项目分析:Spring boot 拦截器实现拦截,判断是否登录以及权限功能

代码摘出来了做了一下笔记

,更多是思路,因为包含一些业务信息,复制粘贴适配率很低,做好准备在读

当然这个适合初期的登录和退出功能,后续可以改为shiro等,那都是后话

不忙了,梳理一下使用思路总结:

1. MVC拦截器拦截以后交给指定拦截器处理
2. 登录时候,根据账号密码验证一下,
   1. 如果验证存在这个账号,且无禁用状态
   2. 就将ID通过Beas64加密一下然后放cookie中
   3. 然后接着判断账号内置的字段是否包含某个字段,来判断权限是否放行
3. 验证
   1. 先去session中查看是否含有登录信息(),
   2. 如果没有就去cookie里面查看是否有登录ID,有的话查询一下账号所有信息放session中
   3. 后续请求 验证直接去session取账号信息,然后权限判断

package com.***;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

import com.***.ManageInterceptor;


@Configuration
public class WebMvcConfig implements WebMvcConfigurer{

	@Bean
	ManageInterceptor ManageInterceptor() {
		return new ManageInterceptor();
	}
	
    /**
     * 添加拦截器
     * @param registry
     */
    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        registry.addInterceptor(ManageInterceptor())    //指定拦截器类
        			.addPathPatterns("/**")
        			.excludePathPatterns("/login", "/submitLogin", "/lib/**", "/kindeditor/**");
    }

}

附上拦截类

package com.***.interceptor;

import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.util.StringUtils;
import org.springframework.web.servlet.HandlerInterceptor;

import com.***.CryptoUtil;
import com.***.manage.AdminHelper;
import com.***.manage.Constants;
import com.***.manage.service.AdminService;
import com.**.model.Admin;

/*
 * author: hua
 */
public class ManageInterceptor implements HandlerInterceptor {

	@Autowired
	private AdminService adminService;
	
    //在请求处理之前进行调用（Controller方法调用之前
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object o) throws Exception {
        
    	request.setAttribute("path", request.getRequestURI());
    	
    	String path = request.getRequestURI().substring(1);
    	int n = path.indexOf("/");
        //拿到url路径,一会判断使用
    	String module =  n > 0 ? path.substring(0, n) : "index";
    	request.setAttribute("module", module);
    	//第一次访问,会根据cookie判断是否登录,登录以后就放session里面
        //如果第二次访问,就会有session信息了
        //ps:Constants是自己定义的枚举类
    	Admin loginAdmin = (Admin) request.getSession().getAttribute(Constants.ADMIN_SESSIONID);  
        
        if(loginAdmin == null){  
        	
            String adminstr = "";  
              
            Cookie[] cookies = request.getCookies();  
            if(null!=cookies){    
                for(Cookie cookie : cookies){    
                    if(Constants.ADMIN_COOKIEID.equals(cookie.getName())){  
                    	adminstr = cookie.getValue();  
                        if (adminstr != null)
                        	break;
                    }
                }
                
                if(!StringUtils.isEmpty(adminstr)){  
                    //根据cookie的value值base65解码得到ID
                	int adminId = Integer.parseInt( CryptoUtil.decryptDES(Constants.ADMIN_KEY, adminstr) );
                    //根据ID查询,得到账号的所有信息
                	loginAdmin = adminService.selectAdminById(adminId);
                }  
            }   
            if (loginAdmin != null) {
                //如果账号存在,就放session里面,以后都省的去Cookie查了
                request.getSession().setAttribute(Constants.ADMIN_SESSIONID, loginAdmin);
                //调用下面的方法
            	return goOn(loginAdmin, module, request, response);
            	
            } else {
            	response.sendRedirect("/login");
            	return false;
            }
        }  else {
        	
        	return goOn(loginAdmin, module, request, response);  
        }
    }


    //goON方法略,业务内容:
    //(admin的权限字段).contains(截取的路径)  匹配判断是否能进入程序,return boolean
    private boolean goOn(Admin admin, String module, HttpServletRequest request, HttpServletResponse response) 

        
}

更新一下把登录登出代码也记一下

@RequestMapping(value = "/login")
    public ModelAndView login(){

        return new ModelAndView("/login");
    }
    
    @RequestMapping(value = "submitLogin", method = RequestMethod.POST)
    @ResponseBody
    public ModelAndView  submitLogin(Admin entity,
    		Boolean rememberMe,
    		HttpServletRequest request,
    		HttpServletResponse response) throws Exception {
        //给admin字段设置一下登录IP ,如果验证成功就顺便插一条日志
    	entity.setLoginIp( RequestUtil.getRealIP(request) );

    	ModelAndView model=new ModelAndView();
        //判断账号密码是否正确   
        //jsonResult自定义类,里面有个状态码和  T data
    	JsonResult<Admin> result=adminService.login(entity,request);
        //状态码200就是成功 业务自己定义的200
    	if(result.getErrCode()==200) {
    		Admin admin = result.getData();
    		if (admin.getState() == 0) {//账号是启用的
	    		// 设置Cookie
                //将ID 64加密以后 放入cookie中
	    		Cookie cookie = new Cookie(Constants.ADMIN_COOKIEID, CryptoUtil.encryptDES(Constants.ADMIN_KEY, admin.getId().toString()));
	    		response.addCookie(cookie);
				model.addObject("result",result);
	    		model.setViewName("redirect:/index");;
    		} else {//账号禁用
    			model.setViewName("/login");
    			result.setErrCode(-1);
    			result.setErrMsg("此管理员已禁用。");
    			model.addObject("result",result);
    		}
    	}else {
    		model.setViewName("/login");
			model.addObject("result",result);
    	}
    	model.addObject("loginName",entity.getLoginName());
    	model.addObject("password",entity.getLoginPassword());
    	return model;
    }
    @RequestMapping(value = "logout", method = RequestMethod.GET)
    @ResponseBody
    public ModelAndView logout(
    		HttpServletRequest request,
    		HttpServletResponse response) {

    	Admin admin = (Admin)request.getSession().getAttribute(Constants.ADMIN_SESSIONID);
    	 

    	request.getSession().invalidate();

    	 Cookie[] cookies = request.getCookies();
         if(null!=cookies){
             for(Cookie cookie : cookies){
                 if(Constants.ADMIN_COOKIEID.equals(cookie.getName())){
                	 cookie.setValue(null);
                 	cookie.setMaxAge(-1);
                 	cookie.setPath("/");
                 	response.addCookie(cookie);
                 	break;
                 }
             }
         }

    	ModelAndView model=new ModelAndView();
    	model.setViewName("redirect:/index");
    	return model;

    }

JsonResult是自己封装的类