AuthInterceptor.java
4.39 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
package com.zteits.oa.configuration.auth;
import java.io.PrintWriter;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.springframework.stereotype.Component;
import org.springframework.util.CollectionUtils;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import com.alibaba.fastjson.JSONObject;
import com.zteits.oa.api.base.annotation.NoAuth;
import com.zteits.oa.api.base.bean.BizResult;
import com.zteits.oa.api.base.constants.ErrorType;
import com.zteits.oa.api.base.constants.SessionEnum;
import com.zteits.oa.api.dto.asraop.LoginOathRes;
/**
* Copyright: Copyright (c) 2017 zteits
*
* @ClassName: com.clouds.common.web.auth
* @Description:
* @version: v1.0.0
* @author: atao
* @date: 2017/5/11 上午9:34
* Modification History:
* Date Author Version Description
* ---------------------------------------------------------*
* 2017/5/11 atao v1.0.0 创建
*/
@Component
public class AuthInterceptor extends HandlerInterceptorAdapter {
private static final Logger log = LoggerFactory.getLogger(AuthInterceptor.class);
private static final String MIME_JSON = "application/json;charset=UTF-8";
// @Autowired
// private RedisCacheUtil redisCacheUtil;
//在请求进入controller前进行拦截
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
log.info("---bein校验用户权限校验,url={}",request.getRequestURI());
if(!isNeedAuth(handler)){
log.info("有@NoAuth 注解,无需校验...");
return true;
}
HttpSession session = request.getSession();
System.out.println("---权限校验获取session为"+session.getId());
//定义初始化的变量
Object object = session.getAttribute(SessionEnum.USER_INFO.key());
if (null == object) {
log.info("===权限校验,用户未登陆!");
setErrorResult(response, ErrorType.AUTH_TOKEN_NOT_EXISTS);
return false;
}
//LoginOathRes userInfo = (LoginOathRes)object;
return true;
}
/**
* 返回错误结果
*
* @param response
* @param errortype 错误类型
* @throws Exception
*/
private void setErrorResult(HttpServletResponse response, ErrorType errortype) throws Exception {
log.info("===校验用户权限 校验失败: ErrorType:errorCode={},errMsg={}", errortype.getCode(), errortype.getMsg());
PrintWriter writer = response.getWriter();
response.setCharacterEncoding("UTF-8");
response.setHeader("Content-type", MIME_JSON);
response.setContentType(MIME_JSON);
BizResult<?> bizResult = new BizResult<>();
bizResult.setErrCode(errortype.getCode());
bizResult.setErrMsg(errortype.getMsg());
response.setStatus(HttpStatus.OK.value());
writer.write(JSONObject.toJSON(bizResult).toString());
writer.close();
}
/**
* 判断此次请求是否需要进行鉴权
* @param handler
* @return true 需要权限校验 false 不需要权限校验
*/
private boolean isNeedAuth(Object handler){
log.info("==权限校验 判断是否需要进行权限校验");
boolean flag = true;
if(handler instanceof HandlerMethod){
HandlerMethod handlerMethod = (HandlerMethod)handler;
log.info("===访问的Controller 为{},请求的方法为{}",handlerMethod.getBeanType().getName(),handlerMethod.getMethod().getName());
log.info(handlerMethod.getBeanType().getName());
boolean authFlag=handlerMethod.getBeanType().isAnnotationPresent(NoAuth.class);
if(authFlag){
//如果Controller类上标注了NoAuth,整个类里面的方法都不需要进行权限校验
return !authFlag;
}
authFlag = handlerMethod.hasMethodAnnotation(NoAuth.class);
return !authFlag;
}
log.info("==权限校验 判断是否需要进行权限校验 flag={}",flag);
return flag;
}
}