Spring Boot 拦截器 Interceptor

今天再次使用SpringBoot和拦截器 Interceptor进行登陆和用户权限验证，之前第一次成功没有做记录现在这次失败了，就索性把遇到的问题记录一下

 

先验证是否登陆判断session是否存在(此处没有选择使用注解Bean)

package com.qiye.boss.interceptor;

import com.alibaba.fastjson.JSON;
import com.qiye.boss.utils.ApiResult;
import com.qiye.boss.utils.AuthUtils;
import com.qiye.boss.utils.BossCommonUtils;
import org.springframework.context.annotation.Configuration;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.PrintWriter;

/**
 * Created by mazhaocai on 2017/12/4.
 */
@Component
public class ApiInterceptor extends HandlerInterceptorAdapter {

    /**
     * 接口拦截相关
     */
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        String requestUrl = request.getRequestURI();
        HttpSession session = request.getSession();

        if (BossCommonUtils.needAuthCheck(requestUrl)) {
            //需要登录验证
            if (!AuthUtils.isLoginUser(session)) {
                ApiResult result = ApiResult.errLogin();
                response.setHeader("Content-Type","application/json;charset=UTF-8");
                PrintWriter writer = response.getWriter();
                writer.append(JSON.toJSONString(result));
                writer.close();
                return false;
            }
        }
        if (!BossCommonUtils.getAuthWords(requestUrl).equals("")){
            //需要进行权限验证
            //验证的权限类型
            //主要针对TYPE=2的操作
            String authWord = BossCommonUtils.getAuthWords(requestUrl);
            if (!AuthUtils.getAuth(authWord,session)){
                ApiResult result = ApiResult.errAuth(authWord);
                response.setHeader("Content-Type","application/json;charset=UTF-8");
                PrintWriter writer = response.getWriter();
                writer.append(JSON.toJSONString(result));
                writer.close();
                return false;
            }
//            else {
//                String afterUrl = BossCommonUtils.getAuthRightUrl(requestUrl);
//                response.sendRedirect(afterUrl);
//            }
        }
        return true;
    }

    @Override
    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
        super.postHandle(request, response, handler, modelAndView);
    }

    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
        super.afterCompletion(request, response, handler, ex);
    }
}

 单单这样是不起作用的(我只建立了这一个 ApiInterceptor.class  发现并不走拦截 拦截器失效，貌似是启动并没有加载这个类)

还需要一下启动拦截器(在网上查到有说在启动类上面加上扫描，反正我是没有成功，然后采用了这个方法)

 

package com.qiye.boss.interceptor;

import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;

/**
 * @Author: Ma Zhaocai
 * @Date: 2019-3-21
 */
@Configuration
public class MyWebAppConfigurer extends WebMvcConfigurerAdapter {

    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        // 多个拦截器组成一个拦截器链
        // addPathPatterns 用于添加拦截规则
        // excludePathPatterns 用户排除拦截
        registry.addInterceptor(new ApiInterceptor()).addPathPatterns("/**");
        super.addInterceptors(registry);
    }
}

BossCommonUtils  是我自己写的校验方法，用来判断 用户是否登陆以及判断用户是否拥有权限(通过请求地址标识)

ApiResult 是自定义返回对象