权限校验拦截器
package com.meritdata.cloud.base.interceptor; import java.io.IOException; import java.io.PrintWriter; import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import com.alibaba.fastjson.JSONObject; import com.alibaba.fastjson.TypeReference; import com.google.gson.Gson; import com.meritdata.cloud.base.util.HttpServletRequestReader; import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Component; import org.springframework.util.ObjectUtils; import org.springframework.web.servlet.HandlerInterceptor; import org.springframework.web.servlet.ModelAndView; import com.alibaba.fastjson.JSON; import com.meritdata.cloud.base.config.YmWebMvcConfigure; import com.meritdata.cloud.redis.operator.RedisOperatorClient; @Component public class UserLoginHandlerInterceptor implements HandlerInterceptor { @Value("${user.redis.tokenExpireTime}") private long tokenExpireTime; private static final Logger logger = LoggerFactory.getLogger(UserLoginHandlerInterceptor.class); @Autowired private RedisOperatorClient redisOperator; public static final String AUTHORIZATION_TOKEN = "AUTHORIZATION_TOKEN"; //白名单 List<String> openApiUrls = new ArrayList<>(); public UserLoginHandlerInterceptor() { //白名单API openApiUrls.add("/account/ymUser/service/ymUserlogin"); } @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { String backToken = request.getHeader(AUTHORIZATION_TOKEN); String url = request.getRequestURI(); logger.info("[UserLogin interceptor] :" + url); // if(openApiUrls.contains(url)){ logger.info("[white] :" + url); return true; } if(StringUtils.isNotEmpty(backToken)){ Object userStr = redisOperator.get(backToken); if(ObjectUtils.isEmpty(userStr)){ Map<String, Object> map = new HashMap<>(); map.put("success",false); map.put("message", "AUTHORIZATION_TOKEN error"); returnJson(response, new Gson().toJson(map)); return false; } Map<String, Object> userMap = JSON.parseObject(userStr.toString(), new TypeReference<Map<String, Object>>(){}); request.setAttribute("LOGCLOUD_USERID", userMap.get("id")); request.setAttribute("LOGCLOUD_PLATFORMCODE", userMap.get("platformCode")); redisOperator.expire(backToken, 7200); logger.info("backToken:" + backToken + "********"); //把用户信息放到request中 request.setAttribute("user", userMap); }else{ logger.info("[unAuthUrl3] :" + url); request.setAttribute("message", "AUTHORIZATION_TOKEN ERROR"); response.sendError(302,"未登录"); return false; } } private void returnJson(HttpServletResponse response, String json) throws IOException { PrintWriter writer = null; response.setCharacterEncoding("UTF-8"); response.setContentType("text/html; charset=utf-8"); response.sendError(302,"未登录"); try { writer = response.getWriter(); writer.print(json); } catch (IOException e) { logger.error("response error", e); } finally { if (writer != null) writer.close(); } } @Override public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception { } @Override public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception { } }
播种和收获通常不在一个季节,而中间的过程叫做坚持~
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 10年+ .NET Coder 心语,封装的思维:从隐藏、稳定开始理解其本质意义
· .NET Core 中如何实现缓存的预热?
· 从 HTTP 原因短语缺失研究 HTTP/2 和 HTTP/3 的设计差异
· AI与.NET技术实操系列:向量存储与相似性搜索在 .NET 中的实现
· 基于Microsoft.Extensions.AI核心库实现RAG应用
· TypeScript + Deepseek 打造卜卦网站:技术与玄学的结合
· 阿里巴巴 QwQ-32B真的超越了 DeepSeek R-1吗?
· 【译】Visual Studio 中新的强大生产力特性
· 10年+ .NET Coder 心语 ── 封装的思维:从隐藏、稳定开始理解其本质意义
· 【设计模式】告别冗长if-else语句:使用策略模式优化代码结构