要借助Spring实现拦截器功能,可以实现HandlerInterceptor接口或者实现WebRequestInterceptor接口或者继承HandlerInterceptorAdapter适配器【建议使用】
如果实现HandlerInterceptor或者WebRequestInterceptor接口的话,三个方法必须实现,就算是空实现,也必须要放着
不管你需不需要,所以继承HandlerInterceptorAdapter适配器是更好的选择,可以只实现需要的方法,拦截器可以基于自定义注解来拦截,也可以通过请求的url来拦截,等等
下面是一个外围系统调用Controller前,判断用户是否登录的一个逻辑
需要拦截的注解标识,在Controller上使用,可以看到Target可以是类和方法
package cn.cuit.hardlogin;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
@Retention(RetentionPolicy.RUNTIME)
@Target({ ElementType.METHOD, ElementType.TYPE })
public @interface RequireHardLogin {
}
拦截器逻辑:
package cn.cuit.hardlogin;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
/**
* 有时候我们可能只需要实现三个回调方法中的某一个,如果实现HandlerInterceptor接口的话,三个方法必须实现,
* 不管你需不需要,此时spring提供了一个HandlerInterceptorAdapter适配器
* (种适配器设计模式的实现),允许我们只实现需要的回调方法。
*
* https://www.jianshu.com/p/1e8d088c2be9
*/
public class BeforeControllerHandlerInterceptor extends HandlerInterceptorAdapter {
private static final String INTERCEPTOR_ONCE_KEY = BeforeControllerHandlerInterceptor.class.getName();
// 拦截后要执行的处理[被封装成单独的各个处理类然后注入]
private List<BeforeControllerHandler> beforeControllerHandlers;
@Override
public boolean preHandle(final HttpServletRequest request, final HttpServletResponse response, final Object handler)
throws Exception {
if (request.getAttribute(INTERCEPTOR_ONCE_KEY) == null) {
// [设置标记,防止重复访问]
request.setAttribute(INTERCEPTOR_ONCE_KEY, Boolean.TRUE);
if (handler instanceof HandlerMethod) {
final HandlerMethod handlerMethod = (HandlerMethod) handler;
// 【调用一系列的Controller方法请求前要完成的操作】
for (final BeforeControllerHandler beforeControllerHandler : getBeforeControllerHandlers()) {
if (!beforeControllerHandler.beforeController(request, response, handlerMethod)) {
// 如果处理程序返回false,则立即返回
System.out.println(">>>>>>>>>>>>>>>没有访问权限");
return false;
}
}
}
}
return true;
}
public void setBeforeControllerHandlers(final List<BeforeControllerHandler> beforeControllerHandlers) {
this.beforeControllerHandlers = beforeControllerHandlers;
}
public List<BeforeControllerHandler> getBeforeControllerHandlers() {
return beforeControllerHandlers;
}
}
拦截中处理具体逻辑的接口:
package cn.cuit.hardlogin;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.web.method.HandlerMethod;
public interface BeforeControllerHandler {
/**
* 在DispatcherServlet调用控制器之前调用。
*/
boolean beforeController(HttpServletRequest request, HttpServletResponse response, HandlerMethod handler)
throws Exception;
}
拦截中处理具体逻辑的接口实现,被注入拦截器中使用:
package cn.cuit.hardlogin;
import java.io.OutputStream;
import java.lang.annotation.Annotation;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.apache.log4j.Logger;
import org.springframework.core.annotation.AnnotationUtils;
import org.springframework.web.method.HandlerMethod;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
public class UserAuthenticationHandler implements BeforeControllerHandler {
private static final Logger LOG = Logger.getLogger(UserAuthenticationHandler.class);
// @Autowired
// private Jedis jedis;
@Override
public boolean beforeController(HttpServletRequest request, HttpServletResponse response, HandlerMethod handler)
throws Exception {
// 返回一个布尔值,指示此请求是否是使用安全通道(例如HTTPS)进行的。
if (request.isSecure()) {
String token = request.getHeader("TOKEN");
LOG.info("Token is: " + token);
if (StringUtils.isNotBlank(token)) {
// eg: get user detail from redis server
} else {
// do Other sth
}
// 检查处理程序Handler是否包含我们的RequireHardLogin注解
final RequireHardLogin annotation = findAnnotation(handler, RequireHardLogin.class);
if (annotation != null) {
if (StringUtils.isBlank(token)) {
response.setContentType("application/json; charset=utf-8");
response.setCharacterEncoding("UTF-8");
OutputStream out = response.getOutputStream();
out.write(convertObjectToJson(ResultData.failureResult("Invalid Token")).getBytes("UTF-8"));
out.flush();
return false;
}
}
}
return true;
}
protected <T extends Annotation> T findAnnotation(final HandlerMethod handlerMethod,
final Class<T> annotationType) {
// 搜索方法级别注解
final T annotation = handlerMethod.getMethodAnnotation(annotationType);
if (annotation != null) {
return annotation;
}
// 搜索类级别注解
return AnnotationUtils.findAnnotation(handlerMethod.getBeanType(), annotationType);
}
public String convertObjectToJson(Object object) throws JsonProcessingException {
if (object == null) {
return null;
}
ObjectMapper mapper = new ObjectMapper();
return mapper.writeValueAsString(object);
}
}
xml中配置拦截器和拦截器中具体逻辑的各个处理类
<mvc:interceptors>
<ref bean="beforeControllerHandlerInterceptor"/>
</mvc:interceptors>
<util:list id="beforeControllerHandlers">
<bean class="cn.cuit.hardlogin.UserAuthenticationHandler">
<!-- <property name="jedis" ref="jedis"/> -->
</bean>
</util:list>
如果使用SpringBoot,可以实现WebMvcConfigurerAdapter【过时】,WebMvcConfigurer,或者继承WebMvcConfigurationSupport 【推荐使用】
随便使用一个则如下配置:
@Configuration
public class WebConfiguration extends WebMvcConfigurerAdapter {
@Bean
BeforeControllerHandler userAuthenticationHandler() {
return new UserAuthenticationHandler();
}
@Bean
List<BeforeControllerHandler> beforeControllerHandlers() {
List<BeforeControllerHandler> list = new ArrayList<>();
list.add(userAuthenticationHandler());
return list;
}
@Autowired
List<BeforeControllerHandler> beforeControllerHandlers;
/**
* 拦截器配置
*
* @param registry
*/
@Override
public void addInterceptors(InterceptorRegistry registry) {
super.addInterceptors(registry);
BeforeControllerHandlerInterceptor beforeControllerHandlerInterceptor = new BeforeControllerHandlerInterceptor();
beforeControllerHandlerInterceptor.setBeforeControllerHandlers(beforeControllerHandlers);
registry.addInterceptor(beforeControllerHandlerInterceptor);
}
}
有没有觉得@Bean这种配置比XML难写,而且不好理解,所以个人还是喜欢xml配置,看项目吧,追求新就可以玩注解,不过一般是追求稳,大多数人都会的,习惯的,不要盲目跟风,合适的才是最好的
********************************* 不积跬步无以至千里,不积小流无以成江海 *********************************