SpringMVC的攔截器HandlerInterceptorAdapter對應提供了三個preHandle,postHandle,afterCompletion方法。
- preHandle在業務處理器處理請求之前被調用;
- postHandle在業務處理器處理請求執行完成后,生成視圖之前執行;
- afterCompletion在DispatcherServlet完全處理完請求后被調用,可用於清理資源等;
所以要想實現自己的權限管理邏輯,需要繼承HandlerInterceptorAdapter並重寫其三個方法。
一、自定義攔截器配置方法
- 在sping的xml配置中可以用<mvc:interceptors>和<mvc:interceptor>來配置攔截器類(實現HandlerInterceptorAdapter)
- 在javaConfig中配置通過WebMvcConfiguration的實現類配置攔截器類(實現HandlerInterceptorAdapter)
二、示例
2.1、javaconfig中配置SpringMVC示例
1、新建一個springboot項目auth-demo2
2、權限校驗相關的注解
package com.dxz.authdemo2.web.auth;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
@Target(ElementType.TYPE)
@Retention(RetentionPolicy.RUNTIME)
public @interface Permission {
/** 檢查項枚舉 */
PermissionEnum[] permissionTypes() default {};
/** 檢查項關系 */
RelationEnum relation() default RelationEnum.OR;
}
package com.dxz.authdemo2.web.auth;
import java.io.PrintWriter;
import java.lang.annotation.Annotation;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
/**
* 權限檢查攔截器
*/
@Component
public class PermissionCheckInterceptor extends HandlerInterceptorAdapter {
/** 權限檢查服務 */
@Autowired
private PermissionCheckProcessor permissionCheckProcessor;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
//Class<?> clazz = handler.getClass();
Class<?> clazz = ((HandlerMethod)handler).getBeanType();
System.out.println("PermissionCheckInterceptor.preHandle()" + clazz);
for(Annotation a : clazz.getAnnotations()){
System.out.println(a);
}
if (clazz.isAnnotationPresent(Permission.class)) {
Permission permission = (Permission) clazz.getAnnotation(Permission.class);
return permissionCheckProcessor.process(permission, request, response);
}
return true;
}
public boolean preHandle2(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
System.out.println("SecurityInterceptor:"+request.getContextPath()+","+request.getRequestURI()+","+request.getMethod());
HttpSession session = request.getSession();
if (session.getAttribute("uid") == null) {
System.out.println("AuthorizationException:未登錄!"+request.getMethod());
if("POST".equalsIgnoreCase(request.getMethod())){
response.setContentType("text/html; charset=utf-8");
PrintWriter out = response.getWriter();
out.write("未登錄!");
out.flush();
out.close();
}else{
response.sendRedirect(request.getContextPath()+"/login");
}
return false;
} else {
return true;
}
}
}
package com.dxz.authdemo2.web.auth;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.stereotype.Component;
@Component
public class PermissionCheckProcessor {
public boolean process(Permission permission, HttpServletRequest request, HttpServletResponse response) {
PermissionEnum[] permissionTypes = permission.permissionTypes();
try {
String uid = request.getParameter("uid");
if ("duanxz".equals(uid)) {
System.out.println("認證成功");
return true;
} else {
System.out.println("認證失敗");
return false;
}
} catch (Exception e) {
return false;
}
}
}
package com.dxz.authdemo2.web.auth;
public enum PermissionEnum {
DEVELOPER_VALID, DEVELOPER_FREEZE;
}
package com.dxz.authdemo2.web.auth;
public enum RelationEnum {
OR, AND;
}
3、SpringMVC攔截器配置
package com.dxz.authdemo2.web.auth;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
@Configuration
public class WebMvcConfiguration extends WebMvcConfigurerAdapter {
@Autowired
PermissionCheckInterceptor permissionCheckInterceptor;
@Override
public void addInterceptors(InterceptorRegistry registry) {
// addPathPatterns 用於添加攔截規則
// excludePathPatterns 用戶排除攔截
// 映射為 user 的控制器下的所有映射
registry.addInterceptor(permissionCheckInterceptor).addPathPatterns("/admin/*").excludePathPatterns("/index", "/");
super.addInterceptors(registry);
}
}
4、測試controller
package com.dxz.authdemo2.web;
import javax.servlet.http.HttpServletRequest;
import org.springframework.stereotype.Controller;
import org.springframework.ui.ModelMap;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.servlet.ModelAndView;
import com.dxz.authdemo2.web.auth.Permission;
import com.dxz.authdemo2.web.auth.PermissionEnum;
@Controller
@RequestMapping("/admin")
@Permission(permissionTypes = { PermissionEnum.DEVELOPER_VALID })
public class AppDetailController {
@RequestMapping(value="/appDetail", method = RequestMethod.GET)
public String doGet(ModelMap modelMap, HttpServletRequest httpServletRequest) {
//1. 業務操作,此處省略
System.out.println("appDetail.htm 處理中...");
return "appDetail";
}
}
package com.dxz.authdemo2.web;
import javax.servlet.http.HttpServletRequest;
import org.springframework.stereotype.Controller;
import org.springframework.ui.ModelMap;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import com.dxz.authdemo2.web.auth.Permission;
import com.dxz.authdemo2.web.auth.PermissionEnum;
@Controller
@RequestMapping("index")
public class IndexController {
@RequestMapping(method = RequestMethod.GET)
public void doGet(ModelMap modelMap, HttpServletRequest httpServletRequest) {
System.out.println("index");
}
}
cotroller中的jsp文件appDetail.jsp
<html> <h1>appDetail</h1> </html>
啟動類:
package com.dxz.authdemo2;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.Bean;
import org.springframework.web.servlet.ViewResolver;
import org.springframework.web.servlet.config.annotation.DefaultServletHandlerConfigurer;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.view.InternalResourceViewResolver;
@EnableWebMvc
@EnableAutoConfiguration
@SpringBootApplication
public class AuthDemo2Application {
public static void main(String[] args) {
SpringApplication.run(AuthDemo2Application.class, args);
}
// 配置JSP視圖解析器
@Bean
public ViewResolver viewResolver() {
InternalResourceViewResolver resolver = new InternalResourceViewResolver();
resolver.setPrefix("/WEB-INF/views/");
resolver.setSuffix(".jsp");
return resolver;
}
}
結果:
訪問:http://localhost:8080/admin/appDetail?uid=duanxz2
訪問:http://localhost:8080/admin/appDetail?uid=duanxz
2.2、xml中配置SpringMVC示例
首先在springmvc.xml中加入自己定義的攔截器我的實現邏輯PermissionCheckInterceptor,如下:
<!--配置攔截器, 多個攔截器,順序執行 -->
<mvc:interceptors>
<mvc:interceptor>
<!-- 匹配的是url路徑, 如果不配置或/**,將攔截所有的Controller -->
<mvc:mapping path="/" />
<mvc:mapping path="/user/**" />
<mvc:mapping path="/test/**" />
<bean class="com.dxz.authdemo2.web.auth.PermissionCheckInterceptor"></bean>
</mvc:interceptor>
<!-- 當設置多個攔截器時,先按順序調用preHandle方法,然后逆序調用每個攔截器的postHandle和afterCompletion方法 -->
</mvc:interceptors>