SpringBoot自定義攔截器
阿新 • • 發佈:2018-12-21
現有頁面
export function updateReport(report, emails, views) { const id = report.id const reportName = report.reportName const safeLevel = report.safeLevel const reportUrl = report.reportUrl const remark = report.remark const reportType = report.reportType return request({ url: '/report/updateReport', method: 'post', data: { id, reportName, reportUrl, safeLevel, remark, reportType, emails, views } }) export function deleteReport(reportId) { return request({ url: '/report/deleteReport', method: 'post', data: { reportId } }) }
列表有檢視、編輯、刪除功能,前端判斷該條資料的creator與當前登入使用者是不是同一個人,如果是則展示編輯和刪除按鈕。為防止惡意攻擊,可以在後端再加個攔截器,雙重控制。
先自定義攔截器:
@Component public class ReportHandler implements HandlerInterceptor{ @Autowired private ReportService reportService; @Override public void afterCompletion(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, Exception arg3) throws Exception { // TODO Auto-generated method stub } @Override public void postHandle(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, ModelAndView arg3) throws Exception { // TODO Auto-generated method stub } @Override public boolean preHandle(HttpServletRequest req, HttpServletResponse arg1, Object arg2) throws Exception { try{ String requestURI = req.getRequestURI(); //是刪除或者編輯請求 if(requestURI.indexOf("updateReport")!=-1 || requestURI.indexOf("deleteReport")!=-1){ String reportId = null; //刪除的引數為reportId if(req.getParameter("reportId") != null){ reportId = req.getParameter("reportId"); } //編輯的引數為id if(req.getParameter("id") != null){ reportId = req.getParameter("id"); } Report report = reportService.getById(reportId); User user = new SessionUtil().getCurrentUser(); if(!report.getCreator().equals(user.getId())){ return false; } } return true; }catch (Exception e) { return true; } } }
再把攔截器新增到SpringBoot配置中:
@SpringBootConfiguration public class MySpringMVCConfig extends WebMvcConfigurerAdapter{ @Autowired private ReportHandler reportHandler; @Override public void addInterceptors(InterceptorRegistry registry) { registry.addInterceptor(reportHandler).addPathPatterns("/**"); } }
即可。