|
|
|
|
@ -1,46 +1,75 @@
|
|
|
|
|
// 包声明,定义当前类所在的包路径
|
|
|
|
|
package com.interceptor;
|
|
|
|
|
|
|
|
|
|
// 导入Java IO包中的IOException类,用于处理输入输出异常
|
|
|
|
|
import java.io.IOException;
|
|
|
|
|
// 导入Java IO包中的PrintWriter类,用于向客户端输出数据
|
|
|
|
|
import java.io.PrintWriter;
|
|
|
|
|
// 导入Java util包中的HashMap类,用于存储键值对数据
|
|
|
|
|
import java.util.HashMap;
|
|
|
|
|
// 导入Java util包中的Map接口,用于定义键值对集合
|
|
|
|
|
import java.util.Map;
|
|
|
|
|
// 导入FastJSON的JSONObject类,用于处理JSON数据
|
|
|
|
|
import com.alibaba.fastjson.JSONObject;
|
|
|
|
|
// 导入Servlet包中的HttpServletRequest类,用于处理HTTP请求
|
|
|
|
|
import javax.servlet.http.HttpServletRequest;
|
|
|
|
|
// 导入Servlet包中的HttpServletResponse类,用于处理HTTP响应
|
|
|
|
|
import javax.servlet.http.HttpServletResponse;
|
|
|
|
|
|
|
|
|
|
// 导入Apache Commons Lang库中的StringUtils类,用于字符串处理
|
|
|
|
|
import org.apache.commons.lang3.StringUtils;
|
|
|
|
|
// 导入Spring框架的Autowired注解,用于自动装配依赖
|
|
|
|
|
import org.springframework.beans.factory.annotation.Autowired;
|
|
|
|
|
// 导入Spring框架的Component注解,标识该类为Spring组件
|
|
|
|
|
import org.springframework.stereotype.Component;
|
|
|
|
|
// 导入Spring Web包中的HandlerMethod类,用于处理方法级别的处理器
|
|
|
|
|
import org.springframework.web.method.HandlerMethod;
|
|
|
|
|
// 导入Spring Web MVC包中的HandlerInterceptor接口,用于定义拦截器
|
|
|
|
|
import org.springframework.web.servlet.HandlerInterceptor;
|
|
|
|
|
|
|
|
|
|
// 导入自定义的IgnoreAuth注解,用于标记不需要认证的方法
|
|
|
|
|
import com.annotation.IgnoreAuth;
|
|
|
|
|
// 导入自定义的EIException异常类,用于处理业务异常
|
|
|
|
|
import com.entity.EIException;
|
|
|
|
|
// 导入自定义的TokenEntity实体类,用于表示令牌信息
|
|
|
|
|
import com.entity.TokenEntity;
|
|
|
|
|
// 导入自定义的TokenService服务类,用于处理令牌相关逻辑
|
|
|
|
|
import com.service.TokenService;
|
|
|
|
|
// 导入自定义的R工具类,用于封装统一响应格式
|
|
|
|
|
import com.utils.R;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* 权限(Token)验证
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
// 权限(Token)验证拦截器
|
|
|
|
|
|
|
|
|
|
@Component
|
|
|
|
|
public class AuthorizationInterceptor implements HandlerInterceptor {
|
|
|
|
|
|
|
|
|
|
// 登录Token的键名
|
|
|
|
|
public static final String LOGIN_TOKEN_KEY = "Token";
|
|
|
|
|
|
|
|
|
|
@Autowired
|
|
|
|
|
private TokenService tokenService;
|
|
|
|
|
private TokenService tokenService; // 自动注入Token服务
|
|
|
|
|
|
|
|
|
|
@Override
|
|
|
|
|
|
|
|
|
|
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
|
|
|
|
|
//在请求处理之前进行拦截
|
|
|
|
|
// @param request HTTP请求对象
|
|
|
|
|
// @param response HTTP响应对象
|
|
|
|
|
//@param handler 处理器对象
|
|
|
|
|
// @return 如果返回true,则继续处理请求;如果返回false,则中断请求处理
|
|
|
|
|
// @throws Exception 处理过程中可能抛出的异常
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
|
|
|
|
|
|
|
|
|
|
// 获取请求路径
|
|
|
|
|
String servletPath = request.getServletPath();
|
|
|
|
|
if("/dictionary/page".equals(request.getServletPath()) || "/file/upload".equals(request.getServletPath()) || "/yonghu/register".equals(request.getServletPath()) ){//请求路径是字典表或者文件上传 直接放行
|
|
|
|
|
// 如果是字典表或文件上传或用户注册接口,直接放行
|
|
|
|
|
if("/dictionary/page".equals(request.getServletPath()) || "/file/upload".equals(request.getServletPath()) || "/yonghu/register".equals(request.getServletPath()) ){
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
//支持跨域请求
|
|
|
|
|
|
|
|
|
|
// 支持跨域请求
|
|
|
|
|
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
|
|
|
|
|
response.setHeader("Access-Control-Max-Age", "3600");
|
|
|
|
|
response.setHeader("Access-Control-Allow-Credentials", "true");
|
|
|
|
|
@ -48,10 +77,11 @@ public class AuthorizationInterceptor implements HandlerInterceptor {
|
|
|
|
|
response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));
|
|
|
|
|
|
|
|
|
|
IgnoreAuth annotation;
|
|
|
|
|
// 如果handler是方法处理器,则尝试获取IgnoreAuth注解
|
|
|
|
|
if (handler instanceof HandlerMethod) {
|
|
|
|
|
annotation = ((HandlerMethod) handler).getMethodAnnotation(IgnoreAuth.class);
|
|
|
|
|
} else {
|
|
|
|
|
return true;
|
|
|
|
|
return true; // 如果不是方法处理器,直接放行
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//从header中获取token
|
|
|
|
|
@ -61,14 +91,16 @@ public class AuthorizationInterceptor implements HandlerInterceptor {
|
|
|
|
|
* 不需要验证权限的方法直接放过
|
|
|
|
|
*/
|
|
|
|
|
if(annotation!=null) {
|
|
|
|
|
return true;
|
|
|
|
|
return true; // 如果存在IgnoreAuth注解,直接放行
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TokenEntity tokenEntity = null;
|
|
|
|
|
// 如果token不为空,验证token
|
|
|
|
|
if(StringUtils.isNotBlank(token)) {
|
|
|
|
|
tokenEntity = tokenService.getTokenEntity(token);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// 如果token有效,设置session属性并放行
|
|
|
|
|
if(tokenEntity != null) {
|
|
|
|
|
request.getSession().setAttribute("userId", tokenEntity.getUserid());
|
|
|
|
|
request.getSession().setAttribute("role", tokenEntity.getRole());
|
|
|
|
|
@ -78,17 +110,17 @@ public class AuthorizationInterceptor implements HandlerInterceptor {
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
PrintWriter writer = null;
|
|
|
|
|
response.setCharacterEncoding("UTF-8");
|
|
|
|
|
response.setContentType("application/json; charset=utf-8");
|
|
|
|
|
response.setCharacterEncoding("UTF-8"); // 设置响应字符编码为UTF-8
|
|
|
|
|
response.setContentType("application/json; charset=utf-8"); // 设置响应内容类型为JSON
|
|
|
|
|
try {
|
|
|
|
|
writer = response.getWriter();
|
|
|
|
|
writer.print(JSONObject.toJSONString(R.error(401, "请先登录")));
|
|
|
|
|
writer = response.getWriter(); // 获取响应输出流
|
|
|
|
|
writer.print(JSONObject.toJSONString(R.error(401, "请先登录"))); // 返回错误信息
|
|
|
|
|
} finally {
|
|
|
|
|
if(writer != null){
|
|
|
|
|
writer.close();
|
|
|
|
|
writer.close(); // 关闭响应输出流
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
// throw new EIException("请先登录", 401);
|
|
|
|
|
return false;
|
|
|
|
|
// throw new EIException("请先登录", 401); // 抛出未登录异常,已注释掉
|
|
|
|
|
return false; // 返回false,中断请求处理
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
