- 配置拦截器及参数解析器
package org.jeecg.modules.yiqing.config;
import org.jeecg.modules.yiqing.common.interceptor.AuthInterceptor;
import org.jeecg.modules.yiqing.common.resolver.CurrentUserMethodArgumentResolver;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.method.support.HandlerMethodArgumentResolver;
import org.springframework.web.servlet.config.annotation.InterceptorRegistration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import java.util.List;
@Configuration
public class AppAuthConfiguration implements WebMvcConfigurer {
//关键,将拦截器作为bean写入配置中
@Bean
public AuthInterceptor getSecurityInterceptor() {
return new AuthInterceptor();
}
@Override
public void addInterceptors(InterceptorRegistry registry) {
// 注册拦截器
InterceptorRegistration ir = registry.addInterceptor(getSecurityInterceptor());
// 配置拦截的路径
ir.addPathPatterns("/**");
// 配置不拦截的路径
ir.excludePathPatterns("**/doc.html");
//ir.excludePathPatterns("**/**");
// 还可以在这里注册其它的拦截器
//registry.addInterceptor(new AppAuthInterceptor()).addPathPatterns("/api/**");
}
@Override
public void addArgumentResolvers(List<HandlerMethodArgumentResolver> argumentResolvers) {
argumentResolvers.add(currentUserMethodArgumentResolver());
}
@Bean
public CurrentUserMethodArgumentResolver currentUserMethodArgumentResolver() {
return new CurrentUserMethodArgumentResolver();
}
}
- 拦截器
package org.jeecg.modules.yiqing.common.interceptor;
import com.xkcoding.http.util.StringUtil;
import lombok.extern.slf4j.Slf4j;
import org.jeecg.common.system.vo.LoginUser;
import org.jeecg.common.util.TokenUtils;
import org.jeecg.config.shiro.ShiroRealm;
import org.jeecg.modules.yiqing.common.annotation.IgnoreSecurity;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.lang.reflect.Method;
@Slf4j
@Component
public class AuthInterceptor extends HandlerInterceptorAdapter {
@Autowired
private ShiroRealm shiroRealm;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
// 如果不是映射到方法直接通过
if (!(handler instanceof HandlerMethod)) {
return true;
}
HandlerMethod handlerMethod = (HandlerMethod) handler;
Method method = handlerMethod.getMethod();
String requestPath = request.getRequestURI();
log.info("Method: " + method.getName() + ", IgnoreSecurity: " + method.isAnnotationPresent(IgnoreSecurity.class));
log.info("requestPath: " + requestPath);
if (requestPath.contains("/v2/api-docs") || requestPath.contains("/swagger") || requestPath.contains("/configuration/ui")) {
return true;
}
if (requestPath.contains("/sys/common/static/logs/")){
return true;
}
if (requestPath.contains("/error")) {
return true;
}
if (requestPath.contains("/sys/login")) {
return true;
}
if (requestPath.contains("/randomImage")){
return true;
}
if (method.isAnnotationPresent(IgnoreSecurity.class)) {
return true;
}
//String token = request.getHeader("ACCESS_TOKEN");
String token = TokenUtils.getTokenByRequest(request);
log.debug("token: " + token);
if (StringUtil.isEmpty(token)) {
throw new Exception("无效token");
}
LoginUser loginUser = shiroRealm.checkUserTokenIsEffect(token);
request.setAttribute("currentUser", loginUser);
return true;
}
}
3.参数解析器
package org.jeecg.modules.yiqing.common.resolver;
import org.jeecg.common.system.vo.LoginUser;
import org.jeecg.modules.yiqing.common.annotation.CurrentUser;
import org.springframework.core.MethodParameter;
import org.springframework.web.bind.support.WebDataBinderFactory;
import org.springframework.web.context.request.NativeWebRequest;
import org.springframework.web.context.request.RequestAttributes;
import org.springframework.web.method.support.HandlerMethodArgumentResolver;
import org.springframework.web.method.support.ModelAndViewContainer;
import org.springframework.web.multipart.support.MissingServletRequestPartException;
public class CurrentUserMethodArgumentResolver implements HandlerMethodArgumentResolver {
@Override
public boolean supportsParameter(MethodParameter parameter) {
return parameter.getParameterType().isAssignableFrom(LoginUser.class) && parameter.hasParameterAnnotation(CurrentUser.class);
}
@Override
public Object resolveArgument(MethodParameter parameter, ModelAndViewContainer mavContainer, NativeWebRequest webRequest, WebDataBinderFactory binderFactory) throws Exception {
LoginUser loginUser = (LoginUser) webRequest.getAttribute("currentUser", RequestAttributes.SCOPE_REQUEST);
if (loginUser != null) {
return loginUser;
}
throw new MissingServletRequestPartException("currentUser");
}
}
4.CurrentUser注解
package org.jeecg.modules.yiqing.common.annotation;
import java.lang.annotation.*;
@Target(ElementType.PARAMETER)
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface CurrentUser {
}
网友评论