首先,spring boot需要添加web的依赖,因为是基于web的拦截(拦截controller):
自定义权限注解:
package com.hf.mypractice.annocation;
import java.lang.annotation.*;
/**
* @Description: 定义权限注解
* @Date: 2019/1/11
* @Auther: wm yu
*/
@Target({ElementType.METHOD,ElementType.TYPE}) //ElementType.METHOD:注解作用在方法 ElementType.TYPE:作用于类、接口、枚举,但不能是注解
@Retention(RetentionPolicy.RUNTIME)
@Inherited //可以被继承 ,作用在父类上面,其子类有该注解的作用
@Documented //将此注解包含在 javadoc 中 ,它代表着此注解会被javadoc工具提取成文档。在doc文档中的内容会因为此注解的信息内容不同而不同。
public @interface UserAuthority {
String name() default "yu";
String password();
}
自定义拦截器:
package com.hf.mypractice.intercept;
import com.hf.mypractice.annocation.UserAuthority;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringUtils;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* @Description: 权限校验拦截器
* @Date: 2019/1/11
* @Auther: wm yu
*/
@Slf4j
public class UserAuthorityInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
//获取类上面的拦截
if(handler instanceof HandlerMethod){
HandlerMethod handlerMethod = (HandlerMethod)handler;
//获取进入拦截的方法的类
Class<?> clzz = handlerMethod.getMethod().getDeclaringClass();
String name = null;
String password = null;
boolean hasAuthority = false;
/**
* 类上面含有注解,判断方法上面是否有注解,取值以方法上面的注解为准
*/
//获取到指定的注解
UserAuthority clzzAnno = clzz.getAnnotation(UserAuthority.class);
if(null == clzzAnno){
//类上面没有指定注解,查看方法上面是否有注解
UserAuthority methodAnnotation = handlerMethod.getMethodAnnotation(UserAuthority.class);
if(null == methodAnnotation){
log.error("类和方法上面都没有@UserAuthority注解");
return false;
}
//获取注解的值
name = methodAnnotation.name();
password = methodAnnotation.password();
if(password.isEmpty()){
throw new NullPointerException("password can not be " + password);
}
hasAuthority = ("yu".equals(name) && "123".equals(password)) || ("ming".equals(name) && "123".equals(password));
if(hasAuthority){
log.info("welcome to login,you enter name:" + name + "......,password:" + password);
return true;
}
}else{
//获取注解的值
name = clzzAnno.name();
password = clzzAnno.password();
//类上有UserAuthority注解,判断方法上面是有该注解
UserAuthority methodAnnotation = handlerMethod.getMethodAnnotation(UserAuthority.class);
if(null != methodAnnotation){
log.info("类上面有注解,方法上面也有注解....");
name = methodAnnotation.name();
password = methodAnnotation.password();
}
//验证权限
if(StringUtils.isEmpty(password) || StringUtils.isBlank(password)){
throw new NullPointerException("password can not be " + password);
}
hasAuthority = ("yu".equals(name) && "123".equals(password)) || ("ming".equals(name) && "123".equals(password));
//比对
if(hasAuthority){
log.info("welcome to login,you enter name:" + name + "......,password:" + password);
return true;
}else{
log.error("你的账号name:" + name + ",密码,password:" + password + ",没有权限!");
return false;
}
}
}
log.error("你没有权限....");
return false;
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) {
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) {
}
}
因为拦截器没有使用xml的方式来配置,所以需要定义一个配置类来配置拦截器:
package com.hf.mypractice.config;
import com.hf.mypractice.intercept.UserAuthorityInterceptor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport;
/**
* @Description: web配置,拦截器配置生效
* @Date: 2019/1/19
* @Auther: wm yu
*/
@Slf4j
@Configuration
public class WebConfiguration extends WebMvcConfigurationSupport {
/**添加拦截器配置,不使用xml文件**/
@Override
protected void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(new UserAuthorityInterceptor()).addPathPatterns("/**");
log.info("配置拦截器.....");
super.addInterceptors(registry);
}
}
controller测试:
package com.hf.mypractice.controller;
import com.hf.mypractice.annocation.UserAuthority;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RestController;
/**
* @Description:
* @Date: 2019/1/21
* @Auther: wm yu
*/
@RestController
@UserAuthority(name = "111",password = "123")
public class UserController {
@UserAuthority(name = "111",password = "123")
@GetMapping("/user/info")
public String getUserInfo(){
return "yu";
}
@GetMapping("/user/info/{name}")
@UserAuthority(name = "yu",password = "123")
public String getUserInfo2(@PathVariable String name){
return "name is " + name;
}
}