1.编写配置
package com.sudy.epay.config;
import com.sudy.epay.interceptor.LoginInterceptor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@Configuration
public class InterceptorConfig implements WebMvcConfigurer {
@Autowired
private LoginInterceptor loginInterceptor;
String[] EXCLUDE_PATH = new String[]{"/**/getVerify","/**/toLogin","/**/login"};
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(loginInterceptor)
.addPathPatterns("/**")
.excludePathPatterns(EXCLUDE_PATH);
}
}
2.编写拦截器
package com.sudy.epay.interceptor;
import com.sudy.epay.component.RedisComp;
import com.sudy.epay.constant.RespCode;
import com.sudy.epay.exception.IdentityException;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.lang.Nullable;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@Component
@Slf4j
public class LoginInterceptor extends HandlerInterceptorAdapter {
@Autowired
private RedisComp redisComp;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
String url = request.getRequestURL().toString();
String token = request.getParameter("token");
if (token == null) {
log.error("error identity", url);
throw new IdentityException("error identity", RespCode.ERROR_TOKEN);
}
String user = redisComp.get(token);
if (user == null) {
log.error("error identity", url);
throw new IdentityException("error identity", RespCode.ERROR_TOKEN);
}
String lastUrl = url.substring(url.lastIndexOf("/") + 1);
//获取该账号角色
String role = (String) redisComp.hGet("epay_user", user);
//判断该角色是否有权限
if (redisComp.isMember("epay_permission", lastUrl)) { //url在权限表中,需要检查的url
if (redisComp.isMember("epay_role_" + role, lastUrl)) { //该角色拥有该权限
return true;
} else {
log.error("error identity", url);
throw new IdentityException("error identity", RespCode.ERROR_TOKEN);
}
}
return true;
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, @Nullable ModelAndView modelAndView) throws Exception {
super.postHandle(request, response, handler, modelAndView);
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, @Nullable Exception ex) throws Exception {
super.afterCompletion(request, response, handler, ex);
}
}