spring boot註解實現許可權控制
阿新 • • 發佈:2019-01-09
1、自定義註解
Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface RoleCheck {
String[] roles() default {};
}
2、註解的實現
@Service public class RoleCheckInterceptor implements HandlerInterceptor { @Resource(name = "redisHelper") private RedisHelper redisHelper; @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { if (handler instanceof HandlerMethod) { HandlerMethod handlerMethod = (HandlerMethod) handler; Method method = handlerMethod.getMethod(); RoleCheck roleCheck = method.getAnnotation(RoleCheck.class); if (roleCheck != null) { String[] roles = roleCheck.roles();//獲取方法中設定的許可權資訊 String userType = redisHelper.getLoginUserType(request);//sessiong中儲存了該使用者的許可權資訊 for (String role : roles) { if (role.equals(userType)) {//判斷使用者是否有許可權訪問 return true; } } String unID = redisHelper.getLoginUnID(request); String port = request.getRequestURI(); throw new BaseException(String.format("使用者[%s]請求服務埠時[%s]許可權驗證失敗", unID, port)); } return true; } return true; } @Override public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) { } @Override public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) { } }
3、配置spring boot攔截器
@Configuration @EnableWebMvc public class WebMvcConfig extends WebMvcConfigurerAdapter { @Autowired private RedisCheckInterceptor redisCheckInterceptor; /** * 配置註解攔截器 */ @Override public void addInterceptors(InterceptorRegistry registry) { registry.addInterceptor(redisCheckInterceptor) .addPathPatterns("/**"); super.addInterceptors(registry); } }
4、新增@RoleCheck註解
Validated @RestController @RequestMapping(value = "/user") public class UserController { @RoleCheck(roles = {"OWNER"}) //只有許可權為“OWNER”的使用者才能訪問該方法 //@RoleCheck(roles = {"ADMIN", "OWNER"})//表示”OWNER“和"ADMIN"許可權的使用者可以訪問此方法 @GetMapping(value = "/userinfos") public void getUser( HttpServletRequest request) { System.out.println("請求controller"); }
利用直接來實現許可權管理的程式碼就完成了。