package com.doumee.config.cloudfilter;
|
|
import com.alibaba.fastjson.JSONObject;
|
import com.doumee.config.annotation.CloudRequiredPermission;
|
import com.doumee.config.annotation.LoginNoRequired;
|
import com.doumee.core.constants.ResponseStatus;
|
import com.doumee.core.exception.BusinessException;
|
import com.doumee.core.model.LoginUserInfo;
|
import com.doumee.core.utils.Constants;
|
import org.apache.commons.lang3.StringUtils;
|
import org.apache.shiro.authz.UnauthorizedException;
|
import org.apache.shiro.authz.annotation.RequiresPermissions;
|
import org.springframework.data.redis.core.RedisTemplate;
|
import org.springframework.web.method.HandlerMethod;
|
import org.springframework.web.servlet.HandlerInterceptor;
|
|
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletResponse;
|
|
public class LoginHandlerInterceptor implements HandlerInterceptor {
|
|
private RedisTemplate<String,Object> stringRedisTemplate;
|
|
|
// 由于该类未交给spring管理,因此不能使用自动装配的方式获取RedisTemplate对象
|
public LoginHandlerInterceptor(RedisTemplate<String,Object> stringRedisTemplate) {
|
this.stringRedisTemplate = stringRedisTemplate;
|
}
|
|
@Override
|
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
|
HandlerMethod handlerMethod = (HandlerMethod) handler;
|
Class<?> beanType = handlerMethod.getBeanType();
|
if (!beanType.isAnnotationPresent(LoginNoRequired.class) && !handlerMethod.hasMethodAnnotation(LoginNoRequired.class)) {
|
//获取token
|
String token = request.getHeader(Constants.HEADER_USER_TOKEN); // 从 http 请求头中取出 token
|
if (StringUtils.isNotBlank(token)) {
|
LoginUserInfo user = checkLogin(request,response);
|
if (handlerMethod.hasMethodAnnotation(CloudRequiredPermission.class)) {
|
CloudRequiredPermission p = handlerMethod.getMethodAnnotation(CloudRequiredPermission.class);
|
if(p.value()!=null && p.value().length>0){
|
boolean hasPermission = false;
|
for(String s :p.value()){
|
if(user.getPermissions()!=null){
|
for(String t :user.getPermissions()){
|
if(StringUtils.equals(t,s)){
|
hasPermission = true;
|
break;
|
}
|
}
|
}
|
}
|
if(!hasPermission) {
|
//没有操作权限
|
throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"没有该操作权限");
|
}
|
}
|
|
}
|
} else {
|
throw new BusinessException(ResponseStatus.NO_LOGIN.getCode(),"未登录");
|
}
|
}
|
return true;
|
}
|
|
private LoginUserInfo checkLogin(HttpServletRequest request, HttpServletResponse response) {
|
String token = request.getHeader(Constants.HEADER_USER_TOKEN);
|
if (token == null || token.isEmpty()) {
|
throw new BusinessException(ResponseStatus.NO_LOGIN.getCode(),"未登录");
|
}
|
String userinfo =(String) stringRedisTemplate.opsForValue().get(Constants.REDIS_TOKEN_KEY + token);
|
if (StringUtils.isBlank(userinfo)) {
|
throw new BusinessException(ResponseStatus.NO_LOGIN.getCode(),"未登录");
|
}
|
LoginUserInfo user = JSONObject.toJavaObject(JSONObject.parseObject(userinfo),LoginUserInfo.class );
|
if(user ==null ){
|
throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"用户登陆已失效,请重新登陆!");
|
}
|
//权限判断------------
|
return user;
|
}
|
|
// @Override
|
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
|
// UserContext.removeUser();
|
}
|
}
|
