springboot(八)拦截器之验证登录

添加jar包，这个jar包不是必须的，只是在拦截器里用到了，如果不用的话，完全可以不引入

			org.apache.commons
			commons-lang3
			3.5
		

springboot默认为Tomcat，如果用jetty，还需要引入

			javax.servlet
			javax.servlet-api
			3.1.0
		

1、以登录验证为例，首先创建个@Auth注解

package com.demo.interceptor;

import java.lang.annotation.*;

/**
 * Created by huguoju on 2016/12/30.
 * 在类或方法上添加@Auth就验证登录
 */
@Target({ElementType.TYPE, ElementType.METHOD})
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface Auth {
}

2、创建一个Constants，在拦截器里用

package com.demo.util;

/**
 * Created by huguoju on 2016/12/30.
 */
public interface Constants {
    int MAX_FILE_UPLOAD_SIZE = 5242880;
    String MOBILE_NUMBER_SESSION_KEY = "sessionMobileNumber";
    String USER_CODE_SESSION_KEY = "userCode";
    String SESSION_KEY = "sessionId";
}

3、创建一个SessionData，用于保存在session中的字段

package com.demo.model;

import lombok.Data;

/**
 * Created by huguoju on 2016/12/30.
 */
@Data
public class SessionData {
    private Integer userCode;
    private String mobileNumber;
}

4、实现登录拦截实现

package com.demo.interceptor;

import com.demo.model.SessionData;
import com.demo.util.RedisUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.lang.reflect.Method;

import static com.demo.util.Constants.MOBILE_NUMBER_SESSION_KEY;
import static com.demo.util.Constants.SESSION_KEY;
import static com.demo.util.Constants.USER_CODE_SESSION_KEY;

/**
 * Created by huguoju on 2016/12/30.
 */
@Component
public class LoginInterceptor extends HandlerInterceptorAdapter {
    @Autowired
    private RedisUtil redisUtils;
    private final static String SESSION_KEY_PREFIX = "session:";
    public boolean preHandle(HttpServletRequest request,
                             HttpServletResponse response, Object handler) throws Exception {
        if (!handler.getClass().isAssignableFrom(HandlerMethod.class)) {
            return true;
        }
        handlerSession(request);

        final HandlerMethod handlerMethod = (HandlerMethod) handler;
        final Method method = handlerMethod.getMethod();
        final Class clazz = method.getDeclaringClass();
        if (clazz.isAnnotationPresent(Auth.class) ||
                method.isAnnotationPresent(Auth.class)) {
            if(request.getAttribute(USER_CODE_SESSION_KEY) == null){
  
                 throw new Exception();
               
            }else{
                return true;
            }
        }

        return true;

    }
    public void  handlerSession(HttpServletRequest request) {
        String sessionId = request.getHeader(SESSION_KEY);
        if(org.apache.commons.lang3.StringUtils.isBlank(sessionId)){
            sessionId=(String) request.getSession().getAttribute(SESSION_KEY);
        }
        if (org.apache.commons.lang3.StringUtils.isNotBlank(sessionId)) {
            SessionData model = (SessionData) redisUtils.get(SESSION_KEY_PREFIX+sessionId);
            if (model == null) {
                return ;
            }
            request.setAttribute(SESSION_KEY,sessionId);
            Integer userCode = model.getUserCode();
            if (userCode != null) {
                request.setAttribute(USER_CODE_SESSION_KEY, Long.valueOf(userCode));
            }
            String mobile = model.getMobileNumber();
            if (mobile != null) {
                request.setAttribute(MOBILE_NUMBER_SESSION_KEY, mobile);
            }
        }
        return ;
    }
}

redisUtil在上一篇文章创建过了

5、配置拦截器

package com.demo.interceptor;

import org.hibernate.validator.HibernateValidator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.MessageSource;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.PropertySource;
import org.springframework.context.support.PropertySourcesPlaceholderConfigurer;
import org.springframework.context.support.ReloadableResourceBundleMessageSource;
import org.springframework.validation.Validator;
import org.springframework.validation.beanvalidation.LocalValidatorFactoryBean;
import org.springframework.validation.beanvalidation.MethodValidationPostProcessor;
import org.springframework.web.servlet.ViewResolver;
import org.springframework.web.servlet.config.annotation.*;
import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping;
import org.springframework.web.servlet.view.InternalResourceViewResolver;

/**
 * Created by huguoju on 2016/12/30.
 */
@Configuration
@EnableWebMvc
@ComponentScan(basePackages = "com.demo.controller")
@PropertySource(value = "classpath:application.properties",
        ignoreResourceNotFound = true,encoding = "UTF-8")
public class MvcConfig extends WebMvcConfigurerAdapter {
    private static final Logger logger = LoggerFactory.getLogger(MvcConfig.class);
    @Autowired
    LoginInterceptor loginInterceptor;

    /**

     * 

     *     视图处理器
     * 
     *
     * @return
     */
    @Bean
    public ViewResolver viewResolver() {
        logger.info("ViewResolver");
        InternalResourceViewResolver viewResolver = new InternalResourceViewResolver();
        viewResolver.setPrefix("/WEB-INF/jsp/");
        viewResolver.setSuffix(".jsp");
        return viewResolver;
    }

    /**
     * 拦截器配置
     * @param registry
     */
    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        // 注册监控拦截器
        registry.addInterceptor(loginInterceptor)
                .addPathPatterns("/**")
         .excludePathPatterns("/configuration/ui");

    }

    @Override
    public void addCorsMappings(CorsRegistry registry) {
        registry.addMapping("/**")
                .allowedOrigins("*")
                .allowedHeaders("*/*")
                .allowedMethods("*")
                .maxAge(120);
    }

    /**
     * 资源处理器
     * @param registry
     */
    @Override
    public void addResourceHandlers(ResourceHandlerRegistry registry) {
        logger.info("addResourceHandlers");
        registry.addResourceHandler("/swagger-ui.html")
                .addResourceLocations("classpath:/META-INF/resources/");
        registry.addResourceHandler("/webjars/**")
                .addResourceLocations("classpath:/META-INF/resources/webjars/");
    }

}

以上就完成了，测试时可以在LoginInterceptor里打断点，然后在controller上或者方法上添加@Auth注解，

controller上添加以后这个controller里所有请求都验证登录，在方法里添加只有请求这个方法时验证

@Auth
@RestController
public class TestController {


}