一、自定义注解
@Target(ElementType.PARAMR) @Retention(RetentionPolicy.RUNTIME) public @interface LoginUser { }
@Retention(RetentionPolicy.RUNTIME) @Target(ElementType.METHOD) public @interface Token { boolean validate() default true; }
二、拦截器
import cn.hutool.http.HttpStatus; import com.alibaba.fastjson.JSONObject; import com.alibaba.fastjson2.JSON; import lombok.extern.slf4j.Slf4j; import org.jetbrains.annotations.NotNull; import org.springframework.stereotype.Component; import org.springframework.web.method.HandlerMethod; import org.springframework.web.servlet.HandlerInterceptor; import schindler.ioee.cbm.annontation.Token; import schindler.ioee.cbm.common.ConstantsMessage; import schindler.ioee.cbm.entity.CommonResponse; import schindler.ioee.cbm.entity.dto.UserInfoDto; import schindler.ioee.cbm.enums.AuthEnum; import schindler.ioee.cbm.util.TokenDecryptUtils; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; /** * 拦截器对声明需要校验的api,进行控制 * * @author beer * @since 2022-11-10 */ @Component @Slf4j public class AuthorizationInterceptor implements HandlerInterceptor { @Override public boolean preHandle(@NotNull HttpServletRequest request, @NotNull HttpServletResponse response, @NotNull Object handler) { String url =request.getRequestURL().toString(); if(!url.contains(".css") && !url.contains(".js") && !url.contains(".png") && !url.contains(".jpg")) { log.info("服务API LOG url:{}",url); } Token annotation; if (handler instanceof HandlerMethod) { annotation = ((HandlerMethod) handler).getMethodAnnotation(Token.class); } else { return true; } //判断是否使用了权限注解 if (annotation == null || !annotation.validate()) { return true; } //从header中获取token,验证token合法性 UserInfoDto userInfo = TokenDecryptUtils.decrypt(request.getHeader("authorization")); try { if (userInfo != null && !userInfo.getCheck()) { Object user=JSON.toJSON(userInfo); //token校验通过,将用户信息放在Attribute中,供需要用user信息的接口里从token取数据 request.setAttribute(AuthEnum.USER_INFO.getKey(), user); return true; } else { //重置response response.reset(); //设置编码格式 response.setCharacterEncoding("UTF-8"); response.setContentType("application/json;charset=UTF-8"); response.getWriter().write(JSONObject.toJSONString(CommonResponse.builder().success(false). code(HttpStatus.HTTP_UNAUTHORIZED).message(userInfo == null ? ConstantsMessage.TOKEN_ERROR_MESSAGE : ConstantsMessage.TOKEN_INVALID_MESSAGE).build())); response.getWriter().close(); } return false; } catch (Exception e) { e.printStackTrace(); return false; } } }
三、解析器
import org.jetbrains.annotations.NotNull; import org.springframework.core.MethodParameter; import org.springframework.stereotype.Component; import org.springframework.web.bind.support.WebDataBinderFactory; import org.springframework.web.context.request.NativeWebRequest; import org.springframework.web.context.request.RequestAttributes; import org.springframework.web.method.support.HandlerMethodArgumentResolver; import org.springframework.web.method.support.ModelAndViewContainer; import schindler.ioee.cbm.annontation.LoginUser; import schindler.ioee.cbm.entity.dto.UserInfoDto; import schindler.ioee.cbm.enums.AuthEnum; /** * 解析器,将用户的信息注入到接口里 * * @author beer * @since 2022-11-10 */ @Component public class LoginUserHandlerMethodArgumentResolver implements HandlerMethodArgumentResolver { @Override public boolean supportsParameter(MethodParameter methodParameter) { return methodParameter.getParameterType().isAssignableFrom(UserInfoDto.class) && methodParameter.hasParameterAnnotation(LoginUser.class); } @Override public Object resolveArgument(@NotNull MethodParameter methodParameter, ModelAndViewContainer modelAndViewContainer, NativeWebRequest nativeWebRequest, WebDataBinderFactory webDataBinderFactory) { //获取登陆用户信息 return nativeWebRequest.getAttribute(AuthEnum.USER_INFO.getKey(), RequestAttributes.SCOPE_REQUEST); } }
四、springMVC
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Configuration; import org.springframework.web.method.support.HandlerMethodArgumentResolver; import org.springframework.web.servlet.config.annotation.InterceptorRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; import java.util.List; /** * 配置拦截器和参数解析器 * * @author beer * @since 2022-11-10 */ @Configuration public class WebMvcConfig implements WebMvcConfigurer { @Autowired private AuthorizationInterceptor authorizationInterceptor; @Autowired private LoginUserHandlerMethodArgumentResolver loginUserHandlerMethodArgumentResolver; @Override public void addInterceptors(InterceptorRegistry registry) { registry.addInterceptor(authorizationInterceptor).addPathPatterns("/需要拦截controller/**", "/需要拦截controller/**"); } @Override public void addArgumentResolvers(List<HandlerMethodArgumentResolver> argumentResolvers) { argumentResolvers.add(loginUserHandlerMethodArgumentResolver); } }
五、控制层
@ApiOperation(value = "获取设备", notes = "equipment") @GetMapping("getEquipmentList") @Token public CommonResponse<Object> getEquipmentList(@RequestParam(value = "key") String key, HttpServletRequest request) { UserInfoDto userInfoDto = JSON.parseObject(request.getAttribute(AuthEnum.USER_INFO.getKey()).toString(), UserInfoDto.class); return equipmentService.getEquipmentList(key, userInfoDto); }