package com.zteits.oa.configuration.auth; import java.io.PrintWriter; import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.http.HttpStatus; import org.springframework.stereotype.Component; import org.springframework.util.CollectionUtils; import org.springframework.web.method.HandlerMethod; import com.alibaba.fastjson.JSONObject; import com.zteits.oa.api.base.annotation.NoAuth; import com.zteits.oa.api.base.bean.BizResult; import com.zteits.oa.api.base.constants.ErrorType; import com.zteits.oa.api.base.constants.SessionEnum; import com.zteits.oa.api.dto.asraop.LoginOathRes; import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; /** * Copyright: Copyright (c) 2017 zteits * * @ClassName: .web.auth * @Description: * @version: v1.0.0 * @author: atao * @date: 2017/5/11 上午9:34 * Modification History: * Date Author Version Description * ---------------------------------------------------------* * 2017/5/11 atao v1.0.0 创建 */ //@Component public class AuthInterceptor extends HandlerInterceptorAdapter { private static final Logger log = LoggerFactory.getLogger(AuthInterceptor.class); private static final String MIME_JSON = "application/json;charset=UTF-8"; // @Autowired // private RedisCacheUtil redisCacheUtil; //在请求进入controller前进行拦截 @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { log.info("---bein校验用户权限校验,url={}",request.getRequestURI()); if(!isNeedAuth(handler)){ log.info("有@NoAuth 注解,无需校验..."); return true; } HttpSession session = request.getSession(); System.out.println("---权限校验获取session为"+session.getId()); //定义初始化的变量 Object object = session.getAttribute(SessionEnum.USER_INFO.key()); if (null == object) { log.info("===权限校验,用户未登陆!"); setErrorResult(response, ErrorType.AUTH_TOKEN_NOT_EXISTS); return false; } //LoginOathRes userInfo = (LoginOathRes)object; return true; } /** * 返回错误结果 * * @param response * @param errortype 错误类型 * @throws Exception */ private void setErrorResult(HttpServletResponse response, ErrorType errortype) throws Exception { log.info("===校验用户权限 校验失败: ErrorType:errorCode={},errMsg={}", errortype.getCode(), errortype.getMsg()); PrintWriter writer = response.getWriter(); response.setCharacterEncoding("UTF-8"); response.setHeader("Content-type", MIME_JSON); response.setContentType(MIME_JSON); BizResult bizResult = new BizResult<>(); bizResult.setCode(errortype.getCode()); bizResult.setErrMsg(errortype.getMsg()); response.setStatus(HttpStatus.OK.value()); writer.write(JSONObject.toJSON(bizResult).toString()); writer.close(); } /** * 判断此次请求是否需要进行鉴权 * @param handler * @return true 需要权限校验 false 不需要权限校验 */ private boolean isNeedAuth(Object handler){ log.info("==权限校验 判断是否需要进行权限校验"); boolean flag = true; if(handler instanceof HandlerMethod){ HandlerMethod handlerMethod = (HandlerMethod)handler; log.info("===访问的Controller 为{},请求的方法为{}",handlerMethod.getBeanType().getName(),handlerMethod.getMethod().getName()); log.info(handlerMethod.getBeanType().getName()); boolean authFlag=handlerMethod.getBeanType().isAnnotationPresent(NoAuth.class); if(authFlag){ //如果Controller类上标注了NoAuth,整个类里面的方法都不需要进行权限校验 return !authFlag; } authFlag = handlerMethod.hasMethodAnnotation(NoAuth.class); return !authFlag; } log.info("==权限校验 判断是否需要进行权限校验 flag={}",flag); return flag; } }