1.创建自定义注解
单独新建一个注解类RequiredPermission
@Target({ElementType.TYPE, ElementType.METHOD})
@Retention(RetentionPolicy.RUNTIME)
@Inherited
@Documented
public @interface RequiredPermission {
String value();
}
2.检查权限
新建一个类SecurityInterceptor
public class SecurityInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
// 验证权限
if (this.hasPermission(handler)) {
return true;
}
// 如果没有权限 则抛403异常
response.sendError(HttpStatus.FORBIDDEN.value(), "无权限");
return false;
}
private boolean hasPermission(HttpServletRequest request, HttpServletResponse response, Object handler) {
if (handler instanceof HandlerMethod) {
HandlerMethod handlerMethod = (HandlerMethod) handler;
// 获取方法上的注解
RequiredPermission requiredPermission = handlerMethod.getMethod().getAnnotation(RequiredPermission.class);
// 如果方法上的注解为空 则获取类的注解
if (requiredPermission == null) {
requiredPermission = handlerMethod.getMethod().getDeclaringClass().getAnnotation(RequiredPermission.class);
}
// 如果标记了注解,则判断权限
if (requiredPermission != null) {
// 此处添加不被拦截的条件(比如用户已登录等)
if( ){
return true;
}
return false;
}
}
return true;
}
}
3.配置拦截器
新建一个配置类,把想要拦截和排除的路径加进去即可
@Configuration
public class MVCConfig extends WebMvcConfigurationSupport {
@Bean
public SecurityInterceptor securityInterceptor() {
return new SecurityInterceptor();
}
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(securityInterceptor())
//排除路径
.excludePathPatterns("/static/*")
.excludePathPatterns("/error")
.excludePathPatterns("/login")
.excludePathPatterns("/register")
//添加拦截路径
.addPathPatterns("/usercenter/**")
.addPathPatterns("/comment/cascade/**")
.addPathPatterns("/articles/type/**")
.addPathPatterns("/article/page/**");
}
}
记得在想要拦截的路径实现上加注解@RequiredPermission
版权声明:本文为qq_34623223原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。