springboot 拦截器过滤权限和错误处理

先说异常处理，增加一个异常处理的类MyControllerAdvice就可以了，不需要其他地方使用，注意使用注解@ControllerAdvice

@ControllerAdvice
public class MyControllerAdvice {
    @Resource
    GetRootPath getRootPath;
    private static final Logger logger = LoggerFactory.getLogger(MyControllerAdvice.class);

    public void output(Object json, HttpServletRequest request, HttpServletResponse response) throws IOException {
        String header = request.getHeader("Origin");
        response.setContentType("application/json;charset=UTF-8;");
        PrintWriter out = response.getWriter();
        out.println(json);
        out.flush();
        out.close();
    }

    /***
     * 404处理
     * @param e
     * @return
     */
    @ExceptionHandler(NoHandlerFoundException.class)
    public void notFountHandler(HttpServletRequest request, HttpServletResponse response, Model model, NoHandlerFoundException e) throws IOException, JSONException {
        JSONObject  json = new JSONObject();
        json.put("code", 500);
        json.put("content", null);
        json.put("msg", "未找到路径："+request.getServletPath());
        output(json,request,response);
    }

    /**
     * 运行时异常
     *
     * @param exception
     * @return
     */
    @ExceptionHandler({RuntimeException.class})
    @ResponseStatus(HttpStatus.OK)
    public void processException(HttpServletRequest request, HttpServletResponse response, Model model, RuntimeException exception) throws JSONException, IOException {
        JSONObject  json = new JSONObject();
        json.put("code", 500);
        json.put("content", null);
        json.put("msg", exception.getMessage());
        output(json,request,response);
    }

    /**
     * Excepiton异常
     *
     * @param exception
     * @return
     */
    @ExceptionHandler({Exception.class})
    @ResponseStatus(HttpStatus.OK)
    public void processException(HttpServletRequest request, HttpServletResponse response, Model model, Exception exception) throws JSONException, IOException {
        JSONObject  json = new JSONObject();
        json.put("code", 500);
        json.put("content", null);
        json.put("msg", exception.getMessage());
        output(json,request,response);
    }
}

再来权限验证的，接手的项目框架中只有验证是否登录的，没有验收权限的，增加一个类WebMvcConfig，注意使用注解@Configuration， 不需要在其他地方引用即可起作用，并注意使用excludePathPatterns去掉不需要拦截的部分，否则会拦截掉静态资源。

@Configuration
public class WebMvcConfig implements WebMvcConfigurer {
  
    /**
     * 添加拦截器
     */
    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        //静态资源不拦截
        registry.addInterceptor(new LoginInterceptor()).addPathPatterns("/**").excludePathPatterns("/static/**");
    }
}

增加拦截器类LoginInterceptor

public class LoginInterceptor extends HandlerInterceptorAdapter {

    /**
     * 检查是否已经登录
     */
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        Object username = request.getSession().getAttribute(Constants.LOGIN_USER);
        String servletPath = request.getServletPath();
        String type = request.getHeader("X-Requested-With") == null ? "" : request.getHeader("X-Requested-With");

        if (username != null) {
            //检查页面访问的权限
            if (!"XMLHttpRequest".equals(type)) {
                int userId = Integer.valueOf(request.getSession().getAttribute(Constants.LOGIN_USERID).toString());
                List<ModuleEntity> moduleList = (List<ModuleEntity>) request.getSession().getAttribute(Constants.USER_MODULE);
                boolean chkResult = methodPermissionLimit(moduleList, servletPath);
                if(!chkResult){
                    JSONObject outputMSg = new JSONObject();
                    outputMSg.put("code", 500);
                    outputMSg.put("content", "");
                    outputMSg.put("msg", "没有权限");
                    output(outputMSg, request, response);
                    return false;
                }else{
                    return true;
                }
            } else {
                //如果是json访问，则不做检查
                return true;
            }
        } else {
            //检查是否登录允许
            if (methodLoginLimit(handler)) {
                return true;
            } else {
                if ("XMLHttpRequest".equals(type)) {
                    JSONObject outputMSg = new JSONObject();
                    outputMSg.put("code", 500);
                    outputMSg.put("content", "");
                    outputMSg.put("msg", "登录过期，请重新登陆");
                    output(outputMSg, request, response);
                    return false;
                } else {
                    String redirectUrl = request.getContextPath() + "/login";
                    response.sendRedirect(redirectUrl);
                    return false;
                }
            }
        }
    }

    public boolean methodLoginLimit(Object handler) {
        HandlerMethod method = (HandlerMethod) handler;
        //获取当前方法PermessionLimit
        LoginLimit loginLimit = method.getMethodAnnotation(LoginLimit.class);
        if (loginLimit == null) {
            //获取控制器的PermessionLimit
            loginLimit = method.getMethod().getDeclaringClass().getAnnotation(LoginLimit.class);
        }
        if (loginLimit != null && !loginLimit.limit()) {
            return true;
        } else {
            return false;
        }
    }

    /**
     * 检查权限
     *
     * @param moduleList
     * @param path
     * @return
     */
    public boolean methodPermissionLimit(List<ModuleEntity> moduleList, String path) {
        boolean havePermission = moduleList.stream().anyMatch(f->f.getPath().toLowerCase().equals(path.toLowerCase()));
        return havePermission;
    }

    public void output(Object json, HttpServletRequest request, HttpServletResponse response) throws IOException {
        String header = request.getHeader("Origin");
        response.setContentType("application/json;charset=UTF-8;");
        PrintWriter out = response.getWriter();
        out.println(json);
        out.flush();
        out.close();
    }
}

这样的拦截器只对页面地址进行拦截，对ajax提交的数据不做处理，做普通项目的权限过滤是可以了。