1. HandlerInterceptorAdapter
这个类是由SpringMVC 提供的一个适配器,只需要继承他就非常容易的实现自定义的拦截器.
HandlerInterceptorAdapter 中有四个方法
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
//在业务处理器处理请求之前被调用。预处理,可以进行编码、安全控制等处理;
return true;//返回true指的是进入下一个拦截器
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
@Nullable ModelAndView modelAndView) throws Exception {
//在业务处理器处理请求执行完成后,生成视图之前执行。后处理(调用了Service并返回ModelAndView,
//但未进行页面渲染),有机会修改ModelAndView;
}
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler,
@Nullable Exception ex) throws Exception {
//在DispatcherServlet完全处理完请求后被调用,可用于清理资源等。返回处理(已经渲染了页面),
//可以根据ex是否为null判断是否发生了//异常,进行日志记录;
}
public void afterConcurrentHandlingStarted(HttpServletRequest request, HttpServletResponse response,
Object handler) throws Exception {
//这个暂时还不知道 我正在研究 看方法名相识于并发有关
}
2. 在SpringBoot中使用
- 继承HandlerInterceptorAdaptery编写上面3个函数(需要哪个编写哪个)
- 通过Bean注入器吧HandlerInterceptorAdaptery注入
第一步
public class AdminInterceptor extends HandlerInterceptorAdapter {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
Login annotation;
if(handler instanceof HandlerMethod) {
annotation = ((HandlerMethod) handler).getMethodAnnotation(Login.class);
}else{
return true;
}
if(annotation == null){
return true;
}
//获取用户凭证
String token = request.getHeader(jwtUtils.getHeader());
if(StringUtils.isBlank(token)){
token = request.getParameter(jwtUtils.getHeader());
}
//凭证为空
if(StringUtils.isBlank(token)){
throw new RRException(jwtUtils.getHeader() + "不能为空", HttpStatus.UNAUTHORIZED.value());
}
Claims claims = jwtUtils.getClaimByToken(token);
if(claims == null || jwtUtils.isTokenExpired(claims.getExpiration())){
throw new RRException(jwtUtils.getHeader() + "失效,请重新登录", HttpStatus.UNAUTHORIZED.value());
}
//设置userId到request里,后续根据userId,获取用户信息
request.setAttribute("userId", Long.parseLong(claims.getSubject()));
return true;
}
}
第二步 配置全局配置文件,注入bean
@Configuration
public class WebSecurityConfig extends WebMvcConfigurerAdapter {
@Bean
public AdminInterceptor getSecurityInterceptor() {
return new AdminInterceptor();
}
/** 添加拦截器 **/
@Override
public void addInterceptors(InterceptorRegistry registry) {
InterceptorRegistration addInterceptor = registry.addInterceptor(getSecurityInterceptor());
// 排除配置
addInterceptor.excludePathPatterns("/error");
addInterceptor.excludePathPatterns("/login**");
// 拦截配置
addInterceptor.addPathPatterns("/**");
}
}
打赏