這里的權限過濾,配合注解來使用,我目的是只要加上了特定注解的方法,才會進行校驗(如果不需要的話,可以將判斷注解的邏輯去掉,就跟一般的一樣了)
1:定義注解:
/**
* 權限校驗
*/
@Documented
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface RoleCheck {
RoleEnum[] role();
}
userRoleEnum里定義角色的值
2:創建
RoleInterceptor 類,重寫peHandle方法,方法中寫具體的校驗邏輯
/**
* 用於角色校驗
*
*/
@Service
public class RoleInterceptor extends BaseHandlerInterceptorAdapter {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
HandlerMethod handlerMethod = (HandlerMethod) handler;
RoleCheck roleCheck = handlerMethod.getMethodAnnotation(RoleCheck.class);
//如果方法上沒有roleCheck注解,則校驗通過
if (roleCheck == null){
return true;
}
//該方法未賦予權限,不通過
if (roleCheck.role() == null){
return false;
}
}
}
3:在要攔截的方法上加入注解
@RequestMapping(value = {“/getstudent"})
@RoleCheck(role = {RoleEnum.TEACHER})
public String getStudentInfo(@RequestParam String studentNo) {
return studentManager.getstudentInfoByNo(studentNo);
}
2:創建一個自定義的adapter的類,繼承
WebMvcConfigurerAdapter 類
@Configuration
public class DefineAdapter extends WebMvcConfigurerAdapter {
@Autowired
public RoleInterceptor roleInterceptor;
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(roleInterceptor).addPathPatterns("/getstudent");
super.addInterceptors(registry);
}
}
重寫 addInterceptors方法,將你要攔截的url加入。
WebMvcConfigurerAdapter 繼承后,攔截器會在工程啟動的時候就加入進來