1.创建自定义注解
单独新建一个注解类RequiredPermission

@Target({ElementType.TYPE, ElementType.METHOD})
@Retention(RetentionPolicy.RUNTIME)
@Inherited
@Documented
public @interface RequiredPermission {
    String value();
}

2.检查权限
新建一个类SecurityInterceptor

public class SecurityInterceptor implements HandlerInterceptor {
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        // 验证权限
        if (this.hasPermission(handler)) {
            return true;
        }
        // 如果没有权限 则抛403异常
        response.sendError(HttpStatus.FORBIDDEN.value(), "无权限");
        return false;
    }
    private boolean hasPermission(HttpServletRequest request, HttpServletResponse response, Object handler) {
        if (handler instanceof HandlerMethod) {
            HandlerMethod handlerMethod = (HandlerMethod) handler;
            // 获取方法上的注解
            RequiredPermission requiredPermission = handlerMethod.getMethod().getAnnotation(RequiredPermission.class);
            // 如果方法上的注解为空 则获取类的注解
            if (requiredPermission == null) {
                requiredPermission = handlerMethod.getMethod().getDeclaringClass().getAnnotation(RequiredPermission.class);
            }
            // 如果标记了注解,则判断权限
            if (requiredPermission != null) {
                // 此处添加不被拦截的条件(比如用户已登录等)
                if(  ){
                    return true;
                }
                return false;
            }
        }
        return true;
    }
}

3.配置拦截器
新建一个配置类,把想要拦截和排除的路径加进去即可

@Configuration
public class MVCConfig extends WebMvcConfigurationSupport {
    @Bean
    public SecurityInterceptor securityInterceptor() {
        return new SecurityInterceptor();
    }

    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        registry.addInterceptor(securityInterceptor())
                //排除路径
                .excludePathPatterns("/static/*")
                .excludePathPatterns("/error")
                .excludePathPatterns("/login")
                .excludePathPatterns("/register")
                //添加拦截路径
                .addPathPatterns("/usercenter/**")
                .addPathPatterns("/comment/cascade/**")
                .addPathPatterns("/articles/type/**")
                .addPathPatterns("/article/page/**");
    }
}

记得在想要拦截的路径实现上加注解@RequiredPermission


版权声明:本文为qq_34623223原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
原文链接:https://blog.csdn.net/qq_34623223/article/details/100512814