有时候需要某个权限认证是去执行某个方法,在不使用框架的情况下,注解应该比较容易实现,不多说,直接上代码。
不了解注解的可以先去看看自定义注解怎么回事,下边先定义注解
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface Authority {
// String[] role() default {"ADMIN"};
EnumRole role() default ADMIN;//EnumRole 为枚举类型
}
然后我们需要写一个拦截器,逻辑很简单自己看一下就行了
@Slf4j
public class AuthInterceptor implements HandlerInterceptor {
@Autowired
private UserMapper userMapper;
@Override
public boolean preHandle(HttpServletRequest request,
HttpServletResponse response, Object handler) throws Exception {
User user = userMapper.selectById(userId);
String name = "";
if (user != null) {
name = user.getRole().name();
}
log.info("============执行权限验证============");
String name1 = "";
if (handler instanceof HandlerMethod) {
HandlerMethod handlerMethod = (HandlerMethod) handler;
Method method = handlerMethod.getMethod();
Authority authority = method.getAnnotation(Authority.class);
if (authority == null) {
// 如果注解为null, 说明不需要拦截, 直接放过
return true;
}
name1 = authority.role().name();
}
if (!name1.equals(name)) {
// 脱离了Spring MVC的返回流程,重新编码
response.setCharacterEncoding("utf-8");
response.setContentType("application/json;charset=UTF-8");
PrintWriter out = response.getWriter();
out.print("没有权限");
out.flush();
out.close();
return false;
}
return true;
}
@Override
public void postHandle(HttpServletRequest request,
HttpServletResponse response, Object handler,
ModelAndView modelAndView) throws Exception {
}
@Override
public void afterCompletion(HttpServletRequest request,
HttpServletResponse response, Object handler, Exception ex)
throws Exception {
UserContext.clean();
}
}
最后一步就是设置拦截器,
@Slf4j
@Configuration
public class WebConfig implements WebMvcConfigurer {
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(authInterceptor()).addPathPatterns("/**").excludePathPatterns("/auth/login");;
}
@Bean
public AuthInterceptor authInterceptor() {
return new AuthInterceptor();
}
}
就是当我们需要用admin权限的时候,只要打上注解就可以了,如果以后需要其他用户权限,只需要在用户枚举添加对应的角色,拦截器拦截处理就行