| | |
|---|
| | | package com.lf.server.interceptor; |
|---|
| | | |
|---|
| | | import com.alibaba.fastjson.JSON; |
|---|
| | | import com.lf.server.entity.all.*; |
|---|
| | | import com.lf.server.entity.sys.UserEntity; |
|---|
| | | import com.lf.server.helper.StringHelper; |
|---|
| | | import com.lf.server.helper.WebHelper; |
|---|
| | | import com.lf.server.service.sys.TokenService; |
|---|
| | | import org.apache.commons.logging.Log; |
|---|
| | | import org.apache.commons.logging.LogFactory; |
|---|
| | | import org.springframework.context.annotation.Configuration; |
|---|
| | | import org.springframework.web.method.HandlerMethod; |
|---|
| | | import org.springframework.web.servlet.HandlerInterceptor; |
|---|
| | | |
|---|
| | | import javax.servlet.http.HttpServletRequest; |
|---|
| | | import javax.servlet.http.HttpServletResponse; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * 身份认证拦截器 |
|---|
| | | * @author WWW |
|---|
| | | */ |
|---|
| | | public class AuthInterceptor { |
|---|
| | | @Configuration |
|---|
| | | public class AuthInterceptor implements HandlerInterceptor { |
|---|
| | | private TokenService tokenService; |
|---|
| | | |
|---|
| | | private static final Log log = LogFactory.getLog(AuthInterceptor.class); |
|---|
| | | |
|---|
| | | private static final String NO_TOKEN = JSON.toJSONString(new ResponseMsg<String>(HttpStatus.TOKEN_ERROR, "找不到令牌")); |
|---|
| | | |
|---|
| | | private static final String NO_LOGIN = JSON.toJSONString(new ResponseMsg<String>(HttpStatus.NO_LOGIN_ERROR, "用户未登录")); |
|---|
| | | |
|---|
| | | private static final String USER_LOCK = JSON.toJSONString(new ResponseMsg<String>(HttpStatus.USER_LOCK_ERROR, "用户ID已禁用")); |
|---|
| | | |
|---|
| | | public AuthInterceptor(TokenService tokenService) { |
|---|
| | | this.tokenService = tokenService; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Controller执行之前执行,如果返回值是true则代表放行,返回false则拦截 |
|---|
| | | * |
|---|
| | | * @param request |
|---|
| | | * @param response |
|---|
| | | * @param handler |
|---|
| | | * @return |
|---|
| | | */ |
|---|
| | | @Override |
|---|
| | | public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) { |
|---|
| | | try { |
|---|
| | | System.out.println(request.getRequestURI().toLowerCase() + ", " + (handler instanceof HandlerMethod)); |
|---|
| | | // 非方法 或 无需授权,无需拦截 |
|---|
| | | if (!(handler instanceof HandlerMethod) || noNeedAuth(request)) { |
|---|
| | | return true; |
|---|
| | | } |
|---|
| | | |
|---|
| | | String token = WebHelper.getToken(request); |
|---|
| | | if (StringHelper.isNull(token)) { |
|---|
| | | return WebHelper.write2Page(response, NO_TOKEN); |
|---|
| | | } |
|---|
| | | |
|---|
| | | UserEntity ue = tokenService.getCurrentUser(request); |
|---|
| | | if (ue == null) { |
|---|
| | | return WebHelper.write2Page(response, NO_LOGIN); |
|---|
| | | } |
|---|
| | | |
|---|
| | | if (tokenService.isUidDisable(ue)) { |
|---|
| | | return WebHelper.write2Page(response, USER_LOCK); |
|---|
| | | } |
|---|
| | | |
|---|
| | | // noinspection AlibabaRemoveCommentedCode |
|---|
| | | // 权限校验 |
|---|
| | | |
|---|
| | | return true; |
|---|
| | | } catch (Exception ex) { |
|---|
| | | log.error(ex.getMessage() + ex.getStackTrace() + "\n"); |
|---|
| | | return false; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * 无需授权 |
|---|
| | | * |
|---|
| | | * @param request |
|---|
| | | * @return |
|---|
| | | */ |
|---|
| | | private static boolean noNeedAuth(HttpServletRequest request) { |
|---|
| | | String uri = request.getRequestURI().toLowerCase(); |
|---|
| | | for (String page : StaticData.EXCLUDE_PATH) { |
|---|
| | | if (uri.contains(page)) { |
|---|
| | | return true; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | return false; |
|---|
| | | } |
|---|
| | | } |
|---|
