1、自定義一個攔截器集成HandlerInterceptorAdapter裏面的preHandle方法
@Service
public class AccessInterceptor extends HandlerInterceptorAdapter{
@Autowired
RedisService redisService;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
if(handler instanceof HandlerMethod) {
User user = getUser(request, response);
UserContext.setUser(user);
HandlerMethod hm = (HandlerMethod)handler;
AccessLimit accessLimit = hm.getMethodAnnotation(AccessLimit.class);//請求的方法是否帶有accesslimit註解
if(accessLimit == null) {
return true;
}
//如果有判斷每請求一次緩存中當前用戶key的count+1.直到最大限制禁止訪問此接口
int seconds = accessLimit.seconds();
int maxCount = accessLimit.maxCount();
boolean needLogin = accessLimit.needLogin();
String key = request.getRequestURI();
if(needLogin) {
if(user == null) {
render(response, CodeMsg.SESSION_ERROR);
return false;
}
key += "_" + user.getId();
}else {
//do nothing
}
AccessKey ak = AccessKey.withExpire(seconds);
Integer count = redisService.get(ak, key, Integer.class);
if(count == null) {
redisService.set(ak, key, 1);
}else if(count < maxCount) {
redisService.incr(ak, key);
}else {
render(response, CodeMsg.ACCESS_LIMIT_REACHED);
return false;
}
}
return true;
}
//返回前臺
private void render(HttpServletResponse response, CodeMsg cm)throws Exception {
response.setContentType("application/json;charset=UTF-8");
OutputStream out = response.getOutputStream();
String str = JSON.toJSONString(Result.error(cm));
out.write(str.getBytes("UTF-8"));
out.flush();
out.close();
}
//用戶帶來的redis key值可能在cookie中或者參數中
private User getUser(HttpServletRequest request, HttpServletResponse response) {
String paramToken = request.getParameter(MiaoshaUserService.COOKI_NAME_TOKEN);
String cookieToken = getCookieValue(request, UserService.COOKI_NAME_TOKEN);
if(StringUtils.isEmpty(cookieToken) && StringUtils.isEmpty(paramToken)) {
return null;
}
String token = StringUtils.isEmpty(paramToken)?cookieToken:paramToken;
return userService.getByToken(response, token);
}
private String getCookieValue(HttpServletRequest request, String cookiName) {
Cookie[] cookies = request.getCookies();
if(cookies == null || cookies.length <= 0){
return null;
}
for(Cookie cookie : cookies) {
if(cookie.getName().equals(cookiName)) {
return cookie.getValue();
}
}
return null;
}
}
/**
* 在mvc配置攔截器
* @param registry
*/
@Configuration
//等價於<mvc:annotation-driven/>
@EnableWebMvc
public class MVCConfiguration extends WebMvcConfigurerAdapter implements ApplicationContextAware {
@Override
public void addInterceptors(InterceptorRegistry registry) {
String interceptPath = "";
//註冊攔截器
InterceptorRegistration loginIR = registry.addInterceptor(new AccessInterceptor ());
//配置攔截路徑
loginIR.addPathPatterns(interceptPath);
//註冊其他攔截器
InterceptorRegistration permissionIR = registry.addInterceptor(new UserPermissionInterceptor());
//配置攔截路徑
permissionIR.addPathPatterns(interceptPath);
//配置不攔截路徑
permissionIR.excludePathPatterns("");
}
//將數據存在當前線程中,當前線程安全
public class UserContext {
private static ThreadLocal<User> userHolder = new ThreadLocal<User>();
public static void setUser(User user) {
userHolder.set(user);
}
public static User getUser() {
return userHolder.get();
}
}
//自定義限制註解,加載controller url 上
@Retention(RUNTIME)
@Target(METHOD)
public @interface AccessLimit {
int seconds();
int maxCount();
boolean needLogin() default true;
}