons-lang3</artifactId>
- <version>3.5</version>
- </dependency>
springboot默认为Tomcat,如果用jetty,还需要引入
- <dependency>
- <groupId>javax.servlet</groupId>
- <artifactId>javax.servlet-api</artifactId>
- <version>3.1.0</version>
- </dependency>
1、以登录验证为例,首先创建个@Auth注解
- package com.demo.interceptor;
- import java.lang.annotation.*;
- /**
- * 在类或方法上添加@Auth就验证登录
- */
- @Target({ElementType.TYPE, ElementType.METHOD})
- @Retention(RetentionPolicy.RUNTIME)
- @Documented
- public @interface Auth {
- }
- package com.demo.util;
- public interface Constants {
- int MAX_FILE_UPLOAD_SIZE = 5242880;
- String MOBILE_NUMBER_SESSION_KEY = "sessionMobileNumber";
- String USER_CODE_SESSION_KEY = "userCode";
- String SESSION_KEY = "sessionId";
- }
3、创建一个SessionData,用于保存在session中的字段
- package com.demo.model;
- import lombok.Data;
-
- @Data
- public class SessionData {
- private Integer userCode;
- private String mobileNumber;
- }
4、实现登录拦截实现
- package com.demo.interceptor;
- import com.demo.model.SessionData;
- import com.demo.util.RedisUtil;
- import org.springframework.beans.factory.annotation.Autowired;
- import org.springframework.stereotype.Component;
- import org.springframework.web.method.HandlerMethod;
- import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
- import javax.servlet.http.HttpServletRequest;
- import javax.servlet.http.HttpServletResponse;
- import java.lang.reflect.Method;
- import static com.demo.util.Constants.MOBILE_NUMBER_SESSION_KEY;
- import static com.demo.util.Constants.SESSION_KEY;
- import static com.demo.util.Constants.USER_CODE_SESSION_KEY;
-
- @Component
- public class LoginInterceptor extends HandlerInterceptorAdapter {
- @Autowired
- private RedisUtil redisUtils;
- private final static String SESSION_KEY_PREFIX = "session:";
- public boolean preHandle(HttpServletRequest request,
- HttpServletResponse response, Object handler) throws Exception {
- if (!handler.getClass().isAssignableFrom(HandlerMethod.class)) {
- return true;
- }
- handlerSession(request);
- final HandlerMethod handlerMethod = (HandlerMethod) handler;
- final Method method = handlerMethod.getMethod();
- final Class<?> clazz = method.getDeclaringClass();
- if (clazz.isAnnotationPresent(Auth.class) ||
- method.isAnnotationPresent(Auth.class)) {
- if(request.getAttribute(USER_CODE_SESSION_KEY) == null){
- throw new Exception();
- }else{
- return true;
- }
- }
- return true;
- }
- public void handlerSession(HttpServletRequest request) {
- String sessionId = request.getHeader(SESSION_KEY);
- if(org.apache.commons.lang3.StringUtils.isBlank(sessionId)){
- sessionId=(String) request.getSession().getAttribute(SESSION_KEY);
- }
- if (org.apache.commons.lang3.StringUtils.isNotBlank(sessionId)) {
- SessionData model = (SessionData) redisUtils.get(SESSION_KEY_PREFIX+sessionId);
- if (model == null) {
- return ;
- }
- request.setAttribute(SESSION_KEY,sessionId);
- Integer userCode = model.getUserCode();
- if (userCode != null) {
- request.setAttribute(USER_CODE_SESSION_KEY, Long.valueOf(userCode));
- }
- String mobile = model.getMobileNumber();
- if (mobile != null) {
- request.setAttribute(MOBILE_NUMBER_SESSION_KEY, mobile);
- }
- }
- return ;
- }
- }
5、配置拦截器
- package com.demo.interceptor;
- import org.hibernate.validator.HibernateValidator;
- import org.slf4j.Logger;
- import org.slf4j.LoggerFactory;
- import org.springframework.beans.factory.annotation.Autowired;
- import org.springframework.context.MessageSource;
- import org.springframework.context.annotation.Bean;
- import org.springframework.context.annotation.ComponentScan;
- import org.springframework.context.annotation.Configuration;
- import org.springframework.context.annotation.PropertySource;
- import org.springframework.context.support.PropertySourcesPlaceholderConfigurer;
- import org.springframework.context.support.ReloadableResourceBundleMessageSource;
- import org.springframework.validation.Validator;
- import org.springframework.validation.beanvalidation.LocalValidatorFactoryBean;
- import org.springframework.validation.beanvalidation.MethodValidationPostProcessor;
- import org.springframework.web.servlet.ViewResolver;
- import org.springframework.web.servlet.config.annotation.*;
- import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping;
- import org.springframework.web.servlet.view.InternalResourceViewResolver;
-
- @Configuration
- @EnableWebMvc
- @ComponentScan(basePackages = "com.demo.controller")
- @PropertySource(value = "classpath:application.properties",
- ignoreResourceNotFound = true,encoding = "UTF-8")
- public class MvcConfig extends WebMvcConfigurerAdapter {
- private static final Logger logger = LoggerFactory.getLogger(MvcConfig.class);
- @Autowired
- LoginInterceptor loginInterceptor;
- /**
- * <p>
- * 视图处理器
- * </p>
- *
- * @return
- */
- @Bean
- public ViewResolver viewResolver() {
- logger.info("ViewResolver");
- InternalResourceViewResolver viewResolver = new InternalResourceViewResolver();
- viewResolver.setPrefix("/WEB-INF/jsp/");
- viewResolver.setSuffix(".jsp");
- return viewResolver;
- }
- /**
- * 拦截器配置
- * @param registry
- */
- @Override
- public void addInterceptors(InterceptorRegistry registry) {
- // 注册监控拦截器,解决@Autowired注入失败(配置在Spring 之前加载)
- registry.addInterceptor(loginInterceptor)
- .addPathPatterns("/**")
- .excludePathPatterns("/configuration/ui");
- }
- @Override
- public void addCorsMappings(CorsRegistry registry) {
- registry.addMapping("/**")
- .allowedOrigins("*")
- .allowedHeaders("*/*")
- .allowedMethods("*")
- .maxAge(120);
- }
- /**
- * 资源处理器
- * @param registry
- */
- @Override
- public void addResourceHandlers(ResourceHandlerRegistry registry) {
- logger.info("addResourceHandlers");
- registry.addResourceHandler("/swagger-ui.html")
- .addResourceLocations("classpath:/META-INF/resources/");
- registry.addResourceHandler("/webjars/**")
- .addResourceLocations("classpath:/META-INF/resources/webjars/");
- }
- }
controller上添加以后这个controller里所有请求都验证登录,在方法里添加只有请求这个方法时验证
- @Auth
- @RestController
- public class TestController {
- }