实现自定义拦截器

1、定义实现类

两种定义方法:
1.类实现Spring的HandlerInterceptor接口
2.类继承HandlerInterceptorAdapter
实现HandlerInterceptor接口中的方法作用:

preHandle：在业务处理器处理请求之前被调用。预处理，可以进行编码、安全控制、权限校验等处理；
postHandle：在业务处理器处理请求执行完成后，生成视图之前执行。后处理（调用了Service并返回ModelAndView，但未进行页面渲染），有机会修改ModelAndView （这个博主就基本不怎么用了）；
afterCompletion：在DispatcherServlet完全处理完请求后被调用，可用于清理资源等。返回处理（已经渲染了页面）；

拦截器实现

package org.dsm.trainingsystem.rest.interceptor;

import org.apache.commons.lang3.StringUtils;
import org.dsm.trainingsystem.rest.Application;
import org.dsm.trainingsystem.util.JWTHelper;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.List;

@Component
public class TokenInterceptor implements HandlerInterceptor {

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
            throws Exception {

        String token = request.getHeader("X-Token");
        //System.out.println(request.getRequestURI());

        if (StringUtils.isEmpty(token)){
            //返回401
            response.setStatus( HttpServletResponse.SC_UNAUTHORIZED);
            return false;
        }

        //认证token
        if (!JWTHelper.verify(token)){
            response.setStatus( HttpServletResponse.SC_UNAUTHORIZED);
            return false;
        }

        //取用户名
        String userName = JWTHelper.getUserName(token);
        System.out.println(userName);
        if (StringUtils.isEmpty(userName)){
            response.setStatus( HttpServletResponse.SC_UNAUTHORIZED);
            return false;
        }

        //取用户角色
        if (Application.userInterfaceList.containsKey(userName)){
            List<String> interfaceList = Application.userInterfaceList.get(userName);
            if (interfaceList.contains(request.getRequestURI())){
                return true;
            }else{
                response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
                return false;
            }
        }

        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
        return false;
    }
}

2.拦截器配置

两种定义方法:

1、继承WebMvcConfigurationSupport
2、实现WebMvcConfigurer
但是继承WebMvcConfigurationSupport会让Spring-boot对mvc的自动配置失效。

拦截器配置实现

package org.dsm.trainingsystem.rest.interceptor;

import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport;

@Configuration
public class InterceptorConfig extends WebMvcConfigurationSupport {

    @Override
    protected void addInterceptors(InterceptorRegistry registry) {
        // 多个拦截器组成一个拦截器链
        // addPathPatterns 用于添加拦截规则，/**表示拦截所有请求
        // excludePathPatterns 用户排除拦截
        registry.addInterceptor(new TokenInterceptor()).addPathPatterns("/**")
                .excludePathPatterns("/trainingsystem/api/common/login",
                        "/swagger-resources/**",
                        "/webjars/**",
                        "/v2/**",
                        "/swagger-ui.html/**");
        super.addInterceptors(registry);
    }


    @Override
    protected void addResourceHandlers(ResourceHandlerRegistry registry) {
        registry.addResourceHandler("/**")
                .addResourceLocations("classpath:/static/");
        registry.addResourceHandler("swagger-ui.html")
                .addResourceLocations("classpath:/META-INF/resources/");
        registry.addResourceHandler("/webjars/**")
                .addResourceLocations("classpath:/META-INF/resources/webjars/");
    }

}