地质所 沉降监测网建设项目
blame | 历史 | 原始文档
zmk
2024-05-22 464634d38dc3579213b828264ef1af8f6e5fa3e1 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93

package com.javaweb.platform.interceptor;


 


import java.io.OutputStream;


 


import javax.servlet.http.HttpServletRequest;


import javax.servlet.http.HttpServletResponse;


 


import org.springframework.stereotype.Component;


import org.springframework.web.method.HandlerMethod;


import org.springframework.web.servlet.ModelAndView;


import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;


 


import com.javaweb.common.annotation.UserAuth;


import com.javaweb.platform.domain.FrontUser;


import com.javaweb.platform.utils.UserAuthCacheUtils;


 


/**


 * 权限验证拦截器


 * @author Admin


 *


 */


@Component


public class UserAuthInterceptor extends HandlerInterceptorAdapter{


    


 


    @Override


    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {


 


        // 验证权限


        if (this.hasPermission(handler,request)) {


            return true;


        }


 


        response.setHeader("content-type", "text/html;charset=utf-8");


 


        String data = "authInvalid";


 


        OutputStream out = response.getOutputStream();


        // 以什么编码打入


        out.write(data.getBytes("utf-8"));


        return false;


 


 


       // return false;


    }


 


    /**


     * 是否有权限,


     *  后续可以考虑写入 redis 或者 数据表,


     *  目前以Cache 形式实现


     */


    private boolean hasPermission(Object handler,HttpServletRequest request) {


        if (handler instanceof HandlerMethod) {


            HandlerMethod handlerMethod = (HandlerMethod) handler;


            // 获取方法上的注解


            UserAuth requiredPermission = handlerMethod.getMethod().getAnnotation(UserAuth.class);


            // 如果方法上的注解为空 则获取类的注解


            if (requiredPermission == null) {


                requiredPermission = handlerMethod.getMethod().getDeclaringClass().getAnnotation(UserAuth.class);


            }


            if (requiredPermission == null) {


                return true;


            }


 


            //验证前端传递的token


            String token = request.getParameter("token");


            if (token != null) {


                //如果还有token值


                if(UserAuthCacheUtils.userCaches.containsKey(token)){


                    //验证传递的token  和用户的token 是否一致


                    FrontUser  frontUser = (FrontUser) UserAuthCacheUtils.getCahce(token);


                    if(token.equals(frontUser.getAccessToken())){


                        return true;


                    }        


                    


                }        


                return false;


                


            } else {


                return false;


            }


                  


        }


        return true;


    }


    @Override


    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {


    }


    @Override


    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {


    }


 


}