版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/shenzhen_zsw/article/details/89361066
鉴权流程
UserContext
package com.mooc.house.web.interceptor;
import com.mooc.house.common.model.User;
public class UserContext {
private static final ThreadLocal<User> USER_HODLER = new ThreadLocal<>();
public static void setUser(User user){
USER_HODLER.set(user);
}
public static void remove(){
USER_HODLER.remove();
}
public static User getUser(){
return USER_HODLER.get();
}
}
说明:
1)用于存储用户信息;
AuthInterceptor
package com.mooc.house.web.interceptor;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import com.google.common.base.Joiner;
import com.mooc.house.common.constants.CommonConstants;
import com.mooc.house.common.model.User;
@Component
public class AuthInterceptor implements HandlerInterceptor{
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
Map<String, String[]> map = request.getParameterMap();
map.forEach((k,v) -> {
if (k.equals("errorMsg") || k.equals("successMsg") || k.equals("target")) {
request.setAttribute(k, Joiner.on(",").join(v));
}
});
String reqUri = request.getRequestURI();
if (reqUri.startsWith("/static") || reqUri.startsWith("/error") ) {
return true;
}
HttpSession session = request.getSession(true);
User user = (User)session.getAttribute(CommonConstants.USER_ATTRIBUTE);
if (user != null) {
UserContext.setUser(user);
}
return true;
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
UserContext.remove();
}
}
说明:
1)定义拦截器;
2)获取用户信息存储到ThreadLocal中;
AuthActionInterceptor
package com.mooc.house.web.interceptor;
import java.net.URLEncoder;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import com.mooc.house.common.model.User;
@Component
public class AuthActionInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
User user = UserContext.getUser();
if (user == null) {
String msg = URLEncoder.encode("请先登录","utf-8");
String target = URLEncoder.encode(request.getRequestURL().toString(),"utf-8");
if ("GET".equalsIgnoreCase(request.getMethod())) {
response.sendRedirect("/accounts/signin?errorMsg=" + msg + "&target="+target);
return false;//修复bug,未登录要返回false
}else {
response.sendRedirect("/accounts/signin?errorMsg="+msg);
return false;//修复bug,未登录要返回false
}
}
return true;
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
}
}
说明:
1)验证是否登录;
WebMvcConf
package com.mooc.house.web.interceptor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
@Configuration
public class WebMvcConf extends WebMvcConfigurerAdapter {
@Autowired
private AuthActionInterceptor authActionInterceptor;
@Autowired
private AuthInterceptor authInterceptor;
@Override
public void addInterceptors(InterceptorRegistry registry){
/**
* excludePathPatterns("/static"):排除拦截/static;
* addPathPatterns("/**"):拦截所有
*/
registry.addInterceptor(authInterceptor).excludePathPatterns("/static").addPathPatterns("/**");
/**
* 拦截指定的配置
*/
registry.addInterceptor(authActionInterceptor).addPathPatterns("/house/toAdd")
.addPathPatterns("/accounts/profile").addPathPatterns("/accounts/profileSubmit")
.addPathPatterns("/house/bookmarked").addPathPatterns("/house/del")
.addPathPatterns("/house/ownlist").addPathPatterns("/house/add")
.addPathPatterns("/house/toAdd").addPathPatterns("/agency/agentMsg")
.addPathPatterns("/comment/leaveComment").addPathPatterns("/comment/leaveBlogComment");
super.addInterceptors(registry);
}
}
说明:
1)配置拦截器;
2)excludePathPatterns("/static"):排除拦截
3)addPathPatterns("/**"):拦截所有