1、
自定義類interceptor是實作攔截進行認證驗證,
功能:使用者認證和頁面攔截跳轉
實作:驗證是否有session和cookie資訊
方法:實作spring的HandlerInterceptor接口,handle接口中定義了 三個方法
方法一:prehandle()是在處理請求之前進行調用,執行controller的任務之前調用,傳回true繼續執行,傳回false放棄執行。
方法二:posthandle()一般是請求處理之後,視圖傳回渲染之前進行調用,支援在這個方法中對controller處理之後的model view對象進行操作。
方法三:aftercompletion是perhandle方法傳回true和渲染對應的視圖之後執行,用于資源清理,無需手動加入任何語句就可以實作。
package com.pro.sign.interceptors;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import com.pro.sign.entity.Session;
import com.pro.sign.exception.SignException;
import com.pro.sign.service.ISignService;
import com.pro.tool.util.ToolContextData;
import com.pro.tool.vo.CurrentLoginAccountInfo;
import com.pro.tool.vo.TokenTimesEffect;
/*增加自定義類interceptor是實作攔截進行認證驗證,
* 功能:使用者認證和頁面攔截跳轉
* 實作:驗證是否有session和cookie資訊
* 方法:實作spring的HandlerInterceptor接口,handle接口中定義了
* 三個方法使用方法和功能如下:
*/
@Component
public class AuthorizationInterceptor implements HandlerInterceptor {
private static final org.apache.commons.logging.Log log = org.apache.commons.logging.LogFactory.getLog(AuthorizationInterceptor.class);
@Value("${proconfig.cookies-times-effect}")
private Long cookiesTimesEffect;
@javax.annotation.Resource(name = "com.pro.sign.SignService")
private ISignService signService;
/*方法一:prehandle()是在處理請求之前進行調用,執行controller的任務之前調用,
* 傳回true繼續執行,傳回false放棄執行*/
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
if (log.isInfoEnabled()) {
log.info("======================= AuthorizationInterceptor preHandle =======================");
}
try {
Map<String, String[]> parameterMap = request.getParameterMap();
if (parameterMap.containsKey("token")) {
Long times = System.currentTimeMillis();
String token = parameterMap.get("token")[0];
Session session = signService.getSessionByPk(token);
if (session != null) {
session.setCurrentTimes(times);
signService.updateSession(session);
ToolContextData.removeTokenTimesEffect();
TokenTimesEffect tokenTimesEffect = new TokenTimesEffect();
tokenTimesEffect.setToken(token);
tokenTimesEffect.setCookiesExpireTimes(times + cookiesTimesEffect);
ToolContextData.setTokenTimesEffect(tokenTimesEffect);
ToolContextData.removeCurrentLoginAccountInfo();
CurrentLoginAccountInfo currentLoginAccountInfo = new CurrentLoginAccountInfo();
currentLoginAccountInfo.setAccountId(session.getAccountId());
ToolContextData.setCurrentLoginAccountInfo(currentLoginAccountInfo);
} else {
response.sendError(401, "token 無效");
return false;
}
} else {
response.sendError(401, "token 無效");
return false;
}
return true;
} catch (SignException e) {
if (log.isErrorEnabled()) {
log.error(e);
}
throw e;
} catch (Exception e) {
if (log.isErrorEnabled()) {
log.error(e.getMessage(), e);
}
throw SignException.getException(e, SignException.FW_ERROR, e.getMessage());
}
}
/*posthandle()一般是請求處理之後,視圖傳回渲染之前進行調用
*支援在這個方法中對controller處理之後的model view對象進行操作。*/
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
if (log.isInfoEnabled()) {
log.info("======================= AuthorizationInterceptor postHandle =======================");
}
}
/*aftercompletion是perhandle方法傳回true和渲染對應的視圖之後執行,
* 用于資源清理,無需手動加入任何語句就可以實作*/
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
if (log.isInfoEnabled()) {
log.info("======================= AuthorizationInterceptor afterCompletion =======================");
}
}
}