一、通过Filter进行权限管理主要分为两部分:
1.Config:用于将Filter拦截器与接口路径进行绑定
2.interceptor:在拦截器与接口路径绑定的前提下,进行更加细致的拦截操作(比如判断某种情况是拦截还是放行)
二、具体代码
config: 用于将AdminFilter拦截器与路径/admin进行绑定
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.Ordered;
@Configuration
public class FilterConfig {
@Bean
public FilterRegistrationBean<AdminFilter> adminFilterFilterRegistrationBean() {
FilterRegistrationBean<AdminFilter> filterRegBean = new FilterRegistrationBean<>();
filterRegBean.setFilter(new AdminFilter());
filterRegBean.addUrlPatterns("/admin/*");
filterRegBean.setOrder(Ordered.LOWEST_PRECEDENCE -2);
return filterRegBean;
}
}
interceptor:拦截细致化操作
import org.springframework.stereotype.Component;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@Component
public class AdminFilter implements Filter {
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));
response.setHeader("Access-Control-Allow-Methods", "POST, GET, PUT, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "x-requested-with");
response.setHeader("Access-Control-Allow-Credentials","true");
if(request != null) {
filterChain.doFilter(servletRequest, servletResponse);
}
}
}
Controller中的路径: