本文已参与「新人创作礼」活动,一起开启掘金创作之路。 1.src/main/java/com/pgmsg/interceptor/AuthHandlerInterceptor.java `
package com.pgmsg.interceptor;
import com.pgmsg.pojo.BackendAdmin;
import com.pgmsg.pojo.BackendAuth;
import com.pgmsg.pojo.BackendRole;
import com.pgmsg.pojo.BackendRoleAuth;
import com.pgmsg.service.backend.impl.AdminServiceImpl;
import com.pgmsg.service.backend.impl.AuthServiceImpl;
import com.pgmsg.service.backend.impl.RoleAuthServiceImpl;
import com.pgmsg.service.backend.impl.RoleServiceImpl;
import com.pgmsg.util.ToolUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.HashMap;
@Configuration
public class AuthHandlerInterceptor implements HandlerInterceptor {
@Autowired
AuthServiceImpl authService;
@Autowired
RoleAuthServiceImpl roleAuthService;
@Autowired
AdminServiceImpl adminService;
@Autowired
RoleServiceImpl roleService;
private static final String[] WHITE_PATH_LIST = {"/backend/admin/login", "/error", "/upload"};
//权限对应code 对应数组下标 (二进制数转数组然后数组反转)
private static final HashMap<String, Integer> AUTHS = new HashMap<>() {
{
put("GET", 0);
put("POST", 1);
put("PUT", 2);
put("DELETE", 3);
}
};
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
/*
* 实际上发送了两次请求,第一次为OPTIONS请求,第二次才GET/POST...请求
在OPTIONS请求中,不会携带请求头的参数,所以在拦截器上获取请求头为空,自定义的拦截器拦截成功
*/
if (HttpMethod.OPTIONS.toString().equals(request.getMethod())) {
System.out.println("OPTIONS请求,放行");
return true;
}
// int[] permissions = {0, 0, 0, 0, 0, 0, 0, 0};
String method = request.getRequestURI();
String type = request.getMethod();
String token = request.getHeader("X-Token");
System.out.println(method + "->进入权限拦截");
//判断操作是否需要鉴权(接口不在白名单之内)
if (!ToolUtil.inArray(WHITE_PATH_LIST, method)) {
if (token == null) {
HashMap<String, String> map = new HashMap<>() {
{
put("status", "500");
put("msg", "请先登录");
}
};
ToolUtil.getJson(response, map);
return false;
}
BackendAdmin admin = adminService.getAdminByToken(token);
if (admin.getId() != 1) {
//获取对应的权限 然后判断
BackendAuth auth = authService.getByName(method);
if (auth == null) {
HashMap<String, String> map = new HashMap<>() {
{
put("status", "500");
put("msg", "暂无权限访问(后台没有添加该权限)");
}
};
ToolUtil.getJson(response, map);
return false;
}
if (admin.getRoleId() == null) {
HashMap<String, String> map = new HashMap<>() {
{
put("status", "500");
put("msg", "暂无权限访问(用户未设置角色)");
}
};
ToolUtil.getJson(response, map);
return false;
}
BackendRole role = roleService.getById(admin.getRoleId());
//查询
BackendRoleAuth roleAuth = roleAuthService.getByRoleAndAuth(role, auth);
if (roleAuth == null) {
HashMap<String, String> map = new HashMap<>() {
{
put("status", "500");
put("msg", "暂无权限访问!!");
}
};
ToolUtil.getJson(response, map);
return false;
}
Long code = roleAuth.getAuthCode();
String binary = new StringBuffer(Long.toBinaryString(code)).reverse().toString();
// for (int i = 0; i < binary.length(); i++) {
// permissions[i] = Integer.parseInt(binary.substring(i, i + 1));
// }
//权限数字作为数组下标
int requireAuth = AUTHS.get(type);
//判断权限的下标是否是1 不是则无权限
if (Integer.parseInt(binary.substring(requireAuth, requireAuth + 1)) == 0) {
HashMap<String, String> map = new HashMap<>() {
{
put("status", "500");
put("msg", "暂无权限访问!");
}
};
ToolUtil.getJson(response, map);
return false;
}
System.out.println("binary" + binary);
}
}
return true;
}
}
2.src/main/java/com/pgmsg/config/WebConfig.java
package com.pgmsg.config;
import com.pgmsg.interceptor.AuthHandlerInterceptor;
import com.pgmsg.interceptor.LoginHandlerInterceptor;
import org.jetbrains.annotations.NotNull;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport;
@Configuration
@Component
public class WebConfig extends WebMvcConfigurationSupport {
String[] excludes = new String[]{"/*.html", "/html/**", "/js/**", "/css/**", "/images/**","/common/**","/api/**","/collect/**"};
/*此处的 addInterceptors 里面的 registry.addInterceptor() 参数直接写 上面 serBean2() 这样才注入的进去,才是从 spring 容器里面取得*/
@Bean
public AuthHandlerInterceptor setBean2(){
System.out.println("注入了handler");
return new AuthHandlerInterceptor();
}
@Override
public void addInterceptors(@NotNull InterceptorRegistry registry) {
//注入handler
registry.addInterceptor(new LoginHandlerInterceptor()).addPathPatterns("/**").excludePathPatterns(excludes);
registry.addInterceptor(setBean2()).addPathPatterns("/**").excludePathPatterns(excludes);
//所有请求都被拦截包括静态资源
}
}
`
