spring boot注解实现权限控制

版权声明：本文为博主原创文章，未经博主允许不得转载。 https://blog.csdn.net/nihaoa50/article/details/85245311

1、自定义注解

Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface RoleCheck {
    String[] roles() default {};
}

2、注解的实现

@Service
public class RoleCheckInterceptor implements HandlerInterceptor {

    @Resource(name = "redisHelper")
    private RedisHelper redisHelper;

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        if (handler instanceof HandlerMethod) {
            HandlerMethod handlerMethod = (HandlerMethod) handler;
            Method method = handlerMethod.getMethod();
            RoleCheck roleCheck = method.getAnnotation(RoleCheck.class);
            if (roleCheck != null) {
                String[] roles = roleCheck.roles();//获取方法中设置的权限信息
                String userType = redisHelper.getLoginUserType(request);//sessiong中存储了该用户的权限信息

                for (String role : roles) {
                    if (role.equals(userType)) {//判断用户是否有权限访问
                        return true;
                    }
                }
                String unID = redisHelper.getLoginUnID(request);
                String port = request.getRequestURI();
                throw new BaseException(String.format("用户[%s]请求服务端口时[%s]权限验证失败", unID, port));
            }
            return true;
        }
        return true;
    }
    @Override
    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) {
    }
    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) {
    }
}

3、配置spring boot拦截器

@Configuration
@EnableWebMvc
public class WebMvcConfig extends WebMvcConfigurerAdapter {
   @Autowired
    private RedisCheckInterceptor redisCheckInterceptor;
    /**
     * 配置注解拦截器
     */
    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        registry.addInterceptor(redisCheckInterceptor)
                .addPathPatterns("/**");
        super.addInterceptors(registry);
    }
}

4、添加@RoleCheck注解

Validated
@RestController
@RequestMapping(value = "/user")
public class UserController {

    @RoleCheck(roles = {"OWNER"}) //只有权限为“OWNER”的用户才能访问该方法
    //@RoleCheck(roles = {"ADMIN", "OWNER"})//表示”OWNER“和"ADMIN"权限的用户可以访问此方法
    @GetMapping(value = "/userinfos")
    public void getUser( HttpServletRequest request) {
        System.out.println("请求controller");
    }

利用直接来实现权限管理的代码就完成了。