聆聽 沉淀 傳播 … 關注微信公眾號【架構技術之美】,了解更多技術和學習資料
目錄
- 前言
- 一、實作方式
- 二、HandlerInterceptor 方法介紹
- 三、攔截器(Interceptor)實作
- 3.1 實作HandlerInterceptor
- 3.2 繼承HandlerInterceptorAdapter
- 四、配置器(WebMvcConfigurer)實作
- 4.1 實作WebMvcConfigurer(推薦)
- 4.2 繼承WebMvcConfigurationSupport
- 五、其他主要輔助類
- 5.1 用戶背景關系類
- 5.2 校驗訪問權限注解
- 5.3 用戶背景關系操作類
- 5.4 方法引數決議器類
- 六、測驗驗證
- 七、Github專案
前言
平常專案開發程序中,會遇到登錄攔截,權限校驗,引數處理,防重復提交等問題,那攔截器就能幫我們統一處理這些問題,
一、實作方式
1.1 自定義攔截器
自定義攔截器,即攔截器的實作類,一般有兩種自定義方式:
- 定義一個類,實作
org.springframework.web.servlet.HandlerInterceptor介面, - 定義一個類,繼承已實作了HandlerInterceptor介面的類,例如
org.springframework.web.servlet.handler.HandlerInterceptorAdapter抽象類,
1.2 添加Interceptor攔截器到WebMvcConfigurer配置器中
自定義配置器,然后實作WebMvcConfigurer配置器,
以前一般繼承org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter類,不過SrpingBoot 2.0以上WebMvcConfigurerAdapter類就過時了,有以下2中替代方法:
- 直接實作
org.springframework.web.servlet.config.annotation.WebMvcConfigurer介面,(推薦) - 繼承
org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport類,但是繼承WebMvcConfigurationSupport會讓SpringBoot對mvc的自動配置失效,不過目前大多數專案是前后端分離,并沒有對靜態資源有自動配置的需求,所以繼承WebMvcConfigurationSupport也未嘗不可,
二、HandlerInterceptor 方法介紹
preHandle:預處理,在業務處理器處理請求之前被呼叫,可以進行登錄攔截,編碼處理、安全控制、權限校驗等處理;
default boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
return true;
}
postHandle:后處理,在業務處理器處理請求執行完成后,生成視圖之前被呼叫,即呼叫了Service并回傳ModelAndView,但未進行頁面渲染,可以修改ModelAndView,這個比較少用,
default void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
@Nullable ModelAndView modelAndView) throws Exception {
}
afterCompletion:回傳處理,在DispatcherServlet完全處理完請求后被呼叫,可用于清理資源等,已經渲染了頁面,
default void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler,
@Nullable Exception ex) throws Exception {
}
三、攔截器(Interceptor)實作
3.1 實作HandlerInterceptor
此攔截器演示了通過注解形式,對用戶權限進行攔截校驗,
package com.nobody.interceptor;
import com.nobody.annotation.UserAuthenticate;
import com.nobody.context.UserContext;
import com.nobody.context.UserContextManager;
import com.nobody.exception.RestAPIError;
import com.nobody.exception.RestException;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* @Description
* @Author Mr.nobody
* @Date 2020/10/25
* @Version 1.0
*/
@Slf4j
@Component
public class UserPermissionInterceptor implements HandlerInterceptor {
private UserContextManager userContextManager;
@Autowired
public void setContextManager(UserContextManager userContextManager) {
this.userContextManager = userContextManager;
}
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response,
Object handler) {
log.info(">>> UserPermissionInterceptor preHandle -- ");
if (handler instanceof HandlerMethod) {
HandlerMethod handlerMethod = (HandlerMethod) handler;
// 獲取用戶權限校驗注解(優先獲取方法,無則再從類獲取)
UserAuthenticate userAuthenticate =
handlerMethod.getMethod().getAnnotation(UserAuthenticate.class);
if (null == userAuthenticate) {
userAuthenticate = handlerMethod.getMethod().getDeclaringClass()
.getAnnotation(UserAuthenticate.class);
}
if (userAuthenticate != null && userAuthenticate.permission()) {
// 獲取用戶資訊
UserContext userContext = userContextManager.getUserContext(request);
// 權限校驗
if (userAuthenticate.type() != userContext.getType()) {
// 如若不拋出例外,也可回傳false
throw new RestException(RestAPIError.AUTH_ERROR);
}
}
}
return true;
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
ModelAndView modelAndView) {
log.info(">>> UserPermissionInterceptor postHandle -- ");
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response,
Object handler, Exception ex) {
log.info(">>> UserPermissionInterceptor afterCompletion -- ");
}
}
3.2 繼承HandlerInterceptorAdapter
package com.nobody.interceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.stereotype.Component;
import lombok.extern.slf4j.Slf4j;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
/**
* @Description
* @Author Mr.nobody
* @Date 2020/10/25
* @Version 1.0
*/
@Slf4j
@Component
public class UserPermissionInterceptorAdapter extends HandlerInterceptorAdapter {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response,
Object handler) {
log.info(">>> UserPermissionInterceptorAdapter preHandle -- ");
return true;
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
ModelAndView modelAndView) {
log.info(">>> UserPermissionInterceptorAdapter postHandle -- ");
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response,
Object handler, Exception ex) {
log.info(">>> UserPermissionInterceptorAdapter afterCompletion -- ");
}
}
四、配置器(WebMvcConfigurer)實作
4.1 實作WebMvcConfigurer(推薦)
package com.nobody.config;
import com.nobody.context.UserContextResolver;
import com.nobody.interceptor.UserPermissionInterceptor;
import com.nobody.interceptor.UserPermissionInterceptorAdapter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.method.support.HandlerMethodArgumentResolver;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import java.util.List;
/**
* @Description
* @Author Mr.nobody
* @Date 2020/10/25
* @Version 1.0
*/
@Configuration
public class WebAppConfigurer implements WebMvcConfigurer {
private UserPermissionInterceptor userPermissionInterceptor;
private UserPermissionInterceptorAdapter userPermissionInterceptorAdapter;
private UserContextResolver userContextResolver;
@Autowired
public void setUserPermissionInterceptor(UserPermissionInterceptor userPermissionInterceptor) {
this.userPermissionInterceptor = userPermissionInterceptor;
}
@Autowired
public void setUserPermissionInterceptorAdapter(
UserPermissionInterceptorAdapter userPermissionInterceptorAdapter) {
this.userPermissionInterceptorAdapter = userPermissionInterceptorAdapter;
}
@Autowired
public void setUserContextResolver(UserContextResolver userContextResolver) {
this.userContextResolver = userContextResolver;
}
@Override
public void addInterceptors(InterceptorRegistry registry) {
// 可以添加多個攔截器,一般只添加一個
// addPathPatterns("/**") 表示對所有請求都攔截
// .excludePathPatterns("/base/index") 表示排除對/base/index請求的攔截
// 多個攔截器可以設定order順序,值越小,preHandle越先執行,postHandle和afterCompletion越后執行
// order默認的值是0,如果只添加一個攔截器,可以不顯示設定order的值
registry.addInterceptor(userPermissionInterceptor).addPathPatterns("/**")
.excludePathPatterns("/base/index").order(0);
// registry.addInterceptor(userPermissionInterceptorAdapter).addPathPatterns("/**")
// .excludePathPatterns("/base/index").order(1);
}
@Override
public void addArgumentResolvers(List<HandlerMethodArgumentResolver> resolvers) {
resolvers.add(userContextResolver);
}
}
4.2 繼承WebMvcConfigurationSupport
package com.nobody.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport;
import com.nobody.interceptor.UserPermissionInterceptor;
import com.nobody.interceptor.UserPermissionInterceptorAdapter;
/**
* @Description
* @Author Mr.nobody
* @Date 2020/10/25
* @Version 1.0
*/
@Configuration
public class WebAppConfigurerSupport extends WebMvcConfigurationSupport {
@Autowired
private UserPermissionInterceptor userPermissionInterceptor;
// @Autowired
// private UserPermissionInterceptorAdapter userPermissionInterceptorAdapter;
@Override
public void addInterceptors(InterceptorRegistry registry) {
// 可以添加多個攔截器,一般只添加一個
// addPathPatterns("/**") 表示對所有請求都攔截
// .excludePathPatterns("/base/index") 表示排除對/base/index請求的攔截
registry.addInterceptor(userPermissionInterceptor).addPathPatterns("/**")
.excludePathPatterns("/base/index");
// registry.addInterceptor(userPermissionInterceptorAdapter).addPathPatterns("/**")
// .excludePathPatterns("/base/index");
}
}
五、其他主要輔助類
5.1 用戶背景關系類
package com.nobody.context;
import com.nobody.enums.AuthenticationTypeEnum;
import lombok.Getter;
import lombok.Setter;
import lombok.ToString;
/**
* @Description 用戶背景關系
* @Author Mr.nobody
* @Date 2020/10/25
* @Version 1.0
*/
@Getter
@Setter
@ToString
public class UserContext {
// 用戶名稱
private String name;
// 用戶ID
private String userId;
// 用戶型別
private AuthenticationTypeEnum type;
}
5.2 校驗訪問權限注解
package com.nobody.annotation;
import com.nobody.enums.AuthenticationTypeEnum;
import java.lang.annotation.*;
/**
* @Description 校驗訪問權限注解
* @Author Mr.nobody
* @Date 2020/10/25
* @Version 1.0
*/
@Target({ElementType.TYPE, ElementType.METHOD})
@Retention(RetentionPolicy.RUNTIME)
@Inherited
@Documented
public @interface UserAuthenticate {
/**
* 是否需要校驗訪問權限 默認不校驗
*
* @return
*/
boolean permission() default false;
/**
* 驗證型別,默認游客
*
* @return
*/
AuthenticationTypeEnum type() default AuthenticationTypeEnum.VISITOR;
}
5.3 用戶背景關系操作類
package com.nobody.context;
import com.nobody.enums.AuthenticationTypeEnum;
import com.nobody.exception.RestAPIError;
import com.nobody.exception.RestException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.Objects;
import java.util.UUID;
/**
* @Description 用戶背景關系操作類
* @Author Mr.nobody
* @Date 2020/10/25
* @Version 1.0
*/
@Component
public class UserContextManager {
private static final String COOKIE_KEY = "__userToken";
// @Autowired
// private RedisService redisService;
/**
* 獲取用戶背景關系資訊
*
* @param request
* @return
*/
public UserContext getUserContext(HttpServletRequest request) {
String userToken = getUserToken(request, COOKIE_KEY);
if (!StringUtils.isEmpty(userToken)) {
// 從快取或者第三方獲取用戶資訊
// String userContextStr = redisService.getString(userToken);
// if (!StringUtils.isEmpty(userContextStr)) {
// return JSON.parseObject(userContextStr, UserContext.class);
// }
// 因為演示,沒集成Redis,故簡單new物件
UserContext userContext = new UserContext();
userContext.setName("Mr.nobody");
userContext.setUserId("0000001");
userContext.setType(AuthenticationTypeEnum.ADMIN);
return userContext;
}
throw new RestException(RestAPIError.AUTH_ERROR);
}
public String getUserToken(HttpServletRequest request, String cookieKey) {
Cookie[] cookies = request.getCookies();
if (null != cookies) {
for (Cookie cookie : cookies) {
if (Objects.equals(cookie.getName(), cookieKey)) {
return cookie.getValue();
}
}
}
return null;
}
/**
* 保存用戶背景關系資訊
*
* @param response
* @param userContextStr
*/
public void saveUserContext(HttpServletResponse response, String userContextStr) {
// 用戶token實際根據自己業務進行生成,此處簡單用UUID
String userToken = UUID.randomUUID().toString();
// 設定cookie
Cookie cookie = new Cookie(COOKIE_KEY, userToken);
cookie.setPath("/");
response.addCookie(cookie);
// redis快取
// redisService.setString(userToken, userContextStr, 3600);
}
}
5.4 方法引數決議器類
package com.nobody.context;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.MethodParameter;
import org.springframework.stereotype.Component;
import org.springframework.web.bind.support.WebDataBinderFactory;
import org.springframework.web.context.request.NativeWebRequest;
import org.springframework.web.method.support.HandlerMethodArgumentResolver;
import org.springframework.web.method.support.ModelAndViewContainer;
import javax.servlet.http.HttpServletRequest;
/**
* @Description 對有UserContext引數的介面,進行攔截注入用戶資訊
* @Author Mr.nobody
* @Date 2020/10/25
* @Version 1.0
*/
@Component
@Slf4j
public class UserContextResolver implements HandlerMethodArgumentResolver {
@Autowired
private UserContextManager userContextManager;
@Override
public Object resolveArgument(MethodParameter parameter, ModelAndViewContainer mavContainer,
NativeWebRequest webRequest, WebDataBinderFactory binderFactory) {
log.info(">>> resolveArgument -- begin...");
HttpServletRequest request = webRequest.getNativeRequest(HttpServletRequest.class);
// 從快取獲取用戶資訊賦值到介面引數中
return userContextManager.getUserContext(request);
}
/**
* 只對UserContext引數進行攔截賦值
*
* @param methodParameter
* @return
*/
@Override
public boolean supportsParameter(MethodParameter methodParameter) {
if (methodParameter.getParameterType().equals(UserContext.class)) {
return true;
}
return false;
}
}
六、測驗驗證
package com.nobody.controller;
import com.alibaba.fastjson.JSON;
import com.nobody.annotation.UserAuthenticate;
import com.nobody.context.UserContext;
import com.nobody.context.UserContextManager;
import com.nobody.enums.AuthenticationTypeEnum;
import com.nobody.pojo.model.GeneralResult;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import javax.servlet.http.HttpServletResponse;
/**
* @Description
* @Author Mr.nobody
* @Date 2020/10/25
* @Version 1.0
*/
@RestController
@RequestMapping("user")
public class UserController {
@Autowired
private UserContextManager userContextManager;
@GetMapping("login")
public GeneralResult<UserContext> doLogin(HttpServletResponse response) {
UserContext userContext = new UserContext();
userContext.setUserId("0000001");
userContext.setName("Mr.nobody");
userContext.setType(AuthenticationTypeEnum.ADMIN);
userContextManager.saveUserContext(response, JSON.toJSONString(userContext));
return GeneralResult.genSuccessResult(userContext);
}
@GetMapping("personal")
@UserAuthenticate(permission = true, type = AuthenticationTypeEnum.ADMIN)
public GeneralResult<UserContext> getPersonInfo(UserContext userContext) {
return GeneralResult.genSuccessResult(userContext);
}
}
啟動服務后,在瀏覽器先呼叫personal介面,因為沒有登錄,所以會報錯沒有權限:
控制臺輸出:
啟動服務后,在瀏覽器先訪問login介面進行登錄,再訪問personal介面,驗證通過,正確回傳用戶資訊:
七、Github專案
專案工程可從Github獲取,https://github.com/LucioChn/springboot-common.git
轉載請註明出處,本文鏈接:https://www.uj5u.com/ruanti/194549.html
標籤:其他