一、spring boot项目,使用@Configuration注入WebMvcConfigurer来实现拦截器
如:
@Configuration
public class HighersoftWebMvcConfig implements WebMvcConfigurer{
@Autowired
private AdminHandlerInterceptorAdapter adminHandlerInterceptorAdapter;
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(adminHandlerInterceptorAdapter).addPathPatterns("/**");
//.excludePathPatterns("/swagger-resources/**", "/webjars/**");
}
}
注意,spring boot项目Configuration才会生效。
拦截器的实现:
@Component
public class AdminHandlerInterceptorAdapter extends HandlerInterceptorAdapter {
@Autowired
private AdminService userService;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
if (handler instanceof HandlerMethod) {
final HandlerMethod handlerMethod = (HandlerMethod) handler;
final Class> clazz = handlerMethod.getBeanType();
final Method method = handlerMethod.getMethod();
if (clazz.isAnnotationPresent(ExcludeLoginVerify.class) || method.isAnnotationPresent(ExcludeLoginVerify.class)) {
return true;
}
if(!loginContextVerification(request)) {
throw new RuntimeException("亲,登录了才能操作呢。");
}
return true;
}
return true;
}
}
二、如果不是spring boot,用的是spring mvc,那么也可用上面的拦截器。用以下xml来实现:
三、用spring的aop也可以实现:
如:
@Component
public class LoginContextAspect {
private static final Logger logger = LoggerFactory.getLogger(LoginContextAspect.class);
@Autowired
UserService userService;
@Autowired
CookieUtils cookieUtils;
@Pointcut("execution(* net.highersoft.xx.controller..*(..)) && && !@annotation(net.highersoft.xx.annotation.ExcludeLoginVerify)")
public void controllerMethodPointcut() {
}
/*** 拦截器具体实现** @param pjp* @return JsonResult(被拦截方法的执行结果,或需要登录的错误提示。)*/
@Around("controllerMethodPointcut()")
public Object Interceptor(ProceedingJoinPoint pjp) {
Object result = null;
Object[] args = pjp.getArgs();
for (Object arg : args) {
if (arg instanceof HttpServletRequest) {
HttpServletRequest request = (HttpServletRequest) arg;
//验证逻辑 if (!loginContextVerification(request)) {
result = new JsonResult(ResultCode.LOGINCONTEXT_ERROR, "登录状态验证错误,请重新登录!", null);
}
}
}
try {
if (result == null) {
// 一切正常的情况下,继续执行被拦截的方法 result = pjp.proceed();
}
} catch (Throwable e) {
logger.info("LoginContextAspect >> exception: ", e);
result = new JsonResult(ResultCode.ERROR, ResultMsg.ERROR);
}
return result;
}
private boolean loginContextVerification(HttpServletRequest request) {
String token = cookieUtils.getCookieValue(request, "token");
if (!StringUtils.isNullOrEmpty(token)) {
try {
Object user = userService.get(token);
if (user != null) {
UserInfo u = JSONObject.parseObject(user.toString(), UserInfo.class);
return true;
}
} catch (JedisException ex) {
logger.error(ex.getMessage());
}
}
return false;
}
}
四、用javax.servlet.Filter也可以实现,老项目可能用的是这个。
如在web.xml加入:
urlFilter
net.highersoft.mstats.filter.UrlFilter
urlFilter
/*
那么url-pattern下的访问都要过Filter,这样也可以控制权限。
五,其它方式
shiro 可以控制得更细,但代码也多些。
struts 也可以配置拦截器,但很久没用了,没代码了。