版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/nihaoa50/article/details/85245311
1、自定义注解
Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface RoleCheck {
String[] roles() default {};
}
2、注解的实现
@Service
public class RoleCheckInterceptor implements HandlerInterceptor {
@Resource(name = "redisHelper")
private RedisHelper redisHelper;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
if (handler instanceof HandlerMethod) {
HandlerMethod handlerMethod = (HandlerMethod) handler;
Method method = handlerMethod.getMethod();
RoleCheck roleCheck = method.getAnnotation(RoleCheck.class);
if (roleCheck != null) {
String[] roles = roleCheck.roles();//获取方法中设置的权限信息
String userType = redisHelper.getLoginUserType(request);//sessiong中存储了该用户的权限信息
for (String role : roles) {
if (role.equals(userType)) {//判断用户是否有权限访问
return true;
}
}
String unID = redisHelper.getLoginUnID(request);
String port = request.getRequestURI();
throw new BaseException(String.format("用户[%s]请求服务端口时[%s]权限验证失败", unID, port));
}
return true;
}
return true;
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) {
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) {
}
}
3、配置spring boot拦截器
@Configuration
@EnableWebMvc
public class WebMvcConfig extends WebMvcConfigurerAdapter {
@Autowired
private RedisCheckInterceptor redisCheckInterceptor;
/**
* 配置注解拦截器
*/
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(redisCheckInterceptor)
.addPathPatterns("/**");
super.addInterceptors(registry);
}
}
4、添加@RoleCheck注解
Validated
@RestController
@RequestMapping(value = "/user")
public class UserController {
@RoleCheck(roles = {"OWNER"}) //只有权限为“OWNER”的用户才能访问该方法
//@RoleCheck(roles = {"ADMIN", "OWNER"})//表示”OWNER“和"ADMIN"权限的用户可以访问此方法
@GetMapping(value = "/userinfos")
public void getUser( HttpServletRequest request) {
System.out.println("请求controller");
}
利用直接来实现权限管理的代码就完成了。