自己使用过滤器实现权限控制
1.权限控制的框架有shiro,springsecurity等,其实质也是通过的filter(过滤器)或者拦截器和aop实现的
在项目中我们可以自己实现;这样会更灵活和仿佛就是我们自己定制的一样,下面我将展示自己的实现的;
使用spring的PathMatcher 路径匹配器
MyPathMatcher.java
@Component
public class MyPathMatcher {
private PathMatcher pathMatcher = new AntPathMatcher();
/**
* @param resources 拥有的资源
* @param reqUrl 要访问的路径
*/
public boolean isMatcher(Iterable<String> resources, String reqUrl) {
if (resources == null || reqUrl == null) {
System.out.println("参数错误");
}
for (String res : resources) {
return pathMatcher.match(res, reqUrl);
}
return false;
}
public static void main(String[] args) {
MyPathMatcher myPathMatcher = new MyPathMatcher();
Set<String> strings = new HashSet<>();
strings.add("/user/**");
boolean matcher = myPathMatcher.isMatcher(strings, "/user/find");
System.out.println(matcher);
}
过滤器实现
@Component
public class PermissionFilter implements Filter {
@Autowired
private MyPathMatcher myPathMatcher;
private Set<String> patterns = new HashSet<>();
String[] URL = {
"/js/**",
"/lib/**",
"/static/**",
"/temp/**",
"/css/**",
"/user/login",
" /webjars/**",
"/swagger-resources/**",
"/v2/**",
"/swagger-ui.html/**"
};
@Override
public void init(FilterConfig filterConfig) throws ServletException {
for (String s : URL) {
this.patterns.add(s);
}
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
String servletPath = request.getServletPath();
//静态资源不拦截
if (myPathMatcher.isMatcher(patterns, servletPath)) {
chain.doFilter(servletRequest, servletResponse);
return;
}
//拦截校验权限
if (hasAuth(servletPath)) {
chain.doFilter(servletRequest, servletResponse);
} else {
System.out.println("没有权限");
return;
}
}
private boolean hasAuth(String reqUrl) {
/**
* 模仿从数据库获取该用户的资源
*/
Set<String> resources = new HashSet<>();
resources.add("/user/**");
return myPathMatcher.isMatcher(resources, reqUrl);
}
代码就是这么多就可以实现一个简单的权限控制,是不是感觉很简单,然而这不是的,
在实际的开发中,我们完全可以在加入AOP和自己定义的注解,通过反射来实现;好了就写这么多;