pringboot使用AOP拦截器拦截验证,然后使用handle

定义AOP类

package com.chan.wechatshop.aspect;

import com.chan.wechatshop.exception.SellerAuthorizeException;
import com.chan.wechatshop.utils.CookieConstant;
import com.chan.wechatshop.utils.CookieUtil;
import lombok.extern.slf4j.Slf4j;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.aspectj.lang.annotation.Pointcut;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;

/**
 * 验证用户权限的AOP
 */
@Aspect
@Component
@Slf4j
public class SellerAuthorizeAspect {

    @Autowired
    private StringRedisTemplate redisTemplate;

    /**
     *定义要切入的controller
     * 和排除不要验证的controller
     */
    @Pointcut("execution(public * com.chan.wechatshop.controller.Seller*.*(..))" +
    "&& !execution(public * com.chan.wechatshop.controller.SellerUserInfoController.*(..))")
    public void vertify(){}

    /**
     * 定义在切入点之前执行这个方法
     */
    @Before("vertify()")
    public void doVertify(){
        ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
        HttpServletRequest request = attributes.getRequest();

        //查询cookie
        Cookie cookie = CookieUtil.get(request, CookieConstant.LOGIN_TOKEN_COOKIE_NAME);
        if(null == cookie){
            log.info("[登录校验] Cookie中查不到token");
            throw new SellerAuthorizeException();
        }

        //去redis里查
        String tokenValue = redisTemplate.opsForValue().get(cookie.getValue());

        if(StringUtils.isEmpty(tokenValue)){
            log.info("[登录校验] Redis中查不到token");
            throw new SellerAuthorizeException();//自定义的异常类
        }

    }

}

上面切入点验证不通过的时候会抛一个SellerAuthorizeException异常,我们要把这个异常catch住

定义一个SellerAuthorizeException extend RuntimeException

里面啥也没写,然后再定义一个SellerExceptionHandler,里面拦截出这个异常,并使用ModelAndView跳转到某个页面

package com.chan.wechatshop.handler;

import com.chan.wechatshop.config.ProjectUrl;
import com.chan.wechatshop.exception.SellerAuthorizeException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.ControllerAdvice;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.servlet.ModelAndView;

@ControllerAdvice
public class SellerExceptionHandler {

    @Autowired
    private ProjectUrl projectUrl;

    //拦截登录异常
    @ExceptionHandler(value = SellerAuthorizeException.class)
    public ModelAndView handlerSellerAuthorizeException(){
        //跳到条码登录的地址,因为这里借用了别人的资质,所以是别人获取code后重定向给我们这个state = returnUrl
        //别人根据state把code重定向给我们自己
        //http://felixchan.natapp1.cc/wechat/qrAuthorize?returnUrl=http://felixchan.natapp1.cc/wechat/qrUserInfo
        return new ModelAndView("redirect:"
                .concat(projectUrl.getWechatOpenAuthorize())
                .concat("/wechat/qrAuthorize")
                .concat("?returnUrl=")
                .concat(projectUrl.getSell())
                .concat("/wechat/qrUserInfo"));
    }

}

如果全部异常处理返回json，那么可以使用 @RestControllerAdvice 代替 @ControllerAdvice ，这样在方法上就可以不需要添加 @ResponseBody。

@RestControllerAdvice
public class LogicExceptionHandler {

    @ExceptionHandler(value = LogicException.class)
    public HttpBaseResponseDTO handlerLogicException() {
        return new HttpBaseResponseDTO("error","登录检验不通过");
    }
}