使用AOP进行权限验证
程序员文章站
2022-12-09 18:08:59
首先我们定义一个切入点(匹配com.ed.controller.Seller开头的controller的所有public方法) 然后在进入这些方法之前进行token校验 抛出的异常可定义一个handler进行拦截,并返回自定义的对象给前端 CookieUtil方法 ......
首先我们定义一个切入点(匹配com.ed.controller.seller开头的controller的所有public方法)
@pointcut("execution(public * com.ed.controller.seller*.*(..))")
public void checktoken() {}
然后在进入这些方法之前进行token校验
@before("checktoken()")
public void check() {
servletrequestattributes attributes = (servletrequestattributes) requestcontextholder.getrequestattributes();
httpservletrequest request = attributes.getrequest();
//查询cookie
cookie cookie = cookieutil.get(request, cookieconstant.token);
if (cookie == null) {
log.warn("【token校验】cookie中查不到token");
throw new sellerauthorizeexception(resultenum.token_error);
}
//去redis里查询
string tokenvalue = redistemplate.opsforvalue().get(string.format(redisconstant.token_prefix, cookie.getvalue()));
if (stringutils.isempty(tokenvalue)) {
log.warn("【token校验】redis中查不到token");
throw new sellerauthorizeexception(resultenum.token_error);
}
}
抛出的异常可定义一个handler进行拦截,并返回自定义的对象给前端
@controlleradvice
public class sellexceptionhandler {
@exceptionhandler(value = sellerauthorizeexception.class)
@responsebody
public resultvo handlersellerexception(sellerauthorizeexceptione) {
return resultvoutil.error(e.getcode(), e.getmessage());
}
}
cookieutil方法
/**
* 获取cookie
* @param request
* @param name
* @return
*/
public static cookie get(httpservletrequest request,
string name) {
map<string, cookie> cookiemap = readcookiemap(request);
if (cookiemap.containskey(name)) {
return cookiemap.get(name);
}else {
return null;
}
}
/**
* 将cookie封装成map
* @param request
* @return
*/
private static map<string, cookie> readcookiemap(httpservletrequest request) {
map<string, cookie> cookiemap = new hashmap<>();
cookie[] cookies = request.getcookies();
if (cookies != null) {
for (cookie cookie: cookies) {
cookiemap.put(cookie.getname(), cookie);
}
}
return cookiemap;
}