提交代码

zmk

2024-10-23 3f47c88e7cb4e53b3637620794420181f47b5a5e

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
package com.javaweb.platform.interceptor;
 
import java.io.OutputStream;
 
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
 
import org.springframework.stereotype.Component;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
 
import com.javaweb.common.annotation.UserAuth;
import com.javaweb.platform.domain.FrontUser;
import com.javaweb.platform.utils.UserAuthCacheUtils;
 
/**
 * 权限验证拦截器
 * @author Admin
 *
 */
@Component
public class UserAuthInterceptor extends HandlerInterceptorAdapter{
    
 
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
 
        // 验证权限
        if (this.hasPermission(handler,request)) {
            return true;
        }
 
        response.setHeader("content-type", "text/html;charset=utf-8");
 
        String data = "authInvalid";
 
        OutputStream out = response.getOutputStream();
        // 以什么编码打入
        out.write(data.getBytes("utf-8"));
        return false;
 
 
       // return false;
    }
 
    /**
     * 是否有权限，
     *  后续可以考虑写入 redis 或者 数据表，
     *  目前以Cache 形式实现
     */
    private boolean hasPermission(Object handler,HttpServletRequest request) {
        if (handler instanceof HandlerMethod) {
            HandlerMethod handlerMethod = (HandlerMethod) handler;
            // 获取方法上的注解
            UserAuth requiredPermission = handlerMethod.getMethod().getAnnotation(UserAuth.class);
            // 如果方法上的注解为空 则获取类的注解
            if (requiredPermission == null) {
                requiredPermission = handlerMethod.getMethod().getDeclaringClass().getAnnotation(UserAuth.class);
            }
            if (requiredPermission == null) {
                return true;
            }
 
            //验证前端传递的token
            String token = request.getParameter("token");
            if (token != null) {
                //如果还有token值
                if(UserAuthCacheUtils.userCaches.containsKey(token)){
                    //验证传递的token  和用户的token 是否一致
                    FrontUser  frontUser = (FrontUser) UserAuthCacheUtils.getCahce(token);
                    if(token.equals(frontUser.getAccessToken())){
                        return true;
                    }        
                    
                }        
                return false;
                
            } else {
                return false;
            }
                  
        }
        return true;
    }
    @Override
    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
    }
    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
    }
 
}