From d5d8fae9a623da859fdab44aea5b5f97b3dcb1f7 Mon Sep 17 00:00:00 2001 From: dw <2196435763@qq.com> Date: Sun, 27 Apr 2025 18:36:20 +0800 Subject: [PATCH] =?UTF-8?q?=E6=9D=9C=E9=9F=A6=E6=B3=A8=E9=87=8A?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../interceptor/AuthorizationInterceptor.java | 102 ++++++++++++------ 1 file changed, 67 insertions(+), 35 deletions(-) diff --git a/src/main/java/com/interceptor/AuthorizationInterceptor.java b/src/main/java/com/interceptor/AuthorizationInterceptor.java index 723834b..a6d3d79 100644 --- a/src/main/java/com/interceptor/AuthorizationInterceptor.java +++ b/src/main/java/com/interceptor/AuthorizationInterceptor.java @@ -1,94 +1,126 @@ +// 包声明,定义当前类所在的包路径 package com.interceptor; +// 导入Java IO包中的IOException类,用于处理输入输出异常 import java.io.IOException; +// 导入Java IO包中的PrintWriter类,用于向客户端输出数据 import java.io.PrintWriter; +// 导入Java util包中的HashMap类,用于存储键值对数据 import java.util.HashMap; +// 导入Java util包中的Map接口,用于定义键值对集合 import java.util.Map; +// 导入FastJSON的JSONObject类,用于处理JSON数据 import com.alibaba.fastjson.JSONObject; +// 导入Servlet包中的HttpServletRequest类,用于处理HTTP请求 import javax.servlet.http.HttpServletRequest; +// 导入Servlet包中的HttpServletResponse类,用于处理HTTP响应 import javax.servlet.http.HttpServletResponse; +// 导入Apache Commons Lang库中的StringUtils类,用于字符串处理 import org.apache.commons.lang3.StringUtils; +// 导入Spring框架的Autowired注解,用于自动装配依赖 import org.springframework.beans.factory.annotation.Autowired; +// 导入Spring框架的Component注解,标识该类为Spring组件 import org.springframework.stereotype.Component; +// 导入Spring Web包中的HandlerMethod类,用于处理方法级别的处理器 import org.springframework.web.method.HandlerMethod; +// 导入Spring Web MVC包中的HandlerInterceptor接口,用于定义拦截器 import org.springframework.web.servlet.HandlerInterceptor; +// 导入自定义的IgnoreAuth注解,用于标记不需要认证的方法 import com.annotation.IgnoreAuth; +// 导入自定义的EIException异常类,用于处理业务异常 import com.entity.EIException; +// 导入自定义的TokenEntity实体类,用于表示令牌信息 import com.entity.TokenEntity; +// 导入自定义的TokenService服务类,用于处理令牌相关逻辑 import com.service.TokenService; +// 导入自定义的R工具类,用于封装统一响应格式 import com.utils.R; -/** - * 权限(Token)验证 - */ + +// 权限(Token)验证拦截器 + @Component public class AuthorizationInterceptor implements HandlerInterceptor { + // 登录Token的键名 public static final String LOGIN_TOKEN_KEY = "Token"; @Autowired - private TokenService tokenService; - - @Override + private TokenService tokenService; // 自动注入Token服务 - public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { + @Override + + //在请求处理之前进行拦截 + // @param request HTTP请求对象 + // @param response HTTP响应对象 + //@param handler 处理器对象 + // @return 如果返回true,则继续处理请求;如果返回false,则中断请求处理 + // @throws Exception 处理过程中可能抛出的异常 + public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { + + // 获取请求路径 String servletPath = request.getServletPath(); - if("/dictionary/page".equals(request.getServletPath()) || "/file/upload".equals(request.getServletPath()) || "/yonghu/register".equals(request.getServletPath()) ){//请求路径是字典表或者文件上传 直接放行 + // 如果是字典表或文件上传或用户注册接口,直接放行 + if("/dictionary/page".equals(request.getServletPath()) || "/file/upload".equals(request.getServletPath()) || "/yonghu/register".equals(request.getServletPath()) ){ return true; } - //支持跨域请求 - response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE"); + + // 支持跨域请求 + response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE"); response.setHeader("Access-Control-Max-Age", "3600"); response.setHeader("Access-Control-Allow-Credentials", "true"); response.setHeader("Access-Control-Allow-Headers", "x-requested-with,request-source,Token, Origin,imgType, Content-Type, cache-control,postman-token,Cookie, Accept,authorization"); response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin")); IgnoreAuth annotation; + // 如果handler是方法处理器,则尝试获取IgnoreAuth注解 if (handler instanceof HandlerMethod) { annotation = ((HandlerMethod) handler).getMethodAnnotation(IgnoreAuth.class); } else { - return true; + return true; // 如果不是方法处理器,直接放行 } //从header中获取token String token = request.getHeader(LOGIN_TOKEN_KEY); - + /** * 不需要验证权限的方法直接放过 */ if(annotation!=null) { - return true; + return true; // 如果存在IgnoreAuth注解,直接放行 } - + TokenEntity tokenEntity = null; + // 如果token不为空,验证token if(StringUtils.isNotBlank(token)) { - tokenEntity = tokenService.getTokenEntity(token); + tokenEntity = tokenService.getTokenEntity(token); } - + + // 如果token有效,设置session属性并放行 if(tokenEntity != null) { - request.getSession().setAttribute("userId", tokenEntity.getUserid()); - request.getSession().setAttribute("role", tokenEntity.getRole()); - request.getSession().setAttribute("tableName", tokenEntity.getTablename()); - request.getSession().setAttribute("username", tokenEntity.getUsername()); - return true; + request.getSession().setAttribute("userId", tokenEntity.getUserid()); + request.getSession().setAttribute("role", tokenEntity.getRole()); + request.getSession().setAttribute("tableName", tokenEntity.getTablename()); + request.getSession().setAttribute("username", tokenEntity.getUsername()); + return true; + } + + PrintWriter writer = null; + response.setCharacterEncoding("UTF-8"); // 设置响应字符编码为UTF-8 + response.setContentType("application/json; charset=utf-8"); // 设置响应内容类型为JSON + try { + writer = response.getWriter(); // 获取响应输出流 + writer.print(JSONObject.toJSONString(R.error(401, "请先登录"))); // 返回错误信息 + } finally { + if(writer != null){ + writer.close(); // 关闭响应输出流 + } } - - PrintWriter writer = null; - response.setCharacterEncoding("UTF-8"); - response.setContentType("application/json; charset=utf-8"); - try { - writer = response.getWriter(); - writer.print(JSONObject.toJSONString(R.error(401, "请先登录"))); - } finally { - if(writer != null){ - writer.close(); - } - } -// throw new EIException("请先登录", 401); - return false; +// throw new EIException("请先登录", 401); // 抛出未登录异常,已注释掉 + return false; // 返回false,中断请求处理 } }