1、定义权限常量 Constants.java
public class Constants {
public static final String FRANCHISEE_TYPE_MAIN = "MAIN";
public static final String FRANCHISEE_TYPE_ADMIN = "ADMIN";
}
2、定义权限的注解 PermissionCheck
@Target({ElementType.METHOD})
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface PermissionCheck {
//自定义角色值,如果是多个角色,用逗号分割。
String role();
}
3、权限拦截器 AuthorityInterceptorAdapter
@Slf4j
@Component
public class AuthorityInterceptorAdapter extends HandlerInterceptorAdapter {
@Autowired
private ITokenService tokenService;
@Autowired
private IFranchiseeInfoService franchiseeInfoService;
/**
* 拦截所有请求验证是否登录
*
* @param request
* @param response
* @param handler
* @return
* @throws Exception
*/
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response,
Object handler) throws Exception {
if (handler instanceof HandlerMethod) {
String token = null;
// 获取请求中的token
Cookie[] cookies = request.getCookies();
if (cookies == null || cookies.length <= 0) {
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
throw new ServiceException(ErrorCode.authority_un_login.getCode(),
ErrorCode.authority_un_login.getMessage());
}
for (Cookie cookie : cookies) {
if (Constants.HEADER_ACCESS_TOKEN_KEY.equals(cookie.getName())) {
token = cookie.getValue();
}
}
if (token == null) {
log.error("当前未登录");
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
throw new ServiceException(ErrorCode.authority_un_login.getCode(),
ErrorCode.authority_un_login.getMessage());
}
// 判断是否登录
boolean isLogin = tokenService.validateToken(token);
if (!isLogin) {
log.error("当前未登录");
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
throw new ServiceException(ErrorCode.authority_un_login.getCode(),
ErrorCode.authority_un_login.getMessage());
}
TokenModel tokenModel = tokenService.getTokenModelByToken(token);
//授权成功,判断登录角色
// 获取方法上的注解
PermissionCheck requiredPermission = handlerMethod.getMethod().getAnnotation(PermissionCheck.class);
// 如果方法上的注解为空 则获取类的注解
if (requiredPermission == null) {
requiredPermission = handlerMethod.getMethod().getAnnotation(PermissionCheck.class);
}
// 如果标记了注解,则判断权限
if (requiredPermission != null && StringUtils.isNotBlank(requiredPermission.role())) {
List<String> roleList = Arrays.asList(requiredPermission.role().split(","));
// redis或数据库 中获取该用户的权限信息 并判断是否有权限
String permissionString = tokenModel.getUserType();
if (!roleList.contains(permissionString)) {
throw new ServiceException(ErrorCode.authority_has_false_permission.getCode(),
ErrorCode.authority_has_false_permission.getMessage());
} else {
return super.preHandle(request, response, handler);
}
} else {
throw new ServiceException(ErrorCode.authority_has_false_permission.getCode(),
ErrorCode.authority_has_false_permission.getMessage());
}
}
return super.preHandle(request, response, handler);
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
BaseContextCommand.remove();
super.afterCompletion(request, response, handler, ex);
}
}
4、拦截器注入配置
@Configuration
public class WebConfigurer implements WebMvcConfigurer {
@Autowired
private AuthorityInterceptorAdapter authorityInterceptorAdapter;
@Autowired
private OmsProperties omsProperties;
/**
* 配置接口授权验证拦截器
*
* @param registry
*/
@Override
public void addInterceptors(InterceptorRegistry registry) {
// 配置不需要拦截的url
List<String> patterns = Arrays.asList(omsProperties.getUncheckList().split(";"));
registry.addInterceptor(authorityInterceptorAdapter).addPathPatterns("/**")
.excludePathPatterns(patterns);
}
}