拦截器原理
在 Spring MVC 中,拦截器(Interceptor)是一种机制,用于拦截请求并在处理程序(Controller)执行之前或之后执行一些操作。拦截器允许您在请求的不同阶段(如处理程序执行前、处理程序执行后、视图渲染前、视图渲染后等)添加自定义逻辑。
其中问号就是拦截器处理的范围。
实现自定义拦截器
@Component
public class SampleInterceptor implements HandlerInterceptor {// 在controller执行前的逻辑@Overridepublic boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)throws Exception {// 在controller执行之前执行的逻辑System.out.println("Pre-handle logic");return true; // 返回 true,将允许请求继续传递到处理程序;//返回 false,将阻止请求传递给处理程序}// 在controller执行后、并在视图渲染前执行的逻辑@Overridepublic void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,ModelAndView modelAndView) throws Exception {System.out.println("Post-handle logic");}//在服务器响应结束后执行的逻辑@Overridepublic void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)throws Exception {System.out.println("After-completion logic");}
}
将自定义拦截器添加到SpringMvc中
@Configuration
public class InterceptorRoll implements WebMvcConfigurer {@AutowiredLoginTicketInterceptor loginTicketInterceptor;@Overridepublic void addInterceptors(InterceptorRegistry registry) {//registry.addInterceptor() 方法可以向注册表中添加拦截器。InterceptorRegistration interceptorRegistration = registry.addInterceptor(loginTicketInterceptor);//添加拦截器生效路径,以及拦截器忽略的路径...}
}
使用拦截器实现权限验证逻辑
关键鉴权逻辑图解:
1.在请求controller之前先经过拦截器,从cookie中获取用户标识,根据用户标识,从redis中取出登录凭证
2.如果登录凭证有效,则设置一个线程与用户信息进行绑定,并将用户信息存入到视图模型中
3.如果凭证无效则跳转到登录页面
4.在用户请求完之后,销毁线程与用户名的绑定
实现:
1.创建工具类ThreadHolder
package com.duhong.util;import com.duhong.entity.User;
import org.springframework.data.redis.core.StringRedisTemplate;public class ThreadHolder {static ThreadLocal<User> users=new ThreadLocal<>();/*** 设置线程信息* @param user*/public static void setHolder(User user){users.set(user);}/*** 获取当前线程的信息* @return*/public static User getHolder(){return users.get();}/*** 解除线程与当前用户的绑定*/public static void remove(){users.remove();}
}
2.创建自定义拦截器
@Component
public class LoginTicketInterceptor implements HandlerInterceptor {@AutowiredStringRedisTemplate redisTemplate;//redis客户端@AutowiredUserMapper userMapper;//根据用户id查询用户所有信息public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {//获取用户的cookieCookie[] cookies = request.getCookies();String loginOwner=null;System.out.println("开始鉴权");for(Cookie cookie:cookies){if(cookie.getName().equals("loginOwner")){loginOwner=cookie.getValue();break;};}LoginTicket ticket=new LoginTicket();//如果loginOwner不等于null,从redis中获取登录签证if(loginOwner!=null) {String s = redisTemplate.opsForValue().get(RedisUtil.getTicket(loginOwner));ticket = RedisUtil.getObject(s);//用户已被授权if (ticket != null && ticket.getStatus() == 1) {User user = userMapper.selectById(ticket.getUserId());//将用户信息与当前线程绑定ThreadHolder.setHolder(user);return true;}}//如果签证不等于null,而且签证的状态无效则跳转到登录页面response.sendRedirect("/site/login");return false;}/*** 在视图层渲染之前将用户信息存入模型* @param request* @param response* @param handler* @param modelAndView* @throws Exception*/public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, @Nullable ModelAndView modelAndView) throws Exception {if(ThreadHolder.getHolder()!=null&&modelAndView!=null){//从当前线程中获取用用户信息modelAndView.addObject("loginUser",ThreadHolder.getHolder());}}/*** 在服务器响应完本次信息之后,解除当前线程与用户信息的绑定* @param request* @param response* @param handler* @param ex* @throws Exception*/public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, @Nullable Exception ex) throws Exception {ThreadHolder.remove();}
}
3.将拦截器加入到SpringMvc中并设置拦截规则
package com.duhong.config;import com.duhong.filter.LoginTicketInterceptor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;import java.util.Arrays;
import java.util.List;@Configuration
public class InterceptorRoll implements WebMvcConfigurer {@AutowiredLoginTicketInterceptor loginTicketInterceptor;//配置文件中配置配置需要过滤的路径形式为:路径,路径,...@Value("${allow.pages}")String allowPages;@Overridepublic void addInterceptors(InterceptorRegistry registry) {InterceptorRegistration interceptorRegistration = registry.addInterceptor(loginTicketInterceptor);interceptorRegistration.addPathPatterns("/**");String[] split = allowPages.split(",");for (String allowpage : split) {System.out.println(allowpage);//忽略指定页面interceptorRegistration.excludePathPatterns(allowpage);}//忽略静态资源interceptorRegistration.excludePathPatterns("/css/**","/img/**","/js/**");}
}
如有收获,就点个赞吧!