spring mvc使用自定义注解控制访问权限

1.定义一个权限注解,该注解放在接口方法上可以拦截无权限访问的用户

package org.cloud.bank.client.annotation;

import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;

@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface Authorization {
	
	int level();

}

2.利用java反射机制找到标有该注解的接口方法并编写验证拦截器

package org.cloud.bank.client.interceptor;

import org.cloud.bank.client.annotation.Authorization;
import org.cloud.bank.client.model.User;
import org.cloud.bank.client.repository.UserRepository;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import java.lang.reflect.Method;

@Component
public class AuthorizationInterceptor extends HandlerInterceptorAdapter {

	@Autowired
	private UserRepository userRepository;
	
    public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception {
    	if(request.getRequestURI().contains("login")){
    		return true;
    	}
        HandlerMethod handlerMethod = (HandlerMethod) handler;
        Method method = handlerMethod.getMethod();
        long userid=Long.parseLong(request.getHeader("userid"));
        if (method.isAnnotationPresent(Authorization.class)) {
            User user=userRepository.findOne(userid);
            int level=method.getAnnotation(Authorization.class).level();
            if(org.springframework.util.StringUtils.isEmpty(user)){
            	response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
                return false;
            }
            if(user.getLevel()>level){
            	response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
                return false;
            }
        }
        return true;
    }
}

3.将拦截器加入到spring mvc拦截器列表

package org.cloud.bank.client.config;

import org.cloud.bank.client.interceptor.AuthorizationInterceptor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;

@Configuration
public class WebMvcConfig extends WebMvcConfigurerAdapter {

    @Autowired
    private AuthorizationInterceptor authorizationInterceptor;

    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        registry.addInterceptor(authorizationInterceptor);
    }

}
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值