实现自定义权限控制(Springboot+拦截器+注解)

最新推荐文章于 2023-12-12 11:42:25 发布

zhangdayan

最新推荐文章于 2023-12-12 11:42:25 发布

阅读量684

点赞数

本文链接：https://blog.csdn.net/zhangdayan/article/details/102838934

版权

1、定义权限常量 Constants.java

public class Constants {

    public static final String FRANCHISEE_TYPE_MAIN = "MAIN";

    public static final String FRANCHISEE_TYPE_ADMIN = "ADMIN";
}

2、定义权限的注解 PermissionCheck

@Target({ElementType.METHOD})
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface PermissionCheck {

    //自定义角色值，如果是多个角色，用逗号分割。
    String role();
}

3、权限拦截器 AuthorityInterceptorAdapter

@Slf4j
@Component
public class AuthorityInterceptorAdapter extends HandlerInterceptorAdapter {

    @Autowired
    private ITokenService tokenService;

    @Autowired
    private IFranchiseeInfoService franchiseeInfoService;

    /**
     * 拦截所有请求验证是否登录
     *
     * @param request
     * @param response
     * @param handler
     * @return
     * @throws Exception
     */
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response,
                             Object handler) throws Exception {
        if (handler instanceof HandlerMethod) {
           
            String token = null;
            // 获取请求中的token
            Cookie[] cookies = request.getCookies();
            if (cookies == null || cookies.length <= 0) {
                response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
                throw new ServiceException(ErrorCode.authority_un_login.getCode(),
                        ErrorCode.authority_un_login.getMessage());
            }
            for (Cookie cookie : cookies) {
                if (Constants.HEADER_ACCESS_TOKEN_KEY.equals(cookie.getName())) {
                    token = cookie.getValue();
                }
            }
            if (token == null) {
                log.error("当前未登录");
                response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
                throw new ServiceException(ErrorCode.authority_un_login.getCode(),
                        ErrorCode.authority_un_login.getMessage());
            }
            // 判断是否登录
            boolean isLogin = tokenService.validateToken(token);
            if (!isLogin) {
                log.error("当前未登录");
                response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
                throw new ServiceException(ErrorCode.authority_un_login.getCode(),
                        ErrorCode.authority_un_login.getMessage());
            }
            TokenModel tokenModel = tokenService.getTokenModelByToken(token);

            //授权成功，判断登录角色
            // 获取方法上的注解
            PermissionCheck requiredPermission = handlerMethod.getMethod().getAnnotation(PermissionCheck.class);
            // 如果方法上的注解为空 则获取类的注解
            if (requiredPermission == null) {
                requiredPermission = handlerMethod.getMethod().getAnnotation(PermissionCheck.class);
            }
            // 如果标记了注解，则判断权限
            if (requiredPermission != null && StringUtils.isNotBlank(requiredPermission.role())) {
                List<String> roleList = Arrays.asList(requiredPermission.role().split(","));
                // redis或数据库 中获取该用户的权限信息 并判断是否有权限
                String permissionString = tokenModel.getUserType();
                if (!roleList.contains(permissionString)) {
                    throw new ServiceException(ErrorCode.authority_has_false_permission.getCode(),
                            ErrorCode.authority_has_false_permission.getMessage());
                } else {
                   return super.preHandle(request, response, handler);
                }
            } else {
                throw new ServiceException(ErrorCode.authority_has_false_permission.getCode(),
                        ErrorCode.authority_has_false_permission.getMessage());
            }
        }
        return super.preHandle(request, response, handler);
    }

    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
        BaseContextCommand.remove();
        super.afterCompletion(request, response, handler, ex);
    }
}

4、拦截器注入配置

@Configuration
public class WebConfigurer implements WebMvcConfigurer {

    @Autowired
    private AuthorityInterceptorAdapter authorityInterceptorAdapter;

    @Autowired
    private OmsProperties omsProperties;

    /**
     * 配置接口授权验证拦截器
     *
     * @param registry
     */
    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        // 配置不需要拦截的url
        List<String> patterns = Arrays.asList(omsProperties.getUncheckList().split(";"));
        registry.addInterceptor(authorityInterceptorAdapter).addPathPatterns("/**")
                .excludePathPatterns(patterns);
    }
}

zhangdayan

关注

0
点赞
踩
1

收藏

觉得还不错? 一键收藏
0
评论
实现自定义权限控制(Springboot+拦截器+注解)

1、定义权限常量 Constants.javapublic class Constants { public static final String FRANCHISEE_TYPE_MAIN = "MAIN"; public static final String FRANCHISEE_TYPE_ADMIN = "ADMIN";}2、定义权限的注解Permissi...
复制链接

扫一扫