为了保护后台提供给前台接口在权限范围内调用,特增加拦截器,用来判断用户是否登录,登陆后才能正常调用接口,否则禁止请求。
1、新增拦截器类
package com.zzstxx.configurer;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import com.zzstxx.api.login.AuthLogin;
import com.zzstxx.api.models.system.UserInfo;
import net.sf.json.JSONObject;
@Component
public class LoginHandlerInterceptor implements HandlerInterceptor {
@Override
public void afterCompletion(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, Exception arg3)
throws Exception {
// TODO Auto-generated method stub
}
@Override
public void postHandle(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, ModelAndView arg3)
throws Exception {
// TODO Auto-generated method stub
}
/**
* 用户登录验证拦截器
*/
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object arg2) throws Exception {
UserInfo userInfo = AuthLogin.getUser(request.getSession());
if(null==userInfo){
JSONObject jo = new JSONObject();
jo.put("code","-1");
jo.put("message","springboot loginHandlerintercepter;not found user session,please login!");
response.getWriter().write(jo.toString());
return false;
}
return true;
}
}
2、注册拦截器
package com.zzstxx.configurer;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.format.FormatterRegistry;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.validation.MessageCodesResolver;
import org.springframework.validation.Validator;
import org.springframework.web.method.support.HandlerMethodArgumentResolver;
import org.springframework.web.method.support.HandlerMethodReturnValueHandler;
import org.springframework.web.servlet.HandlerExceptionResolver;
import org.springframework.web.servlet.config.annotation.AsyncSupportConfigurer;
import org.springframework.web.servlet.config.annotation.ContentNegotiationConfigurer;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.DefaultServletHandlerConfigurer;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.PathMatchConfigurer;
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
import org.springframework.web.servlet.config.annotation.ViewResolverRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@Configuration
public class WebConfigurer implements WebMvcConfigurer {
@Autowired
private LoginHandlerInterceptor loginHandlerInterceptor;
/**
* 这个方法用来注册拦截器,我们自己写好的拦截器需要通过这里添加注册才能生效
*/
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(loginHandlerInterceptor)
//拦截所有请求
.addPathPatterns("/**")
//排除登陆和注册
.excludePathPatterns("/mobile/login.json",//密码登陆
"/mobile/loginBySmsCode.json",//手机验证码登陆
"/mobile/userInfo.json" //获取用户信息
);
}
/**
* 这个方法是用来配置静态资源的,比如html,js,css,等等
*/
@Override
public void addResourceHandlers(ResourceHandlerRegistry arg0) {
// TODO Auto-generated method stub
}
}
3、前台接口如果请求超时或者请求不到后的处理方式:
//session 获取用户信息
getUserBySession(){
var self = this;
self.$http({
method: 'post',
url: this.config.serverUrl + '/mobile/userInfo.json',
data:{}
}).then(function (response) {
if(response.data.code==="-1"){
self.$Notice.info({
desc: "暂未获取用户信息,请登录后访问!",
duration: 8
});
setTimeout(function(){
self.$router.push("/");
},1500);
}
}).catch(function (error) {
if (error.response) {
if(error.response.status!=200){
self.$Message.info("请求接口失败或获取用户信息失败!");
self.$router.push("/");
}
}
})
}