import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@Configuration
public class InterceptorAdapter implements WebMvcConfigurer {
@Autowired
private UserLoginInterceptor userLoginInterceptor;
@Autowired
private WhiteListConfig whiteListConfig;
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(userLoginInterceptor)
.addPathPatterns("/api/**")
.excludePathPatterns(whiteListConfig.getWhiteList());
}
}
import lombok.Data;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.stereotype.Component;
import java.util.List;
@Data
@Component
@ConfigurationProperties("base.custom")
public class WhiteListConfig {
/**
* 白名单
*/
private List<String> whiteList;
}
application.yml文件
base:
custom:
# 白名单无需登陆
whiteList:
- /swagger-ui.html
- /v2/**
- /doc.html
- /swagger-resources/**
- /api/sys/login
@Target({ElementType.METHOD, ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
public @interface LoginIgnore {
}
import org.apache.commons.lang3.StringUtils;
import org.redisson.api.RedissonClient;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.lang.annotation.Annotation;
import java.util.Arrays;
@Component
public class UserLoginInterceptor implements HandlerInterceptor {
@Autowired
private RedissonClient redissonClient;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
// 登录访问权限控制
if (!(handler instanceof HandlerMethod)) {
return false;
}
HandlerMethod method = (HandlerMethod) handler;
LoginIgnore loginAnnotation = method.getMethodAnnotation(LoginIgnore.class);
// 方法上有注解,说明不需要登录即可访问
if (loginAnnotation != null) {
return true;
}
// 如果method上没取到login, 对类的注解做判断
Annotation[] annotations = method.getBeanType().getAnnotations();
boolean isIgnore = Arrays.stream(annotations).anyMatch(e -> e.annotationType().equals(LoginIgnore.class));
if (isIgnore) {
return true;
}
UserLoginInfo userLoginInfo = // 从redis中获取用户登录信息;
// 获取用户信息
if (userLoginInfo == null) {
throw new BizException(BizCode.NO_LOGIN);
}
// 校验用户权限信息
// ...
request.setAttribute(AuthConstant.ADMIN_TOKEN, userLoginInfo);
return true;
}
}
import lombok.extern.slf4j.Slf4j;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.Objects;
@Slf4j
public class AuthUtil {
private AuthUtil() {
// 工具类私有构造方法
}
public static HttpServletRequest getRequest() {
return ((ServletRequestAttributes) Objects.requireNonNull(RequestContextHolder.getRequestAttributes())).getRequest();
}
public static HttpServletResponse getResponse() {
return ((ServletRequestAttributes) Objects.requireNonNull(RequestContextHolder.getRequestAttributes())).getResponse();
}
/**
* 从request获取用户信息
* @return
*/
public static UserLoginInfo getUserInfo(){
UserLoginInfo userLoginInfo = (UserLoginInfo)getRequest().getAttribute(AuthConstant.ADMIN_TOKEN);
if(userLoginInfo ==null){
LoggerUtil.error(log,"无法获取用户信息");
throw new BizException(BaseCode.LOGIN_INVALID.getCode(), "登录失效,请重新登录");
}
return userLoginInfo;
}
}
public class UserLoginInfo extends UserPermission implements Serializable {
private String userAccount;
public UserLoginInfo() {
}
public String getUserAccount() {
return this.userAccount;
}
public void setUserAccount(final String userAccount) {
this.userAccount = userAccount;
}
}
