@Component
public class GlobalInterceptor extends HandlerInterceptorAdapter {
private static Logger logger = LoggerFactory.getLogger(GlobalInterceptor.class);
@Resource
private UserService userRoleService;
/**
* 調用action之前進行攔截
* @param request
* @param response
* @param handler
* @return
* @throws Exception
*/
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
SaasHttpContext.setIP(getIp(request));
JwtUserDto userInfo = null;
if (handler.getClass().isAssignableFrom(HandlerMethod.class)) {
//當然Request是一個Action
HandlerMethod method = (HandlerMethod) handler;
//****檢查FinhubAuth,是否需要鑑權
boolean methodNeedAuth = method.hasMethodAnnotation(GeekAuth.class);
// GeekAuth geekAuth = method.getMethodAnnotation(GeekAuth.class);
if (!methodNeedAuth) {
methodNeedAuth = method.getBeanType().isAnnotationPresent(GeekAuth.class);
}
//****FinhubAuth檢查結束
if (methodNeedAuth) {
JwtTokenUtil jwtTokenUtil = new JwtTokenUtil();
//***身份驗證
String token = Optional.ofNullable(request.getHeader("X-Auth-Token")).orElseGet(() ->
getTokenFromCookie(request));
Long userId = jwtTokenUtil.getUserIdFromToken(token);
if (userId==null) {
response.sendError(401, "no auth");
return false;
}
// 直接通過token獲取userId 根據userId獲取用戶信息
userInfo = userRoleService.findJwtUserDtoByUserId(userId);
if (userInfo == null || userInfo.getUserId()==null) {
response.sendError(401, "no auth");
return false;
}
}
SaasHttpContext.setUserInfo(userInfo);
}
return super.preHandle(request, response, handler);
}
/**
* 從 cookie 中獲取 token
*/
private String getTokenFromCookie(HttpServletRequest request) {
Cookie[] cookies = Optional.ofNullable(request.getCookies()).orElse(new Cookie[0]); // Optional 強制賦默認值,cookies一定不爲 null
String cookie = Arrays.stream(cookies).filter(item ->
"X-Auth-Token".equals(item.getName())
).findFirst().map(Cookie::getValue).orElse(null);
return cookie;
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
super.afterCompletion(request, response, handler, ex);
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
super.postHandle(request, response, handler, modelAndView);
}
private String getIp(HttpServletRequest request) {
String ipAddr = request.getHeader("CLIENT-IP");
if (ipAddr == null || ipAddr.length() == 0) {
ipAddr = request.getHeader("X-Real-IP");
}
if (ipAddr == null || ipAddr.length() == 0) {
ipAddr = request.getHeader("X-Forwarded-For");
}
if (ipAddr == null || ipAddr.length() == 0) {
ipAddr = request.getRemoteAddr();
}
return ipAddr;
}
}
通過註解分配權限
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章
JSONArray指定日期的反序列化
JSONArray序列化日期最初用到, 這個是全局設置,會有風險。 String[] dateFormats = new String[] {"yyyyMMdd"}; JSONUtils.getM