在SpringBoot中我们可以使用HandlerInterceptorAdapter这个适配器来实现自己的拦截器。这样就可以拦截所有的请求并做相应的处理。
详细可参考文章:https://www.cnblogs.com/weianlai/p/11358768.html
- 拦截器执行顺序是按照Spring配置文件中定义的顺序而定的。
- 会先按照顺序执行所有拦截器的preHandle方法,一直遇到return false为止,比如第二个preHandle方法是return false,则第三个以及以后所有拦截器都不会执行。若都是return true,则按顺序加载完preHandle方法。
- 然后执行主方法(自己的controller接口),若中间抛出异常,则跟return false效果一致,不会继续执行postHandle,只会倒序执行afterCompletion方法。
- 在主方法执行完业务逻辑(页面还未渲染数据)时,按倒序执行postHandle方法。若第三个拦截器的preHandle方法return false,则会执行第二个和第一个的postHandle方法和afterCompletion(postHandle都执行完才会执行这个,也就是页面渲染完数据后,执行after进行清理工作)方法。(postHandle和afterCompletion都是倒序执行)
自定义一个拦截器需继承HandlerInterceptorAdapter
package cn.jsfund.ngdp.support.config;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.alibaba.fastjson.JSONObject;
import cn.jsfund.ngdp.support.exception.ServiceException;
import cn.jsfund.ngdp.support.util.GetIpUtil;
import cn.jsfund.ngdp.support.web.service.PermissionUserService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import java.io.PrintWriter;
@Configuration
public class SecurityInterceptor extends HandlerInterceptorAdapter {
private static Logger logger = LoggerFactory.getLogger(SecurityInterceptor.class);
@Autowired
private PermissionUserService permissionUserService;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response,
Object handler) throws Exception {
// 请求地址
String requestUrl = request.getRequestURI().toString();
String userName = request.getRemoteUser();
// 无需拦截直接访问的地址
String[] allowUrls = new String[] { "/api/Jurisdiction/getMenuList", "/logout", "/",
"/api/user/getCurrentUser", "/swagger-resources/configuration/ui",
"/swagger-resources" };
// 请求IP
String ip = GetIpUtil.getIp(request);
logger.info("request请求的用户为:" + userName);
logger.info("request请求的IP为:" + ip);
logger.info("request请求的URL为:" + requestUrl);
// 判断请求地址是否无需拦击
for (String url : allowUrls) {
if (requestUrl.equals(url)) {
return true;
}
}
boolean checkFlag = false;
if (permissionUserService.checkMenuJurisdiction(userName, requestUrl) > 0) {
checkFlag = true;
}
if (!checkFlag) {
JSONObject res = new JSONObject();
res.put("code", ServiceException.ERROR_VALIDATE);
res.put("msg", "您没有访问权限");
response.setCharacterEncoding("UTF-8");
response.setContentType("application/json; charset=utf-8");
PrintWriter out = null;
out = response.getWriter();
out.append(res.toString());
}
return checkFlag;
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
ModelAndView modelAndView) throws Exception {
System.out.println("postHandle.........");
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response,
Object handler, Exception ex) throws Exception {
System.out.println("afterCompletion.........");
}
}
使拦截器生效需继承WebMvcConfigurerAdapter(WebMvcConfigurer)类,可添加多个拦截器,按先后顺序执行
package cn.jsfund.ngdp.support.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
@Configuration
public class InterceptorConf extends WebMvcConfigurerAdapter {
@Autowired
private SecurityInterceptor securityInterceptor;
@Autowired
private TestInterceptor testInterceptor;
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(securityInterceptor);
registry.addInterceptor(testInterceptor);
}
}