package com.config.RoleInterceptor; import com.fasterxml.jackson.databind.ObjectMapper; import com.util.GetTokenData; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import org.springframework.web.method.HandlerMethod; import org.springframework.web.servlet.HandlerInterceptor; import org.springframework.web.servlet.ModelAndView; import javax.management.OperationsException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.util.Map; @Component public class SecurityInterceptor implements HandlerInterceptor { @Autowired GetTokenData getTokenData; @Autowired ObjectMapper objectMapper; @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { System.out.println("preHandle"); if (!handler.getClass().isAssignableFrom(HandlerMethod.class)) { System.out.println("cat cast handler to HandlerMethod.class"); return true; } // 获取注解 Auth auth = ((HandlerMethod) handler).getMethod().getAnnotation(Auth.class); if (auth == null) { System.out.println("cant find @Auth in this uri:" + request.getRequestURI()); return true; } // 从参数中取出用户身份并验证 String admin = auth.user(); System.out.println("auth:"+admin); String token = request.getHeader("token"); Map resultMap = getTokenData.getTokenData(token); System.out.println("user:" + resultMap.get("role")); if (!admin.equals(resultMap.get("role"))) { System.out.println("permission denied"); throw new OperationsException("权限不足"); } return true; } @Override public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception { System.out.println("2"); } @Override public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception { System.out.println("3"); } }