1.定义一个权限注解,该注解放在接口方法上可以拦截无权限访问的用户
package org.cloud.bank.client.annotation;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface Authorization {
int level();
}
2.利用java反射机制找到标有该注解的接口方法并编写验证拦截器
package org.cloud.bank.client.interceptor;
import org.cloud.bank.client.annotation.Authorization;
import org.cloud.bank.client.model.User;
import org.cloud.bank.client.repository.UserRepository;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.lang.reflect.Method;
@Component
public class AuthorizationInterceptor extends HandlerInterceptorAdapter {
@Autowired
private UserRepository userRepository;
public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception {
if(request.getRequestURI().contains("login")){
return true;
}
HandlerMethod handlerMethod = (HandlerMethod) handler;
Method method = handlerMethod.getMethod();
long userid=Long.parseLong(request.getHeader("userid"));
if (method.isAnnotationPresent(Authorization.class)) {
User user=userRepository.findOne(userid);
int level=method.getAnnotation(Authorization.class).level();
if(org.springframework.util.StringUtils.isEmpty(user)){
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
return false;
}
if(user.getLevel()>level){
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
return false;
}
}
return true;
}
}
3.将拦截器加入到spring mvc拦截器列表
package org.cloud.bank.client.config;
import org.cloud.bank.client.interceptor.AuthorizationInterceptor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
@Configuration
public class WebMvcConfig extends WebMvcConfigurerAdapter {
@Autowired
private AuthorizationInterceptor authorizationInterceptor;
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(authorizationInterceptor);
}
}