SpringMVC:java拦截器实现 HandlerInterceptor

xiaoxiao2021-02-28  101

一、需求:

做拦截器实现普通用户,专业用户,高级用户的功能限制拦截

二、实现:

1.实现HandlerInterceptor接口 public class BaseInterceptor implements HandlerInterceptor{ /** * preHandle方法是进行处理器拦截用的,顾名思义,该方法将在Controller处理之前进行调用,SpringMVC中的Interceptor拦截器是链式的,可以同时存在 * 多个Interceptor,然后SpringMVC会根据声明的前后顺序一个接一个的执行,而且所有的Interceptor中的preHandle方法都会在 * Controller方法调用之前调用。SpringMVC的这种Interceptor链式结构也是可以进行中断的,这种中断方式是令preHandle的返 * 回值为false,当preHandle的返回值为false的时候整个请求就结束了。 */ @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { // TODO Auto-generated method stub return false; } /** * 这个方法只会在当前这个Interceptor的preHandle方法返回值为true的时候才会执行。postHandle是进行处理器拦截用的,它的执行时间是在处理器进行处理之 * 后,也就是在Controller的方法调用之后执行,但是它会在DispatcherServlet进行视图的渲染之前执行,也就是说在这个方法中你可以对ModelAndView进行操 * 作。这个方法的链式结构跟正常访问的方向是相反的,也就是说先声明的Interceptor拦截器该方法反而会后调用,这跟Struts2里面的拦截器的执行过程有点像, * 只是Struts2里面的intercept方法中要手动的调用ActionInvocation的invoke方法,Struts2中调用ActionInvocation的invoke方法就是调用下一个Interceptor * 或者是调用action,然后要在Interceptor之前调用的内容都写在调用invoke之前,要在Interceptor之后调用的内容都写在调用invoke方法之后。 */ @Override public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception { // TODO Auto-generated method stub } /** * 该方法也是需要当前对应的Interceptor的preHandle方法的返回值为true时才会执行。该方法将在整个请求完成之后,也就是DispatcherServlet渲染了视图执行, * 这个方法的主要作用是用于清理资源的,当然这个方法也只能在当前这个Interceptor的preHandle方法的返回值为true时才会执行。 */ @Override public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception { // TODO Auto-generated method stub } } 2、实现HandlerInterceptor之后在preHandle方法里写需要拦截的controller方法url package org.uz.dxt.interceptor; import java.io.PrintWriter; import java.lang.reflect.Field; import java.util.HashSet; import java.util.List; import java.util.Set; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.servlet.ModelAndView; import org.uz.dxt.common.Result; import org.uz.dxt.model.golddb.CuishouCompany; import org.uz.dxt.model.golddb.TBankRegisterInfo; import org.uz.dxt.model.user.Permission; import org.uz.dxt.model.zwy.User; import org.uz.dxt.service.golddb.CuishouCompanyService; import org.uz.dxt.service.golddb.SecurityFunctionService; import org.uz.dxt.service.golddb.TBankCompanyService; import org.uz.dxt.service.user.PermissionService; import com.alibaba.fastjson.JSON; /** * * @author Duo Nuo * */ public class ProfessionInterceptor implements  HandlerInterceptor { public static Set<String> validProfessionTargets = new HashSet<>(); private static final Logger log = LoggerFactory.getLogger(ProfessionInterceptor.class); @Autowired private PermissionService permissionService;//查询权限 @Autowired private SecurityFunctionService securityFunctionService; @Autowired private CuishouCompanyService cuishouCompanyService;//查询催收公司 @Autowired private TBankCompanyService tBankCompanyService;//查询金融机构 @Override public boolean preHandle(HttpServletRequest req, HttpServletResponse resp, Object handler) throws Exception { //验证 Result validRe = this.validOperation(req); int status = validRe.getStatus(); if(status == 10001){ return true; } String wrongName = getWrongNameByCode(status); try { //如果是ajax请求响应头会有x-requested-with if (req.getHeader("x-requested-with") != null && req.getHeader("x-requested-with").equalsIgnoreCase("XMLHttpRequest")){ log.error("[ajax] 专业付费功能验证权限失败, 错误码:"+status); resp.setContentType("text/html; charset=utf-8"); PrintWriter out = resp.getWriter(); out.write(JSON.toJSONString(validRe)); out.flush(); out.close(); return false; }else{ log.error("[非 ajax] 专业付费功能验证权限失败, 错误码:"+status); resp.setContentType("text/html; charset=utf-8"); PrintWriter out = resp.getWriter(); out.write("<p>专业会员功能验证失败,错误码: "+status+", 错误原因:" + wrongName +"</p>"); out.flush(); out.close(); return false; } } catch (Exception e) { e.printStackTrace(); } return true; } @Override public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception { // TODO Auto-generated method stub } @Override public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception { // TODO Auto-generated method stub } /** * * @param req * @return result * status * 10001-success * 40002-未提供验证参数,验证失败 * */ private Result validOperation(HttpServletRequest req){ Result result = new Result(); //1. 未开启验证通过 boolean sensitiveValidOpen = this.isProfessionValidOpen(); if(!sensitiveValidOpen){ result.setStatus(10001); return result; } //2. 判断请求url 不在设定的拦截uri内 通过 if(validProfessionTargets.isEmpty()){ Permission t = new Permission(); t.setOprtTypeId((short)5);//权限类别: 1-菜单 2-页面 3-需ukey验证的敏感操作 4-付费高级功能 5-付费专业功能 t.setDataState((short)1); List<Permission> pers = permissionService.queryListByWhere(t); for (Permission permission : pers) { String perUrl = permission.getPerUrl(); if(perUrl != null){ validProfessionTargets.add(perUrl.trim()); } } } String requestURI = req.getRequestURI(); if(! validProfessionTargets.contains(requestURI)){ result.setStatus(10001); return result; } //3. 请求参数在设定uri内验证 vipstate=0 普通会员 1高级会员 2专业会员 HttpSession session = req.getSession(); Integer vipstate = getProfessionStateFromSession(session); if(vipstate == 0){//vipstate=0普通用户 1付费高级 2 付费专业 result.setStatus(40002); } else { result.setStatus(10001); } return result; } /** * 验证全局敏感操作验证是否开启 * @param req * @return */ private boolean isProfessionValidOpen(){ boolean ProfessionValidOpen = securityFunctionService.isProfessionValidOpen(); return ProfessionValidOpen; } /** * 查询催收公司和金融机构是否是专业级别的公司 * @param req * @return */ private Integer getProfessionStateFromSession(HttpSession session) { Object obj = session.getAttribute("user"); Integer vipstate = null; if(obj instanceof CuishouCompany){//如果是催收公司管理员 CuishouCompany company = (CuishouCompany)obj; vipstate = company.getVipstate(); } else if(obj instanceof TBankRegisterInfo){//如果是金融机构 TBankRegisterInfo bank = (TBankRegisterInfo)obj; vipstate = bank.getVipstate(); } else if(obj instanceof User){//如果是用户 User user = (User)obj; String companyCode = user.getIsCuishouId(); String bankCode = user.getBankCode(); if(companyCode != null && !"".equals(companyCode)){//如果是催收公司 CuishouCompany company = new CuishouCompany(); company.setCompanyid(companyCode); List<CuishouCompany> lst = cuishouCompanyService.queryListByWhere(company); if(lst != null && !lst.isEmpty()){ vipstate = lst.get(0).getVipstate(); } } else if(bankCode != null && !"".equals(bankCode)){//如果是金融机构 TBankRegisterInfo tb = new TBankRegisterInfo(); tb.setBankcode(bankCode); List<TBankRegisterInfo> lst = tBankCompanyService.queryListByWhere(tb); if(lst != null && !lst.isEmpty()){ vipstate = lst.get(0).getVipstate(); } } } return vipstate; } private static String getWrongNameByCode(int status) throws ClassNotFoundException, InstantiationException, IllegalAccessException { String wrongName = ""; Class<?> clazz = Class.forName("org.uz.dxt.interceptor.param.ProfessionValidWrongCode"); Object obj = clazz.newInstance(); Field[] fields = clazz.getDeclaredFields(); for (Field field : fields) { field.setAccessible(true); String name = field.getName(); if(name.equals("CODE_"+status)){ wrongName = (String)field.get(obj); } } return wrongName; } } 3、配置xml拦截 <mvc:interceptors> <mvc:interceptor> <mvc:mapping path="/**" /> <mvc:exclude-mapping path="/source/**"/> <mvc:exclude-mapping path="/js/**"/> <mvc:exclude-mapping path="/img/**"/> <mvc:exclude-mapping path="/css/**"/> <bean class="org.uz.dxt.interceptor.ProfessionInterceptor"></bean> </mvc:interceptor> </mvc:interceptors> 拦截获取到的url

转载请注明原文地址: https://www.6miu.com/read-68693.html

最新回复(0)