HandlerInterceptor 存在请求后body置空的问题,
Filter简单
@Slf4j
@Component
public class HttpFilter implements Filter {
//获取配置管理员ids
@Value("${adminHttpUser.userIds}")
private String userIds;
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
//请求地址
HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
String servletPath = httpServletRequest.getServletPath();
//如果是api/in、/api/out接口,必须是管理员才能访问
if (servletPath.contains("/api/in") || servletPath.contains("/api/out")) {
//当前用户id
String userId = WebRequestUtils.getRequest().getHeader(Const.REQUEST_USER_ID);
//获取管理员ids
List<String> userIdList = Arrays.asList(userIds.split(","));
if (A.isEmpty(userIdList)) {
//自定义返回提示
ServletOutputStream outputStream = servletResponse.getOutputStream();
R result = new R("500", "未设置管理员,不能访问");
JSON parse = JSONUtil.parse(result);
outputStream.write(parse.toString().getBytes());
outputStream.flush();
//配置文件没有配置管理员id,直接跳过
return;
}
if (!userIdList.contains(userId)) {
String reason = ResultMsgHodler.NOT_PERMISSION.getReason();
ServletOutputStream outputStream = servletResponse.getOutputStream();
//自定义返回对象,可自行设置
R result = new R("500", "非管理员登录:" + reason);
JSON parse = JSONUtil.parse(result);
outputStream.write(parse.toString().getBytes());
outputStream.flush();
return;
}
}
//通过doFilter
filterChain.doFilter(servletRequest, servletResponse);
}
}