leisure.springboot.authorization.AuthorizationInterceptor Maven / Gradle / Ivy
The newest version!
package leisure.springboot.authorization;
import com.alibaba.fastjson.JSONObject;
import leisure.core.common.Result;
import leisure.springboot.core.BeanFactory;
import org.apache.commons.lang3.StringUtils;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Map;
public class AuthorizationInterceptor extends HandlerInterceptorAdapter {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
if (handler instanceof HandlerMethod) {
HandlerMethod handlerMethod = ((HandlerMethod) handler);
boolean accessResult = userAccessStrategyHandle(request, response, handlerMethod);
if (!accessResult) return false;
boolean authResult = userAuthorizationHandle(request, response, handlerMethod);
return authResult;
}
return true;
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
super.postHandle(request, response, handler, modelAndView);
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
super.afterCompletion(request, response, handler, ex);
}
@Override
public void afterConcurrentHandlingStarted(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
super.afterConcurrentHandlingStarted(request, response, handler);
}
private boolean userAccessStrategyHandle(HttpServletRequest request,
HttpServletResponse response,
HandlerMethod handler) throws Exception {
UserAccessStrategy userAccessStrategy = handler.getMethod().getAnnotation(UserAccessStrategy.class);
if (userAccessStrategy != null) {
UserAccessStrategyService userAccessStrategyService = BeanFactory.getBeanByType(UserAccessStrategyService.class);
boolean result = userAccessStrategyService.verify(request);
if (!result) {
UnAuthorize(request, response, 803);
return false;
}
}
return true;
}
private boolean userAuthorizationHandle(HttpServletRequest request,
HttpServletResponse response,
HandlerMethod handler) throws Exception {
UserAuthorization userAuthorization = handler.getMethod().getAnnotation(UserAuthorization.class);
if (userAuthorization != null) {
String token = TokenUtils.get(request, "authentication");
if (token == null || token.length() == 0) {
UnAuthorize(request, response, 801);
return false;
}
UserInfoService userInfoService = BeanFactory.getBeanByType(UserInfoService.class);
boolean result;
boolean judgeRole = userAuthorization.judgeRole();
String requestUrl = request.getRequestURI();
String value = userAuthorization.value();
String mname = handler.getMethod().getName();
mname = StringUtils.isNoneBlank(value) ? value : mname;
if (judgeRole) {
result = userInfoService.validateUser(token, true, requestUrl,mname);
} else {
result = userInfoService.validateUser(token);
}
if (result) {
Map user = userInfoService.getUser(token);
request.setAttribute("token", token);
request.setAttribute("user", user);
} else if (judgeRole) {
UnAuthorize(request, response, 804);
} else {
UnAuthorize(request, response, 802);
}
return result;
}
return true;
}
void UnAuthorize(HttpServletRequest request, HttpServletResponse response, int status) throws IOException {
Result result = new Result();
result.setCode(String.valueOf(status));
if (status == 801) {
result.setInfo("缺少授权信息!");
} else if (status == 802) {
result.setInfo("登陆已过期或用户不存在!");
} else if (status == 803) {
result.setInfo("无效请求,非法访问来源!");
} else if (status == 804) {
result.setInfo("没有访问该接口的权限!");
}
response.setContentType("application/json;charset=utf-8");
response.getWriter().print(JSONObject.toJSONString(result));
}
}