SpringBoot登录用户权限拦截器

SpringBoot登录用户权限拦截器

1. 创建自定义拦截器类并实现 HandlerInterceptor 接口

package com.xgf.online_mall.interceptor;

import com.xgf.online_mall.system.domain.User;

import lombok.extern.slf4j.Slf4j;

import org.springframework.stereotype.Component;

import org.springframework.web.servlet.HandlerInterceptor;

import org.springframework.web.servlet.ModelAndView;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

import java.io.BufferedWriter;

import java.io.FileWriter;

import java.nio.file.Files;

import java.nio.file.Path;

import java.nio.file.Paths;

import java.text.SimpleDateFormat;

import java.util.Date;

import java.util.logging.SimpleFormatter;

@Slf4j

@Component

public class UserLoginAuthInterceptor implements HandlerInterceptor {

@Override

public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {

log.info(" ======== UserAuthInterceptor preHandle 登录权限拦截器拦截");

User user = (User) request.getSession().getAttribute("loginUser");

//未登录才判断，登录了直接放行

if(user == null){

//获取访问路径

String address = request.getRequestURI();

log.info("======== 拦截，访问路径 address : {}", address);

response.sendRedirect(request.getContextPath() + "/login.html");

return false;

/*String address = request.getRequestURI();

log.info("======== 拦截，访问路径 address : {}", address);

//不是登录或者注册页面，就直接跳转登录界面

if(!address.contains("login") && !address.contains("register")){

//强制到登录页面

response.sendRedirect(request.getContextPath() + "/login.html")http://;

//设置为false，不访问controller

return false;

}*/

}

//其它模块或者已经登录，就直接放行

// log.info("======== 已登录 user = {}", user);

return true;

}

@Override

public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {

log.info(" ===== UserAuthInterceptor postHandle");

}

@Override

public void afterCompletion(HttpServletRequest request, HttpSerhttp://vletResponse response, Object handler, Exception ex) throws Exception {

log.info("==== UserAuthInterceptor afterCompletion");

//记录日志 向文件里面写日志

//获取服务器记录日志log文件所存放的目录位置 -- tomcat下的真实路径+log目录

String logdir = request.getServletContext().getRealPath("log");

//路径不存在就创建

Path logdirPath = Paths.get(logdir);

if(Files.notExists(logdirPath)){

Files.createDirectories(logdirPath);

}

//目录存在就将数据[字符]写入 //存放日志的路径+文件名

Path logfile = Paths.get(logdir,"userlog.log");

//logfile.toFile() paths转换为File类型 true以追加的方式写入

BufferedWriter writer = new BufferedWriter(new FileWriter(logfile.toFile(),true));

//获取登录用户信息

User user = (User)request.getSession().getAttribute("loginUser");

//记录user信息，存入日志

writer.write(new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(new Date()) + " >> " + user +"\r\n");

writer.flush();

writer.close();

}

}

2. 创建WebMvcConfigurer接口实现类，注册并生效自定义的拦截器

import com.xgf.online_mall.constant.PathConstantParam;

import com.xgf.online_mall.interceptor.UserLoginAuthInterceptor;

import lombok.extern.slf4j.Slf4j;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.context.annotation.Configuration;

import org.springframework.web.servlet.config.annotation.InterceptorRegistry;

import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

import java.util.ArrayList;

import java.util.List;

@Configurahttp://tion

@Slf4j

public class LoginConfig implements WebMvcConfigurer {

@Autowired

private UserLoginAuthInterceptor userLoginAuthInterceptor;

/**

* addInterceptors方法设置拦截路径

* addPathPatterns：需要拦截的访问路径

* excludePathPatterns：不需要拦截的路径，

* String数组类型可以写多个用","分割

* @param registry

*/

@Override

public void addInterceptors(InterceptorRegistry registry){

log.info(" ======== LoginConfig.addInterceptors");

//添加对用户未登录的拦截器，并添加排除项

//error路径，excludePathPatterns排除访问的路径在项目中不存在的时候，

//springboot会将路径变成 /error, 导致无法进行排除。

registry.addInterceptor(userLoginAuthInterceptor)

.addPathPatterns("/**")

.excludePathPatterns("/js/**", "/css/**", "/img/**", "/plugins/**")

.excludePathPatterns("/login.html", "/register.html", "/system/user/login", "/system/user/login", "/index")

.excludePathPatterns("/error");

}

}

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。