1.写一个拦截器类,实现HandlerInterceptor接口,重写其中的prehandle方法。
public class JwtInterceptor extends HandlerInterceptorAdapter {
@Autowired
private IBasePrivilegeService basePrivilegeService;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
// 如果是options请求,直接返回true,不进行拦截
if (request.getMethod().equals("OPTIONS")) {
response.setStatus(HttpServletResponse.SC_OK);
return true;
}
// 获取请求头信息authorization信息
final String token = request.getHeader(JwtTokenUtil.AUTH_HEADER_KEY);
if(StringUtils.isEmpty(token)){
throw new UnAuthorizedException("用户还未登录");
}
// 验证token是否有效--无效已做异常抛出,由全局异常处理后返回对应信息
JwtTokenUtil.parseJWT(token, JwtTokenUtil.base64Secret);
// 验证权限,通过token获取用户id,通过用户id获取权限,这里可以使用redis将用户信息维护在缓存中,减少与数据库交互次数
long id = Long.parseLong(JwtTokenUtil.getUserId(token,JwtTokenUtil.base64Secret));
this.auth(id,request.getServletPath());
return true;
}
// 判断权限
private boolean auth(long userId,String path){
// 查询出该用户的所有权限
List<BasePrivilege> privileges = basePrivilegeService.findByUserId(userId);
// 匹配
for(BasePrivilege p : privileges){
if(p.getRoute().matches(path)){
return true;
}
}
throw new PermissionException("权限不足");
}
}
2.然后写一个配置类并且继承WebMvcConfigurer接口,并重写addInterceptors方法,并在类上加上@Configuration注解
@Configuration
public class WebConfig implements WebMvcConfigurer {
//拦截器配置
@Override
public void addInterceptors(InterceptorRegistry registry) {
//拦截路径可自行配置多个 可用 ,分隔开
registry.addInterceptor(jwtInterceptor())
// .addPathPatterns("/category/**","/article/**","/user/**","/role/**","/privilege/**")
.addPathPatterns("/**")
.excludePathPatterns(
"/swagger-resources/**","/v2/**","/swagger-ui.html","/webjars/**",
"/user/login","/user/logout");
}
/**
* 将自定义拦截器作为Bean写入配置
* @return
*/
@Bean
public JwtInterceptor jwtInterceptor() {
return new JwtInterceptor();
}
}
如上配置就可以实现拦截器功能