如何實現
首先攔截器是屬于web這塊的,那我們需要引入springboot web模塊,具體版本在parent中
|
1
2
3
4
|
<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId></dependency> |
然后我們在config目錄下新建interceptor目錄,用來放攔截器
- 我們新建兩個攔截器,一個用來登陸攔截,一個用來進行管理員攔截。
- 登陸攔截不必多說,就是判斷除登陸請求外所有請求是否登陸過,沒有我們就截斷請求,然會返回失敗狀態
- 管理員攔截,攔截的是管理員才能訪問的資源,比如用戶管理/權限管理等,它是登陸攔截放行后才能進行的,
- 就像關卡是一關一關的。登陸驗證后進入管理員驗證,判斷該登陸用戶是否具有管理員權限,若擁有則放行,否則攔截并返回失敗狀態
- 攔截器的核心是實現 org.springframework.web.servlet.HandlerInterceptor 接口,驗證邏輯一般寫在 preHandle 方法中,在請求資源前
- 我的驗證邏輯比較簡單,登陸驗證就是從session中取出用戶信息,判斷是否存在,用戶信息是登陸成功時放入session中的,大家也可以使用JWT驗證
- 管理員驗證也是從session中取出管理員信息,判斷是否是管理員,管理員信息是登陸成功時將是否是管理員的信息放入session中的,大家也可以使用JWT驗證
登陸攔截器
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
package com.example.interceptor_demo.config.interceptor;import com.fasterxml.jackson.databind.ObjectMapper;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.stereotype.Component;import org.springframework.web.servlet.HandlerInterceptor;import org.springframework.web.servlet.ModelAndView;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import javax.servlet.http.HttpSession;import java.io.PrintWriter;import java.util.HashMap;import java.util.Map;/** * 攔截器,登錄檢查 */@Componentpublic class LoginInterceptor implements HandlerInterceptor { @Autowired private HttpSession session; @Autowired private ObjectMapper objectMapper; @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { Object user = session.getAttribute("sessionUser"); if (sessionUser!=null){ return true; }else { Map<String,Object> notLogin = new HashMap<>(); notLogin.put("msg","not login"); notLogin.put("code",403); notLogin.put("data",null); try(PrintWriter printWriter = response.getWriter()){ printWriter.print(objectMapper.writeValueAsString(notLogin)); }catch (Exception e){ e.printStackTrace(); } return false; } } @Override public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception { } @Override public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception { }} |
管理員攔截器
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
package com.example.interceptor_demo.config.interceptor;import com.fasterxml.jackson.databind.ObjectMapper;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.stereotype.Component;import org.springframework.web.servlet.HandlerInterceptor;import org.springframework.web.servlet.ModelAndView;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import javax.servlet.http.HttpSession;import java.io.PrintWriter;import java.util.HashMap;import java.util.Map;/** * 攔截器,管理員驗證 */@Componentpublic class AdminInterceptor implements HandlerInterceptor { @Autowired private HttpSession session; @Autowired private ObjectMapper objectMapper; @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { Boolean isAdmin = (Boolean)session.getAttribute("sessionAdmin"); if (isAdmin!=null && isAdmin){ return true; }else { Map<String,Object> notLogin = new HashMap<>(); notLogin.put("msg","no power"); notLogin.put("code",403); notLogin.put("data",null); try(PrintWriter printWriter = response.getWriter()){ printWriter.print(objectMapper.writeValueAsString(notLogin)); }catch (Exception e){ e.printStackTrace(); } return false; } } @Override public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception { } @Override public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception { }} |
最后我們在config目錄下新建WebMvcConfig類,用來注冊攔截器
- 攔截器注冊類的核心是實現 org.springframework.web.servlet.config.annotation.WebMvcConfigurer 接口
- 實現 addInterceptors 方法,參數 registry 對象可用來注冊攔截器
- registry.addInterceptor() 方法用來添加攔截器
- .addPathPatterns() 方法是為該攔截器添加攔截資源路徑
- .excludePathPatterns() 方法是為該攔截器添加要放行的資源路徑
- 其中 * 代表路徑下任意名稱,** 代表任意路徑下任意名稱
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
package com.example.interceptor_demo.config;import com.example.interceptor_demo.config.interceptor.AdminInterceptor;import com.example.interceptor_demo.config.interceptor.LoginInterceptor;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.context.annotation.Configuration;import org.springframework.web.servlet.config.annotation.InterceptorRegistry;import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;@Configurationpublic class WebMvcConfig implements WebMvcConfigurer { @Autowired private LoginInterceptor loginInterceptor; @Autowired private AdminInterceptor adminInterceptor; @Override public void addInterceptors(InterceptorRegistry registry) { this.loginInterceptor(registry);//登錄攔截 this.adminInterceptor(registry);//管理員攔截 } private void loginInterceptor(InterceptorRegistry registry){ registry.addInterceptor(loginInterceptor) .addPathPatterns("/**") .excludePathPatterns(//釋放登陸接口 "/login/**" ); } private void adminInterceptor(InterceptorRegistry registry){ registry.addInterceptor(htmlPageInterceptor) .addPathPatterns("/admin/**");//攔截管理員接口 }} |
到此這篇關于Java SpringBoot 使用攔截器作為權限控制的文章就介紹到這了,更多相關Java SpringBoot攔截器權限控制內容請搜索服務器之家以前的文章或繼續瀏覽下面的相關文章希望大家以后多多支持服務器之家!
原文鏈接:https://www.cnblogs.com/New-HackerHK/p/15176720.html#4950599
