1、
自定义类interceptor是实现拦截进行认证验证,
功能:用户认证和页面拦截跳转
实现:验证是否有session和cookie信息
方法:实现spring的HandlerInterceptor接口,handle接口中定义了 三个方法
方法一:prehandle()是在处理请求之前进行调用,执行controller的任务之前调用,返回true继续执行,返回false放弃执行。
方法二:posthandle()一般是请求处理之后,视图返回渲染之前进行调用,支持在这个方法中对controller处理之后的model view对象进行操作。
方法三:aftercompletion是perhandle方法返回true和渲染对应的视图之后执行,用于资源清理,无需手动加入任何语句就可以实现。
package com.pro.sign.interceptors;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import com.pro.sign.entity.Session;
import com.pro.sign.exception.SignException;
import com.pro.sign.service.ISignService;
import com.pro.tool.util.ToolContextData;
import com.pro.tool.vo.CurrentLoginAccountInfo;
import com.pro.tool.vo.TokenTimesEffect;
/*增加自定义类interceptor是实现拦截进行认证验证,
* 功能:用户认证和页面拦截跳转
* 实现:验证是否有session和cookie信息
* 方法:实现spring的HandlerInterceptor接口,handle接口中定义了
* 三个方法使用方法和功能如下:
*/
@Component
public class AuthorizationInterceptor implements HandlerInterceptor {
private static final org.apache.commons.logging.Log log = org.apache.commons.logging.LogFactory.getLog(AuthorizationInterceptor.class);
@Value("${proconfig.cookies-times-effect}")
private Long cookiesTimesEffect;
@javax.annotation.Resource(name = "com.pro.sign.SignService")
private ISignService signService;
/*方法一:prehandle()是在处理请求之前进行调用,执行controller的任务之前调用,
* 返回true继续执行,返回false放弃执行*/
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
if (log.isInfoEnabled()) {
log.info("======================= AuthorizationInterceptor preHandle =======================");
}
try {
Map<String, String[]> parameterMap = request.getParameterMap();
if (parameterMap.containsKey("token")) {
Long times = System.currentTimeMillis();
String token = parameterMap.get("token")[0];
Session session = signService.getSessionByPk(token);
if (session != null) {
session.setCurrentTimes(times);
signService.updateSession(session);
ToolContextData.removeTokenTimesEffect();
TokenTimesEffect tokenTimesEffect = new TokenTimesEffect();
tokenTimesEffect.setToken(token);
tokenTimesEffect.setCookiesExpireTimes(times + cookiesTimesEffect);
ToolContextData.setTokenTimesEffect(tokenTimesEffect);
ToolContextData.removeCurrentLoginAccountInfo();
CurrentLoginAccountInfo currentLoginAccountInfo = new CurrentLoginAccountInfo();
currentLoginAccountInfo.setAccountId(session.getAccountId());
ToolContextData.setCurrentLoginAccountInfo(currentLoginAccountInfo);
} else {
response.sendError(401, "token 无效");
return false;
}
} else {
response.sendError(401, "token 无效");
return false;
}
return true;
} catch (SignException e) {
if (log.isErrorEnabled()) {
log.error(e);
}
throw e;
} catch (Exception e) {
if (log.isErrorEnabled()) {
log.error(e.getMessage(), e);
}
throw SignException.getException(e, SignException.FW_ERROR, e.getMessage());
}
}
/*posthandle()一般是请求处理之后,视图返回渲染之前进行调用
*支持在这个方法中对controller处理之后的model view对象进行操作。*/
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
if (log.isInfoEnabled()) {
log.info("======================= AuthorizationInterceptor postHandle =======================");
}
}
/*aftercompletion是perhandle方法返回true和渲染对应的视图之后执行,
* 用于资源清理,无需手动加入任何语句就可以实现*/
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
if (log.isInfoEnabled()) {
log.info("======================= AuthorizationInterceptor afterCompletion =======================");
}
}
}