权限校验

(权限验证)

1. 拦截器开发

@Componentpublic class LoginAuthInterceptor implements HandlerInterceptor {    @Resource    private RedisTemplate<String, String> redisTemplate;    @Override    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {        //获取请求的方式        //如果请求方式是options 预检请求，直接放行        String method = request.getMethod();        if ("OPTIONS".equals(method)) {            return true;        }        ///从请求头获取token        String token = request.getHeader("token");        //如果token是空的，返回错误信息        if (StrUtil.isEmpty(token)) {            responseNoLoginInfo(response);            return false;        }        //如果token不是空的，拿到token查询rediss        String userInfoString = redisTemplate.opsForValue().get(RedisEnum.USER_LOGIN.getValue() + token);        //如果redis找不到数据，返回错误信息        if (StrUtil.isEmpty(userInfoString)) {            responseNoLoginInfo(response);            return false;        }        //如果redis查询用户信息，将用户信息放在Threadlocal中        SysUser sysUser = JSON.parseObject(userInfoString, SysUser.class);        AuthContextUtil.set(sysUser);        ///更新redis用户信息数据的过期时间        redisTemplate.expire(RedisEnum.USER_LOGIN.getValue() + token, 30, TimeUnit.MINUTES);        //放行        return true;    }    @Override    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, @Nullable Exception ex) throws Exception {        ///Threadlocal数据删除        AuthContextUtil.remove();    }    ///响应208状态码给前端    private void responseNoLoginInfo(HttpServletResponse response) {        Result<Object> result = Result.build(null, ResultCodeEnum.LOGIN_AUTH);        PrintWriter writer = null;        response.setCharacterEncoding("UTF-8");        response.setContentType("text/html; charset=utf-8");        try {            writer = response.getWriter();            writer.print(JSON.toJSONString(result));        } catch (IOException e) {            e.printStackTrace();        } finally {            if (writer != null) {                writer.close();            }        }    }}

2. 拦截器注册

@Componentpublic class WebMvcConfiguration implements WebMvcConfigurer {    @Resource    private LoginAuthInterceptor loginAuthInterceptor;    @Resource    private UserProperties userProperties;    /**     * 拦截器注册     * @param registry     * @time: 2023/12/4 11:33     */    @Override    public void addInterceptors(InterceptorRegistry registry) {        registry.addInterceptor(loginAuthInterceptor)                .excludePathPatterns(userProperties.getNoAuthUrls())                .addPathPatterns("/**");    }    /**     * 跨域     * @param registry     * @time: 2023/12/4 11:31     */    @Override    public void addCorsMappings(CorsRegistry registry) {        registry.addMapping("/**")      // 添加路径规则                .allowCredentials(true)           // Cookiee是否允许在跨域条件下传输？                .allowedOriginPatterns("*")       // 允许请求来源的域规则                .allowedMethods("*")                .allowedHeaders("*") ;            // 允许所有请求头    }}

3. noauthurls配置

我们接入swager，需要根据swager版本配置相应的路径

auth:    noAuthUrls:      - /admin/system/index/login      - /admin/system/index/generateValidateCode      - /swagger-resources/**      - /doc.html/**      - /v3/**