SpringBoot系统搭建集成-012-集成SpringSecurity+JWT
引言
Spring Boot 项目如何集成 Spring Security 完成权限拦截操作。 为基于前后端分离的后端权限管理部分
JWT的应用场景
关于JWT是什么,请参考JWT官网。这里就不多解释了,可理解为使用带签名的token来做用户和权限验证,现在流行的公共开放接口用的OAuth 2.0协议基本也是类似的套路。这里只是说下选择使用jwt不用session的原因。
首先,是要支持多端,一个api要支持H5, PC和APP三个前端,如果使用session的话对app不是很友好,而且session有跨域攻击的问题。
其次,后端的服务是无状态的,所以要支持分布式的权限校验。当然这个不是主要原因了,因为session持久化在spring里面也就是加一行注解就解决的问题。不过,spring通过代理httpsession来做,总归觉得有点复杂
spring-security中核心概念
- AuthenticationManager用户认证管理类,所有的认证请求(比如login)都会通过提交一个token给AuthenticationManager的authenticate()方法来实现,并不是所有的事情都是它来做,具体校验动作会有AuthenticationManager将请求转发给具体的实现类来做。根据实现反馈的结果再调用具体的handler来给用户以反馈,这个类基本等于shiro的SecurityManager.
- AuthenticationProvider,认证的具体实现类,一个provider是一种认证方式的实现,比如提交的用户名密码通过和DB中查出的 user记录做对比实现,如果我们是通过cas请求单点登录系统实现,那就有一个CASProvider,这个和Shiro的Realm的定义很像, 按照Spring一贯的作风,主流的认证方式它都已经提供了默认实现,比如DAO、LDAP、CAS、OAuth2等
- UserDetailService 用户认证通过Provide来做,所以Provide需要拿到系统保存的认证信息,获取用户的接口spring-security抽象成UserDetailService,
- AuthenticationToken 所有提交给AuthenticationManager的认证请求都会封装成一个Token的实现,比较最容易理解的UsernamePasswordAuthenticationToken
- SecurityContext 当用户认证成功后,就会生成一个用户唯一的 SecurityContext ,这里面包含用户的Authentication。通过 SecurityContext 我们可以获取用户的标识Principle的授权信息GrantedAuthrity。在系统任何地方只要通过 SecurityHolder.getSecruityContext()就可以获取到 SecurityContext 。
关键流程
![[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-eF0EaRiF-1572489466653)(..\typora-user-images\image-20191030114851092.png)]](https://img-blog.csdnimg.cn/20191031103801275.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3FxXzM0NTk5MTMy,size_16,color_FFFFFF,t_70)
对Web系统的支持
毫无疑问,对于spring框架使用最多的还是web系统。对于web系统来说进入认证的最佳入口就是Filter了。spring security不仅实现了认证的逻辑,还通过filter实现了常见的web攻击的防护。
常用Filter
下面按照request进入的顺序列举一下常用的Filter:
- SecurityContextPersistenceFilter,用于将
SecurityContext放入Session的Filter - UsernamePasswordAuthenticationFilter, 登录认证的Filter,类似的还有CasAuthenticationFilter,BasicAuthenticationFilter等等。在这些Filter中生成用于认证的token,提交到AuthenticationManager,如果认证失败会直接返回。
- RememberMeAuthenticationFilter,通过cookie来实现remember me功能的Filter
- AnonymousAuthenticationFilter,如果一个请求在到达这个filter之前SecurityContext没有初始化,则这个filter会默认生成一个匿名SecurityContext。这在支持匿名用户的系统中非常有用。
- ExceptionTranslationFilter,捕获所有Spring Security抛出的异常,并决定处理方式
- FilterSecurityInterceptor, 权限校验的拦截器,访问的url权限不足时会抛出异常
项目搭建
pom.xml 添加配置
<jjwt.veersion>0.9.1</jjwt.veersion>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>${jjwt.veersion}</version>
</dependency>
配置认证授权部分关键代码
UsernameLoginSecurityConfig 配置类,主要功能:配置哪些URL不需要认证,哪些需要认证
@Configuration
@EnableWebSecurity
@EnableConfigurationProperties(CustomConfig.class)
public class UsernameLoginSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private CustomConfig customConfig;
@Autowired
private AccessDeniedHandler accessDeniedHandler;
@Autowired
private LoginAuthenticationSuccessHandler usernameAuthenticationSuccessHandler;
@Autowired
private LoginAuthenticationFailureHandler loginAuthenticationFailureHandler;
@Autowired
private UserLoginService userLoginService;
@Autowired
private JwtAuthenticationFilter jwtAuthenticationFilter;
@Autowired
private BCryptPasswordEncoder encoder;
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(buildLoginAuthenticationProvider());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http.cors()
// 关闭 CSRF
.and().csrf().disable()
// 登录行为由自己实现,参考 AuthController#login
.formLogin().disable()
.httpBasic().disable()
// 认证请求
.authorizeRequests()
// 所有请求都需要登录访问
.anyRequest()
.authenticated()
// RBAC 动态 url 认证
.anyRequest()
.access("@rbacAuthorityService.hasPermission(request,authentication)")
// 登出行为由自己实现,参考 AuthController#logout
.and().logout().disable()
// Session 管理
.sessionManagement()
// 因为使用了JWT,所以这里不管理Session
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
// 异常处理
.and().exceptionHandling().accessDeniedHandler(accessDeniedHandler);
// @formatter:on
// 添加自定义 JWT 过滤器
http.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
}
/**
* 放行所有不需要登录就可以访问的请求,参见 AuthController
* 也可以在 {@link #configure(HttpSecurity)} 中配置
* {@code http.authorizeRequests().antMatchers("/api/auth/**").permitAll()}
*/
@Override
public void configure(WebSecurity web) {
WebSecurity and = web.ignoring().and();
// 忽略 GET
customConfig.getIgnores().getGet().forEach(url -> and.ignoring().antMatchers(HttpMethod.GET, url));
// 忽略 POST
customConfig.getIgnores().getPost().forEach(url -> and.ignoring().antMatchers(HttpMethod.POST, url));
// 忽略 DELETE
customConfig.getIgnores().getDelete().forEach(url -> and.ignoring().antMatchers(HttpMethod.DELETE, url));
// 忽略 PUT
customConfig.getIgnores().getPut().forEach(url -> and.ignoring().antMatchers(HttpMethod.PUT, url));
// 忽略 HEAD
customConfig.getIgnores().getHead().forEach(url -> and.ignoring().antMatchers(HttpMethod.HEAD, url));
// 忽略 PATCH
customConfig.getIgnores().getPatch().forEach(url -> and.ignoring().antMatchers(HttpMethod.PATCH, url));
// 忽略 OPTIONS
customConfig.getIgnores().getOptions().forEach(url -> and.ignoring().antMatchers(HttpMethod.OPTIONS, url));
// 忽略 TRACE
customConfig.getIgnores().getTrace().forEach(url -> and.ignoring().antMatchers(HttpMethod.TRACE, url));
// 按照请求格式忽略
customConfig.getIgnores().getPattern().forEach(url -> and.ignoring().antMatchers(url));
}
@Bean
public UsernameLoginAuthenticationFilter buildLoginProcessingFilter() throws Exception {
UsernameLoginAuthenticationFilter filter = new UsernameLoginAuthenticationFilter();
filter.setAuthenticationSuccessHandler(usernameAuthenticationSuccessHandler);
filter.setAuthenticationFailureHandler(loginAuthenticationFailureHandler);
filter.setAuthenticationManager(super.authenticationManager());
return filter;
}
@Bean
public UsernameLoginAuthenticationProvider buildLoginAuthenticationProvider() {
UsernameLoginAuthenticationProvider provider = new UsernameLoginAuthenticationProvider();
provider.setUserLoginService(userLoginService);
provider.setEncoder(encoder);
return provider;
}
/**
* 退出时的处理策略配置
*
* @return logout success handler
*/
@Bean
public LogoutSuccessHandler logoutSuccessHandler() {
return new LogoutSuccessHandlerImpl();
}
@Bean
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
JwtUtil.java
JWT 工具类,主要功能:生成JWT并存入Redis、解析JWT并校验其准确性、从Request的Header中获取JWT
/**
* @author : Lison
* @Date: 2019/10/28 14:35
* @Description: JWT 工具类
*/
@EnableConfigurationProperties(JwtConfig.class)
@Configuration
@Slf4j
public class JwtUtil {
@Autowired
private JwtConfig jwtConfig;
@Autowired
private StringRedisTemplate stringRedisTemplate;
/**
* 创建JWT
*
* @param rememberMe 记住我
* @param id 用户id
* @param subject 用户名
* @param roles 用户角色
* @param authorities 用户权限
* @return JWT
*/
public String createJWT(Boolean rememberMe, Long id, String subject, List<String> roles, Collection<? extends GrantedAuthority> authorities) {
Date now = new Date();
JwtBuilder builder = Jwts.builder()
.setId(id.toString())
.setSubject(subject)
.setIssuedAt(now)
.signWith(SignatureAlgorithm.HS256, jwtConfig.getKey())
.claim("roles", roles)
.claim("authorities", authorities);
// 设置过期时间
Long ttl = rememberMe ? jwtConfig.getRemember() : jwtConfig.getTtl();
if (ttl > 0) {
builder.setExpiration(DateUtil.offsetMillisecond(now, ttl.intValue()));
}
String jwt = builder.compact();
// 将生成的JWT保存至Redis
stringRedisTemplate.opsForValue()
.set(Consts.REDIS_JWT_KEY_PREFIX + subject, jwt, ttl, TimeUnit.MILLISECONDS);
return jwt;
}
/**
* 创建JWT
*
* @param userPrincipal 用户认证信息
* @return JWT
*/
public String createJWT(UserPrincipal userPrincipal) {
return createJWT(userPrincipal.getRememberMe(), userPrincipal.getId(), userPrincipal.getUsername(), userPrincipal.getRoles(), userPrincipal.getAuthorities());
}
/**
* 创建JWT
*
* @param authentication 用户认证信息
* @param rememberMe 记住我
* @return JWT
*/
public String createJWT(Authentication authentication, Boolean rememberMe) {
UserPrincipal userPrincipal = (UserPrincipal) authentication.getPrincipal();
return createJWT(rememberMe, userPrincipal.getId(), userPrincipal.getUsername(), userPrincipal.getRoles(), userPrincipal.getAuthorities());
}
/**
* 解析JWT
*
* @param jwt JWT
* @return {@link Claims}
*/
public Claims parseJWT(String jwt) {
try {
Claims claims = Jwts.parser()
.setSigningKey(jwtConfig.getKey())
.parseClaimsJws(jwt)
.getBody();
String username = claims.getSubject();
String redisKey = Consts.REDIS_JWT_KEY_PREFIX + username;
// 校验redis中的JWT是否存在
Long expire = stringRedisTemplate.getExpire(redisKey, TimeUnit.MILLISECONDS);
if (Objects.isNull(expire) || expire <= 0) {
throw new SecurityException(ErrorCodeEnum.TOKEN_EXPIRED);
}
// 校验redis中的JWT是否与当前的一致,不一致则代表用户已注销/用户在不同设备登录,均代表JWT已过期
String redisToken = stringRedisTemplate.opsForValue()
.get(redisKey);
if (!StrUtil.equals(jwt, redisToken)) {
throw new SecurityException(ErrorCodeEnum.TOKEN_OUT_OF_CTRL);
}
return claims;
} catch (ExpiredJwtException e) {
log.error("Token 已过期");
throw new SecurityException(ErrorCodeEnum.TOKEN_EXPIRED);
} catch (UnsupportedJwtException e) {
log.error("不支持的 Token");
throw new SecurityException(ErrorCodeEnum.TOKEN_PARSE_ERROR);
} catch (MalformedJwtException e) {
log.error("Token 无效");
throw new SecurityException(ErrorCodeEnum.TOKEN_PARSE_ERROR);
} catch (SignatureException e) {
log.error("无效的 Token 签名");
throw new SecurityException(ErrorCodeEnum.TOKEN_PARSE_ERROR);
} catch (IllegalArgumentException e) {
log.error("Token 参数不存在");
throw new SecurityException(ErrorCodeEnum.TOKEN_PARSE_ERROR);
}
}
/**
* 设置JWT过期
*
* @param request 请求
*/
public void invalidateJWT(HttpServletRequest request) {
String jwt = getJwtFromRequest(request);
String username = getUsernameFromJWT(jwt);
// 从redis中清除JWT
stringRedisTemplate.delete(Consts.REDIS_JWT_KEY_PREFIX + username);
}
/**
* 根据 jwt 获取用户名
*
* @param jwt JWT
* @return 用户名
*/
public String getUsernameFromJWT(String jwt) {
Claims claims = parseJWT(jwt);
return claims.getSubject();
}
/**
* 从 request 的 header 中获取 JWT
*
* @param request 请求
* @return JWT
*/
public String getJwtFromRequest(HttpServletRequest request) {
String bearerToken = request.getHeader("Authorization");
if (StrUtil.isNotBlank(bearerToken) && bearerToken.startsWith("Bearer ")) {
return bearerToken.substring(7);
}
return null;
}
}
Security 登录过滤器
UsernameLoginAuthenticationFilter 拦截登录请求
@Slf4j
public class UsernameLoginAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
public UsernameLoginAuthenticationFilter() {
super(new AntPathRequestMatcher("/api/auth/login", "POST"));
}
@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException, ServletException {
LoginAuthenticationToken token = new LoginAuthenticationToken(getRequest(request));
return this.getAuthenticationManager().authenticate(token);
}
private UserPrincipal getRequest(HttpServletRequest request) throws IOException{
String body = StreamUtils.copyToString(request.getInputStream(), Charset.forName("UTF-8"));
String username = null, password = null;
Boolean rememberMe = false;
if(StringUtils.hasText(body)) {
JSONObject jsonObj = JSON.parseObject(body);
username = jsonObj.getString("username");
password = jsonObj.getString("password");
rememberMe = jsonObj.getBoolean("rememberMe");
}
if (username == null){
username = "";
throw new AuthenticationServiceException("账号或密码不能为空");
}
if (password == null){
password = "";
}
if (rememberMe == null){
rememberMe = false;
}
username = username.trim();
UserPrincipal user = new UserPrincipal();
user.setUsername(username);
user.setPassword(password);
user.setRememberMe(rememberMe);
return user;
}
}
登录自定义处理 UsernameLoginAuthenticationProvider
@Setter
@Slf4j
public class UsernameLoginAuthenticationProvider implements AuthenticationProvider {
private UserLoginService userLoginService;
private BCryptPasswordEncoder encoder;
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
Assert.notNull(authentication, "No authentication data provided");
log.debug("Enter UsernameLoginAuthenticationProvider...");
UserPrincipal req = (UserPrincipal) authentication.getPrincipal();
UserPrincipal user = userLoginService.loadUserByUsername(req.getUsername());
//校验密码
if(!encoder.matches(req.getPassword(),user.getPassword())){
throw new BadCredentialsException(ErrorCodeEnum.USERNAME_PASSWORD_ERROR.msg());
}
return new LoginAuthenticationToken(user,user.getAuthorities());
}
@Override
public boolean supports(Class<?> authentication) {
return (LoginAuthenticationToken.class.isAssignableFrom(authentication));
}
}
验证异常处理 LoginAuthenticationFailureHandler
@Component
@Slf4j
public class LoginAuthenticationFailureHandler implements AuthenticationFailureHandler {
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException e) throws IOException, ServletException {
log.info("登录失败");
response.setStatus(HttpStatus.UNAUTHORIZED.value());
response.setContentType("application/json;charset=UTF-8");
response.getWriter()
.write(JSONUtil.toJsonStr(new JSONObject(ResponseWrapperMapper.wrap(e), false)));
}
}
验证成功 LoginAuthenticationSuccessHandler
@Component
@Slf4j
public class LoginAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
@Autowired
private JwtUtil jwtUtil;
@Override
public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
Assert.notNull(authentication, "No authentication data provided");
UserPrincipal user = (UserPrincipal) authentication.getPrincipal();
//校验成功
ResponseUtil.renderJson(httpServletResponse, ErrorCodeEnum.SUCCESS, new JwtResponse(jwtUtil.createJWT(user)));
}
}
UserLoginServiceImpl
实现 自定义UserLoginService接口,主要功能:根据用户名查询用户信息
/**
* @author : Lison
* @Date: 2019/10/28 16:24
* @Description: 自定义UserDetails查询
*/
@Service
public class UserLoginServiceImpl implements UserLoginService {
@Autowired
private PermissionRepository permissionRepository;
@Autowired
private UserRepository userRepository;
@Autowired
private RoleRepository roleRepository;
@Override
public UserPrincipal loadUserByUsername(String s) throws UsernameNotFoundException {
User user = userRepository.findByUsernameOrEmailOrPhone(s, s, s)
.orElseThrow(() -> new UsernameNotFoundException("未找到用户信息 : " + s));
List<Role> roles = roleRepository.selectByUserId(user.getId());
List<Long> roleIds = roles.stream()
.map(Role::getId)
.collect(Collectors.toList());
List<Permission> permissions = permissionRepository.selectByRoleIdList(roleIds);
return UserPrincipal.create(user, roles, permissions,false);
}
jwt 过滤器
/**
* @author : Lison
* @Date: 2019/10/28 16:19
* @Description: Jwt 认证过滤器
*/
@Component
@Slf4j
public class JwtAuthenticationFilter extends OncePerRequestFilter {
@Autowired
private UserLoginService userLoginService;
@Autowired
private JwtUtil jwtUtil;
@Autowired
private CustomConfig customConfig;
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
if (checkIgnores(request)) {
filterChain.doFilter(request, response);
return;
}
String jwt = jwtUtil.getJwtFromRequest(request);
if (StrUtil.isNotBlank(jwt)) {
try {
String username = jwtUtil.getUsernameFromJWT(jwt);
//后期可使用缓存
UserPrincipal userDetails = userLoginService.loadUserByUsername(username);
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
SecurityContextHolder.getContext()
.setAuthentication(authentication);
filterChain.doFilter(request, response);
} catch (SecurityException e) {
ResponseUtil.renderJson(response, e);
}
} else {
ResponseUtil.renderJson(response, ErrorCodeEnum.UNAUTHORIZED, null);
}
}
/**
* 请求是否不需要进行权限拦截
*
* @param request 当前请求
* @return true - 忽略,false - 不忽略
*/
private boolean checkIgnores(HttpServletRequest request) {
String method = request.getMethod();
HttpMethod httpMethod = HttpMethod.resolve(method);
if (ObjectUtil.isNull(httpMethod)) {
httpMethod = HttpMethod.GET;
}
Set<String> ignores = Sets.newHashSet();
switch (httpMethod) {
case GET:
ignores.addAll(customConfig.getIgnores()
.getGet());
break;
case PUT:
ignores.addAll(customConfig.getIgnores()
.getPut());
break;
case HEAD:
ignores.addAll(customConfig.getIgnores()
.getHead());
break;
case POST:
ignores.addAll(customConfig.getIgnores()
.getPost());
break;
case PATCH:
ignores.addAll(customConfig.getIgnores()
.getPatch());
break;
case TRACE:
ignores.addAll(customConfig.getIgnores()
.getTrace());
break;
case DELETE:
ignores.addAll(customConfig.getIgnores()
.getDelete());
break;
case OPTIONS:
ignores.addAll(customConfig.getIgnores()
.getOptions());
break;
default:
break;
}
ignores.addAll(customConfig.getIgnores()
.getPattern());
if (CollUtil.isNotEmpty(ignores)) {
for (String ignore : ignores) {
AntPathRequestMatcher matcher = new AntPathRequestMatcher(ignore, method);
if (matcher.matches(request)) {
return true;
}
}
}
return false;
}
}
RbacAuthorityService.java
路由动态鉴权类,主要功能:
- 校验请求的合法性,排除404和405这两种异常请求
- 根据当前请求路径与该用户可访问的资源做匹配,通过则可以访问,否则,不允许访问
**
* @author : Lison
* @Date: 2019/10/28 17:05
* @Description: 动态路由认证
*/
@Component
public class RbacAuthorityService {
@Autowired
private RoleRepository roleRepository;
@Autowired
private PermissionRepository permissionRepository;
@Autowired
private RequestMappingHandlerMapping mapping;
private UrlPathHelper urlPathHelper;
public boolean hasPermission(HttpServletRequest request, Authentication authentication) {
//取消校验是否为系统内部映射
// checkRequest(request);
Object userInfo = authentication.getPrincipal();
boolean hasPermission = false;
if (userInfo instanceof UserDetails) {
UserPrincipal principal = (UserPrincipal) userInfo;
Long userId = principal.getId();
List<Role> roles = roleRepository.selectByUserId(userId);
List<Long> roleIds = roles.stream()
.map(Role::getId)
.collect(Collectors.toList());
List<Permission> permissions = permissionRepository.selectByRoleIdList(roleIds);
//获取资源,前后端分离,所以过滤页面权限,只保留按钮权限
List<Permission> btnPerms = permissions.stream()
// 过滤页面权限
.filter(permission -> Objects.equals(permission.getType(), Consts.BUTTON))
// 过滤 URL 为空
.filter(permission -> StrUtil.isNotBlank(permission.getUrl()))
// 过滤 METHOD 为空
.filter(permission -> StrUtil.isNotBlank(permission.getMethod()))
.collect(Collectors.toList());
for (Permission btnPerm : btnPerms) {
AntPathRequestMatcher antPathMatcher = new AntPathRequestMatcher(btnPerm.getUrl(), btnPerm.getMethod());
if (antPathMatcher.matches(request)) {
hasPermission = true;
break;
}
}
return hasPermission;
} else {
return false;
}
}
/**
* 校验请求是否存在
*
* @param request 请求
*/
private void checkRequest(HttpServletRequest request) {
// 获取当前 request 的方法
String currentMethod = request.getMethod();
Multimap<String, String> urlMapping = allUrlMapping();
for (String uri : urlMapping.keySet()) {
// 通过 AntPathRequestMatcher 匹配 url
// 可以通过 2 种方式创建 AntPathRequestMatcher
// 1:new AntPathRequestMatcher(uri,method) 这种方式可以直接判断方法是否匹配,因为这里我们把 方法不匹配 自定义抛出,所以,我们使用第2种方式创建
// 2:new AntPathRequestMatcher(uri) 这种方式不校验请求方法,只校验请求路径
AntPathRequestMatcher antPathMatcher = new AntPathRequestMatcher(uri);
if (antPathMatcher.matches(request)) {
if (!urlMapping.get(uri)
.contains(currentMethod)) {
throw new SecurityException(ErrorCodeEnum.HTTP_BAD_METHOD);
} else {
return;
}
}
}
throw new SecurityException(ErrorCodeEnum.REQUEST_NOT_FOUND);
}
/**
* 获取 所有URL Mapping,返回格式为{"/test":["GET","POST"],"/sys":["GET","DELETE"]}
*
* @return {@link ArrayListMultimap} 格式的 URL Mapping
*/
private Multimap<String, String> allUrlMapping() {
Multimap<String, String> urlMapping = ArrayListMultimap.create();
// 获取url与类和方法的对应信息
Map<RequestMappingInfo, HandlerMethod> handlerMethods = mapping.getHandlerMethods();
handlerMethods.forEach((k, v) -> {
// 获取当前 key 下的获取所有URL
Set<String> url = k.getPatternsCondition()
.getPatterns();
RequestMethodsRequestCondition method = k.getMethodsCondition();
// 为每个URL添加所有的请求方法
url.forEach(s -> urlMapping.putAll(s, method.getMethods()
.stream()
.map(Enum::toString)
.collect(Collectors.toList())));
});
return urlMapping;
}
private String getRequestPath(HttpServletRequest request) {
if (this.urlPathHelper != null) {
return this.urlPathHelper.getPathWithinApplication(request);
} else {
String url = request.getServletPath();
String pathInfo = request.getPathInfo();
if (pathInfo != null) {
url = StringUtils.hasLength(url) ? url + pathInfo : pathInfo;
}
return url;
}
}
}
其余代码详细见集成项目 项目GitHub地址
1035
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
