1.拦截器+方法参数解析器
主要通过 HandlerInterceptor+ HandlerMethodArgumentResolver实现统一拦截获取用户信息,SpringMVC提供了mvc拦截器HandlerInterceptor,包含以下3个方法:
preHandle
postHandle
afterCompletion
HandlerInterceptor经常被用来解决拦截事件,如用户鉴权等。另外,Spring也向我们提供了多种解析器Resolver,如用来统一处理异常的HandlerExceptionResolver,以及今天的主角HandlerMethodArgumentResolver。HandlerMethodArgumentResolver是用来处理方法参数的解析器,包含以下2个方法:
supportsParameter(满足某种要求,返回true,方可进入resolveArgument做参数处理)
resolveArgument 包装对象
知识储备已到位,接下来着手实现,主要分为三步走:
1.自定义拦截器,拦截所以请求,根据token解析得到 SysUser信息
2.自定义注解 @SysUser,添加到controller的方法参数 SysUser之上
3. 自定义方法解析器 TokenArgumentResolver,取出request中的SysUser并赋值
4. 实现WebMvcConfigurer,自定义参数处理器
自定义权限拦截器AuthenticationInterceptor拦截所有request请求,并将token解析为currentUser,最终放到request中;
自定义参数注解@CurrentUser,添加至controller的方法参数user之上;
自定义方法参数解析器CurrentUserMethodArgumentResolver,取出request中的user,并赋值给添加了@CurrentUser注解的参数user。
1.1自定义拦截器
需实现HandlerInterceptor。在preHandle中根据token获取当前用户信息,塞进request.
import com.ifugle.swb.web.controller.annotation.SysUser;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* @Author: 九卿
* @Date: 2021/12/15 14:49
*/
public class TokenInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
String token = request.getHeader("Authorization");
SysUser user = getUserByToken(token);
request.setAttribute("SYS_USER", user);
return true;
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
}
}
1.2自定义参数注解
定义注解@LoginUser ,参数的值都需要由方法参数解析器注入
import java.lang.annotation.*;
/**
* @Author: 九卿
* @Date: 2021/12/15 11:19
*/
@Target(ElementType.PARAMETER)
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface LoginUser {
}
1.3 自定义方法参数解析器
自定义方法参数解析器,需实现HandlerMethodArgumentResolver
import com.ifugle.swb.web.controller.annotation.LoginUser;
import com.ifugle.swb.web.controller.annotation.SysUser;
import lombok.extern.slf4j.Slf4j;
import org.springframework.core.MethodParameter;
import org.springframework.web.bind.support.WebDataBinderFactory;
import org.springframework.web.context.request.NativeWebRequest;
import org.springframework.web.context.request.RequestAttributes;
import org.springframework.web.method.support.HandlerMethodArgumentResolver;
import org.springframework.web.method.support.ModelAndViewContainer;
/**
* @Author: 九卿
* @Date: 2021/12/15 11:23
*/
@Slf4j
public class TokenArgumentResolver implements HandlerMethodArgumentResolver {
@Override
public boolean supportsParameter(MethodParameter methodParameter) {
return methodParameter.hasParameterAnnotation(LoginUser.class) && methodParameter.getParameterType()
.equals(SysUser.class);
}
@Override
public Object resolveArgument(MethodParameter methodParameter, ModelAndViewContainer modelAndViewContainer, NativeWebRequest nativeWebRequest, WebDataBinderFactory webDataBinderFactory) throws Exception {
return nativeWebRequest.getAttribute("SYS_USER", RequestAttributes.SCOPE_REQUEST);
}
1.4 实现WebMvcConfigurer
WebMvcConfigurer.addArgumentResolvers自定义参数处理器
import com.ifugle.swb.web.controller.demo.TokenInterceptor;
import com.ifugle.swb.web.controller.resolver.TokenArgumentResolver;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.method.support.HandlerMethodArgumentResolver;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import java.util.List;
/**
* 默认SpringMVC拦截器
*
* @author 九卿
*/
@Configuration
public class DefaultWebMvcConfig implements WebMvcConfigurer {
/**
* 登录校验拦截器
*
* @return
*/
@Bean
public TokenInterceptor loginRequiredInterceptor() {
return new TokenInterceptor();
}
@Bean
public TokenArgumentResolver currentUserMethodArgumentResolver() {
return new TokenArgumentResolver();
}
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(loginRequiredInterceptor())
.addPathPatterns("/**")
.excludePathPatterns("/login");
}
/**
* CurrentUser 注解参数解析器
*
* @return
*/
@Override
public void addArgumentResolvers(List<HandlerMethodArgumentResolver> resolvers) {
resolvers.add(currentUserMethodArgumentResolver());
}
2.注解使用事例
以上完毕以后,接下来就能在controller中使用注解啦,如下:
import com.ifugle.swb.web.controller.annotation.LoginUser;
import com.ifugle.swb.web.controller.annotation.SysUser;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import org.springframework.validation.annotation.Validated;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import springfox.documentation.annotations.ApiIgnore;
/**
* @Author: 九卿
* @Date: 2021/12/15 14:40
*/
@RestController
@Validated
@RequestMapping("/")
@Api(tags = {"测试注解使用"}, description = "测试注解使用")
public class TestGetUser {
/**
* 测试注解使用
*/
@GetMapping("/queryUser")
@ApiOperation(value = "/queryUser", notes = "测试注解使用", response = SysUser.class)
public SysUser queryUser(@LoginUser @ApiIgnore SysUser sysUser) {
String name = sysUser.getNikeName();
System.out.println(name);
return sysUser;
}
}