在方法上添加一个注解,使用户在未登录时没有权限调用此方法。采用拦截器形式实现:
1、建一个注解类LoginCheck,代码入下:
@Target(ElementType.METHOD)
@Documented
@Retention(RetentionPolicy.RUNTIME)
public @interface LoginCheck {
String value() default "";
}
2、建一个拦截器类:LoginCheckInterceptor
@Component
public class LoginCheckInterceptor implements HandlerInterceptor{
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object o) throws Exception {
//不是方法直接跳过
if(!(o instanceof HandlerMethod)){
return true;
}
HandlerMethod handler = (HandlerMethod) o;
Method method = handler.getMethod();
//方法上是否有LoginCheck注解
LoginCheck loginCheck = method.getAnnotation(LoginCheck.class);
if(loginCheck != null){
User user=(User) request.getSession().getAttribute("user");
if(user != null){
return true;
}
}else{
return true;
}
response.sendRedirect("/toLogin.do");
return false;
}
@Override
public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception {
}
@Override
public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception {
}
}
3、启用拦截器,springboot中需要新建一个配置类并继承WebMvcConfigurerAdapter,重写addInterptors方法:
@Configuration
public class WebMvcConfig extends WebMvcConfigurerAdapter {
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(new LoginCheckInterceptor()).addPathPatterns("/**");
}
}
大功告成,接下来只需要在需要登陆的接口上添加@LoginCheck注解测试即可。