权限验证
来源:互联网 发布:格拉茨大学知乎 编辑:程序博客网 时间:2024/04/29 12:19
用户权限验证
使用AOP进行权限验证
import com.lhn.constant.CookieConstant;import com.lhn.exception.SellerAuthorizeException;import com.lhn.util.CookieUtil;import com.lhn.util.MapCache;import lombok.extern.slf4j.Slf4j;import org.aspectj.lang.annotation.Aspect;import org.aspectj.lang.annotation.Before;import org.aspectj.lang.annotation.Pointcut;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.data.redis.core.StringRedisTemplate;import org.springframework.stereotype.Component;import org.springframework.web.context.request.RequestContextHolder;import org.springframework.web.context.request.ServletRequestAttributes;import javax.servlet.http.Cookie;import javax.servlet.http.HttpServletRequest;/** * @author LiHaiNan * @version V1.0 * @Description: SellerAuthorizeAspect验证,在访问所有url之前需要加一个验证和判断用户的合法性。 * @date 下午 12:03 2017/9/23 0023 */@Aspect@Component@Slf4jpublic class SellerAuthorizeAspect { @Autowired private StringRedisTemplate redisTemplate; @Pointcut("execution(public * com.lhn.controller.Seller*.*(..))" + "&& !execution(public * com.lhn.controller.SellerUserController.*(..))") public void verify() {} @Before("verify()") public void doVerify() { ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes(); HttpServletRequest request = attributes.getRequest(); //查询cookie Cookie cookie = CookieUtil.get(request, CookieConstant.TOKEN); if (cookie == null) { log.warn("【登录校验】Cookie中查不到token"); throw new SellerAuthorizeException(); } //去redis里查询// String tokenValue = redisTemplate.opsForValue().get(String.format(RedisConstant.TOKEN_PREFIX, cookie.getValue())); Integer tokenValue=MapCache.MAP_CACHE_TOKEN.get(cookie.getValue()); if (null==tokenValue) { log.warn("【登录校验】查不到token"); throw new SellerAuthorizeException(); } }}
cookie类
import com.lhn.constant.CookieConstant;import com.lhn.exception.SellerAuthorizeException;import javax.servlet.http.Cookie;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import java.util.HashMap;import java.util.Map;/** * @author LiHaiNan * @version V1.0 * @Description: cookie工具类 * @date 下午 7:05 2017/9/22 0022 */public class CookieUtil { /** * 设置 * @param response * @param name * @param value * @param maxAge */ public static void set(HttpServletResponse response, String name, String value, int maxAge) { Cookie cookie = new Cookie(name, value); cookie.setPath("/"); cookie.setMaxAge(maxAge); cookie.setHttpOnly(true); response.addCookie(cookie); } /** * 获取cookie * @param request * @param name * @return */ public static Cookie get(HttpServletRequest request, String name) { Map<String, Cookie> cookieMap = readCookieMap(request); if (cookieMap.containsKey(name)) { return cookieMap.get(name); }else { return null; } } /** * 将cookie封装成Map * @param request * @return */ private static Map<String, Cookie> readCookieMap(HttpServletRequest request) { Map<String, Cookie> cookieMap = new HashMap<>(); Cookie[] cookies = request.getCookies(); if (cookies != null) { for (Cookie cookie: cookies) { cookieMap.put(cookie.getName(), cookie); } } return cookieMap; } /** * 在token中获取门店id * @param request * @return */ public static Integer getBranchId(HttpServletRequest request) { Cookie cookie = CookieUtil.get(request, CookieConstant.TOKEN); Integer tokenValue= MapCache.MAP_CACHE_TOKEN.get(cookie.getValue()); if (null==tokenValue) { throw new SellerAuthorizeException(); }else { return tokenValue; } }}
SellerAuthorizeException异常
/** * @author LiHaiNan * @version V1.0 * @Description: SellerAuthorizeException * @date 下午 7:09 2017/9/22 0022 */public class SellerAuthorizeException extends RuntimeException {}
异常处理handle
import com.lhn.config.ProjectUrlConfig;import com.lhn.exception.SellerAuthorizeException;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.web.bind.annotation.ControllerAdvice;import org.springframework.web.bind.annotation.ExceptionHandler;import org.springframework.web.servlet.ModelAndView;import java.util.HashMap;import java.util.Map;/** * @author LiHaiNan * @version V1.0 * @Description: SellExceptionHandler * @date 下午 7:08 2017/9/22 0022 */@ControllerAdvicepublic class SellExceptionHandler { @Autowired private ProjectUrlConfig projectUrlConfig; //拦截登录异常,拦截异常之后进行一个跳转 //http://sell.natapp4.cc/sell/wechat/qrAuthorize?returnUrl=http://sell.natapp4.cc/sell/seller/login @ExceptionHandler(value = SellerAuthorizeException.class) public ModelAndView handlerAuthorizeException() { //界面跳转,直接跳转到登录界面// return new ModelAndView("redirect:"// .concat(projectUrlConfig.getWechatOpenAuthorize())// .concat("/sell/wechat/qrAuthorize")// .concat("?returnUrl=")// .concat(projectUrlConfig.getSell())// .concat("/sell/seller/login")); Map<String, Object> map=new HashMap<>(); map.put("msg", "登录超时请重新登录"); map.put("url", "/sell/login.html"); return new ModelAndView("common/error", map);// return new ModelAndView("redirect:/login.html"); }}
阅读全文
0 0
- 权限验证
- 权限验证
- 如何做权限验证
- spring权限验证
- MongoDB 权限 验证
- struts2的权限验证
- Struts2 权限验证
- FORMS权限验证
- Web权限验证过滤器
- Django view 权限验证
- JS权限验证
- spring security 权限验证
- thinkphp 权限验证
- 二进制实现权限验证
- TP 验证登录权限
- DWR 过滤器验证权限
- shiro权限验证标签
- 权限验证原理篇
- 机器学习基础入门—彭亮课的总结
- 后端技术杂谈
- 选班长
- 百变红茶的10种搭配喝法
- ie9 吐槽
- 权限验证
- OSI七层模型与TCP/IP五层模型
- 算法-全排列
- 资源 | Github项目:斯坦福大学CS-224n课程中深度NLP模型的PyTorch实现
- Codeforces #449 Div.1 E: Welcome home, Chtholly(分块+并查集)
- 一千个不用 Null 的理由
- 2018年大数据趋势 :人工智能... 数据分析将包含可视化模型...
- MADlib——基于SQL的数据挖掘解决方案(1)——数据挖掘入门
- 统一异常处理