foreword
Suppose we have the following requirements: 
how do we achieve it? Add authentication annotations to each interface? Handwritten global interceptor? Neither seems very convenient.
What we really need in this requirement is an authentication mode based on route interception, so how to implement route interception authentication in sa-token?
How to use
1. Register a route interceptor
Taking springboot2.0 as an example, create a new configuration class MySaTokenConfig.java
@Configuration
public class MySaTokenConfig implements WebMvcConfigurer {
// 注册sa-token的登录拦截器
@Override
public void addInterceptors(InterceptorRegistry registry) {
// 注册登录拦截器,并排除登录接口地址
registry.addInterceptor(new SaRouteInterceptor()).addPathPatterns("/**").excludePathPatterns("/user/doLogin");
}
}
In the above code, we have registered a login authentication interceptor and excluded the /user/doLogin interface from being used to open logins
. So how do we perform authorization authentication interception, and look down
2. All interceptor examples
@Configuration
public class MySaTokenConfig implements WebMvcConfigurer {
// 注册sa-token的所有拦截器
@Override
public void addInterceptors(InterceptorRegistry registry) {
// 注册一个登录验证拦截器
registry.addInterceptor(SaRouteInterceptor.createLoginVal()).addPathPatterns("/**").excludePathPatterns("/user/doLogin");
// 注册一个角色认证拦截器
registry.addInterceptor(SaRouteInterceptor.createRoleVal("super-admin")).addPathPatterns("/**");
// 注册一个权限认证拦截器
registry.addInterceptor(SaRouteInterceptor.createPermissionVal("user:add", "user:deelete")).addPathPatterns("/UserController/**");
// 注册一个自定义认证拦截器 (可以写任意认证代码)
registry.addInterceptor(new SaRouteInterceptor((request, response, handler)->{
System.out.println("---------- 进入自定义认证 --------------- ");
// 你可以在这里写任意认证代码, 例如: StpUtil.checkLogin();
})).addPathPatterns("/**");
}
}
(You don't have to register all interceptors like in the example above, just register on demand)
3. Let's do something merry with a custom interceptor
You can divide modules according to routes, and different modules have different authentication
@Configuration
public class MySaTokenConfig implements WebMvcConfigurer {
// 注册sa-token的所有拦截器
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(new SaRouteInterceptor((request, response, handler)->{
// 根据路由划分模块,不同模块不同鉴权
SaRouterUtil.match("/user/**", () -> StpUtil.checkPermission("user"));
SaRouterUtil.match("/admin/**", () -> StpUtil.checkPermission("admin"));
SaRouterUtil.match("/goods/**", () -> StpUtil.checkPermission("goods"));
SaRouterUtil.match("/orders/**", () -> StpUtil.checkPermission("orders"));
SaRouterUtil.match("/notice/**", () -> StpUtil.checkPermission("notice"));
SaRouterUtil.match("/comment/**", () -> StpUtil.checkPermission("comment"));
})).addPathPatterns("/**");
}
}
4. Complete example
The final code might look something like this:
@Configuration
public class MySaTokenConfig implements WebMvcConfigurer {
// 注册sa-token的拦截器
@Override
public void addInterceptors(InterceptorRegistry registry) {
// 自定义验证拦截器
registry.addInterceptor(new SaRouteInterceptor((request, response, handler) -> {
// 登录验证 -- 拦截所有路由,并排除/user/doLogin 用于开放登录
SaRouterUtil.match("/**", "/user/doLogin", () -> StpUtil.checkLogin());
// 角色认证 -- 拦截以 admin 开头的路由,必须具备[admin]角色或者[super-admin]角色才可以通过认证
SaRouterUtil.match("/admin/**", () -> StpUtil.checkRoleOr("admin", "super-admin"));
// 权限认证 -- 不同模块, 校验不同权限
SaRouterUtil.match("/user/**", () -> StpUtil.checkPermission("user"));
SaRouterUtil.match("/admin/**", () -> StpUtil.checkPermission("admin"));
SaRouterUtil.match("/goods/**", () -> StpUtil.checkPermission("goods"));
SaRouterUtil.match("/orders/**", () -> StpUtil.checkPermission("orders"));
SaRouterUtil.match("/notice/**", () -> StpUtil.checkPermission("notice"));
SaRouterUtil.match("/comment/**", () -> StpUtil.checkPermission("comment"));
// 匹配RESTful风格路由
SaRouterUtil.match("/article/get/{id}", () -> StpUtil.checkPermission("article"));
})).addPathPatterns("/**");
}
}
JAVA copy full screen