1: springmvc configuration file to add interceptors, which have first class treatment course to intercept also write on
<mvc:interceptors>
<mvc:interceptor>
<mvc:mapping path="/**"/>
<bean class="com.kad.authorization.AuthorizationInterceptor" />
</mvc:interceptor>
</mvc:interceptors>
Above path = / ** on behalf of all the folders directory. So in general will be able to intercept all write requests
<Bean class = "com.kad.authorization.AuthorizationInterceptor" /> This process is based intercepted
2: Write @Authorization Interface
It is below a few. This interface later concluded tells the compiler that this is a comment required interfaces, when visitors access to the methods, to bring the top of this annotation, the processing method to intercept these methods annotated to intercept and do related processing
Like visitors to bring a mandatory method of badges @Authorization, step verification do a token, those who do not wear @Authorization, and consistent blocking rules, do not do token validation, practical applications, and other services such as login register is no authentication token course project requirements are not the same. the rule set is not the same
com.kad.authorization Package; Import java.lang.annotation.ElementType; Import java.lang.annotation.Retention; Import java.lang.annotation.RetentionPolicy; Import java.lang.annotation.Target; / * * * In the Controller Notes on using this method, this method when mapping will check whether the user is logged, unknown returns a 401 error * @see com.scienjus.authorization.interceptor.AuthorizationInterceptor * @author ScienJus * @date 2015/7/31. * / @ the Target (ElementType.METHOD) @Retention (RetentionPolicy.RUNTIME) public @interface the Authorization { }
3: In the process a request class processing request @Authorization added annotation, token validation errors generally correct an error return true and false in general is 401
public class AuthorizationInterceptor extends HandlerInterceptorAdapter { @Resource private TokenManager manager; public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { //如果不是映射到方法直接通过 if (!(handler instanceof HandlerMethod)) { return true; } HandlerMethod handlerMethod = (HandlerMethod) handler; Method method =handlerMethod.getMethod (); // if the indicated @authorization, verification is required to verify returns an error 401 IF (method.getAnnotation (the Authorization. class ) =! null {) // get token from the header String authorization = request .getParameter ( "username"); // .getHeader (Constants.AUTHORIZATION); // authentication token TokenModel Model = manager.getToken (Authorization); // not the next visit, skip String name = handlerMethod.getBeanType ( ) .getPackage (.) getName (); / * IF (name.contains ( "com.kad.app.action.user")) { to true return; } * / IF (manager.checkToken (Model)) { // If the token verification is successful, the token corresponding to the user id in the presence of request, to facilitate the after injection request.setAttribute (Constants.CURRENT_USER_ID, model.getUserId ()) ; return to true ; } the else { response.setStatus (HttpServletResponse.SC_UNAUTHORIZED); return to false ; } } return to true ; } }
test
@Authorization @RequestMapping (value = "/ AuthTest" ) public void the Test (username String, String password) { Userinfo _uresinfo = null ; String gsonString = null ;
client request processing method for processing first-interceptor it, directly if it is false returns, if correct will jump to this in the Test methods