权限校验拦截器
package com.meritdata.cloud.base.interceptor; import java.io.IOException; import java.io.PrintWriter; import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import com.alibaba.fastjson.JSONObject; import com.alibaba.fastjson.TypeReference; import com.google.gson.Gson; import com.meritdata.cloud.base.util.HttpServletRequestReader; import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Component; import org.springframework.util.ObjectUtils; import org.springframework.web.servlet.HandlerInterceptor; import org.springframework.web.servlet.ModelAndView; import com.alibaba.fastjson.JSON; import com.meritdata.cloud.base.config.YmWebMvcConfigure; import com.meritdata.cloud.redis.operator.RedisOperatorClient; @Component public class UserLoginHandlerInterceptor implements HandlerInterceptor { @Value("${user.redis.tokenExpireTime}") private long tokenExpireTime; private static final Logger logger = LoggerFactory.getLogger(UserLoginHandlerInterceptor.class); @Autowired private RedisOperatorClient redisOperator; public static final String AUTHORIZATION_TOKEN = "AUTHORIZATION_TOKEN"; //白名单 List<String> openApiUrls = new ArrayList<>(); public UserLoginHandlerInterceptor() { //白名单API openApiUrls.add("/account/ymUser/service/ymUserlogin"); } @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { String backToken = request.getHeader(AUTHORIZATION_TOKEN); String url = request.getRequestURI(); logger.info("[UserLogin interceptor] :" + url); // if(openApiUrls.contains(url)){ logger.info("[white] :" + url); return true; } if(StringUtils.isNotEmpty(backToken)){ Object userStr = redisOperator.get(backToken); if(ObjectUtils.isEmpty(userStr)){ Map<String, Object> map = new HashMap<>(); map.put("success",false); map.put("message", "AUTHORIZATION_TOKEN error"); returnJson(response, new Gson().toJson(map)); return false; } Map<String, Object> userMap = JSON.parseObject(userStr.toString(), new TypeReference<Map<String, Object>>(){}); request.setAttribute("LOGCLOUD_USERID", userMap.get("id")); request.setAttribute("LOGCLOUD_PLATFORMCODE", userMap.get("platformCode")); redisOperator.expire(backToken, 7200); logger.info("backToken:" + backToken + "********"); //把用户信息放到request中 request.setAttribute("user", userMap); }else{ logger.info("[unAuthUrl3] :" + url); request.setAttribute("message", "AUTHORIZATION_TOKEN ERROR"); response.sendError(302,"未登录"); return false; } } private void returnJson(HttpServletResponse response, String json) throws IOException { PrintWriter writer = null; response.setCharacterEncoding("UTF-8"); response.setContentType("text/html; charset=utf-8"); response.sendError(302,"未登录"); try { writer = response.getWriter(); writer.print(json); } catch (IOException e) { logger.error("response error", e); } finally { if (writer != null) writer.close(); } } @Override public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception { } @Override public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception { } }
播种和收获通常不在一个季节,而中间的过程叫做坚持~
浙公网安备 33010602011771号