@Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object o) throws Exception { String method = request.getMethod(); String requestURI = request.getRequestURI(); if (o instanceof ResourceHttpRequestHandler || o instanceof ParameterizableViewController) { return true; } String accessName = "无"; HandlerMethod handlerMethod = (HandlerMethod) o; ApiOperation methodAnnotation = handlerMethod.getMethodAnnotation(ApiOperation.class); if (Validator.valid(methodAnnotation)) { accessName = methodAnnotation.value(); log.warn("########## requestURI: {} , method: {} , HandlerMethod: {} , IP: {} ##########", requestURI, method, accessName, IPUtil.getIPAddress(request)); } else { log.error("########## requestURI: {} , HandlerMethod: {} , IP: {} ##########", requestURI, method, IPUtil.getIPAddress(request)); } for (String url : passUrl) { if (UrlUtils.isLike(requestURI, url)) { return !method.equals("OPTIONS"); } } boolean hasPerm = false; if (!method.equals("OPTIONS")) { try { String token = request.getHeader("token"); System.out.println("token -------->>>>>> " + token); if (!Validator.valid(token)) { throw new BusinessException(CommonErrorCode.TOKEN_REMIND, "token不能为空"); } token = (String) permRedisManager.get(token); if (!Validator.valid(token)) { throw new BusinessException(CommonErrorCode.TOKEN_REMIND, "请重新登录"); } Map<String, Claim> result = JWTBuilder.parseJWT(token); if (Validator.valid(result.get(AuthUtil.SYS_EMPLOYEE_NAME))) { // hasPerm = true; DepositBox depositBox = setAttribute(request, result, AuthUtil.SYS_EMPLOYEE_NAME, token); //操作记录 String finalAccessName = accessName; } else if ((Validator.valid(result.get(AuthUtil.MEMBER_NAME)))) { if (requestURI.startsWith("/bg")) { throw new BusinessException(CommonErrorCode.NO_SESSION); } hasPerm = true; setAttribute(request, result, AuthUtil.MEMBER_NAME, token); } } catch (BusinessException e) { throw e; } catch (Exception e) { if (e instanceof NullPointerException) { throw new BusinessException(CommonE rrorCode.TOKEN_REMIND, "token无效"); } else if (e instanceof JWTDecodeException) { throw new BusinessException(CommonErrorCode.TOKEN_REMIND, "token信息不完整"); } else { throw new BusinessException(e.toString()); } } } if (!method.equals("OPTIONS") && !hasPerm) { throw new BusinessException(CommonErrorCode.NO_SESSION); } return !method.equals("OPTIONS"); }解释代码
时间: 2024-04-20 14:27:09 浏览: 85
这是一个Java代码,主要是一个拦截器的实现,用于对HTTP请求进行拦截、处理和过滤。
在preHandle方法中,首先获取HTTP请求的方法和URI,判断请求处理类是否为ResourceHttpRequestHandler或ParameterizableViewController,如果是则直接返回true,否则继续执行。然后获取请求处理方法上的ApiOperation注解,如果有则获取其value值(即该方法的访问名称),否则记录日志。
接下来判断请求URI是否在passUrl列表中,如果在则判断请求方法是否为OPTIONS,如果是则返回true,否则继续执行。passUrl列表用于存放不需要进行权限验证的请求URI。
然后判断请求是否携带有效的token,如果没有则抛出BusinessException异常,如果有则通过JWTBuilder解析token,并根据解析结果进行进一步处理。如果解析结果中包含SYS_EMPLOYEE_NAME,则表示该token为员工用户的token,否则为普通用户的token。如果为员工用户则进行相关操作记录,否则设置请求属性并返回true。
最后,如果请求方法不为OPTIONS且没有通过验证,则抛出BusinessException异常。
相关问题
@Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object o) throws Exception { String method = request.getMethod(); String requestURI = request.getRequestURI(); if (o instanceof ResourceHttpRequestHandler || o instanceof ParameterizableViewController) { return true; } String accessName = "无"; HandlerMethod handlerMethod = (HandlerMethod) o; ApiOperation methodAnnotation = handlerMethod.getMethodAnnotation(ApiOperation.class); if (Validator.valid(methodAnnotation)) { accessName = methodAnnotation.value(); log.warn("########## requestURI: {} , method: {} , HandlerMethod: {} , IP: {} ##########", requestURI, method, accessName, IPUtil.getIPAddress(request)); } else { log.error("########## requestURI: {} , HandlerMethod: {} , IP: {} ##########", requestURI, method, IPUtil.getIPAddress(request)); } for (String url : passUrl) { if (UrlUtils.isLike(requestURI, url)) { return !method.equals("OPTIONS"); } } boolean hasPerm = false; if (!method.equals("OPTIONS")) { try { String token = request.getHeader("token"); System.out.println("token -------->>>>>> " + token); if (!Validator.valid(token)) { throw new BusinessException(CommonErrorCode.TOKEN_REMIND, "token不能为空"); } token = (String) permRedisManager.get(token); if (!Validator.valid(token)) { throw new BusinessException(CommonErrorCode.TOKEN_REMIND, "请重新登录"); } Map<String, Claim> result = JWTBuilder.parseJWT(token); if (Validator.valid(result.get(AuthUtil.SYS_EMPLOYEE_NAME))) { // hasPerm = true; DepositBox depositBox = setAttribute(request, result, AuthUtil.SYS_EMPLOYEE_NAME, token); //操作记录 String finalAccessName = accessName; } else if ((Validator.valid(result.get(AuthUtil.MEMBER_NAME)))) { if (requestURI.startsWith("/bg")) { throw new BusinessException(CommonErrorCode.NO_SESSION); } hasPerm = true; setAttribute(request, result, AuthUtil.MEMBER_NAME, token); } } catch (BusinessException e) { throw e; } catch (Exception e) { if (e instanceof NullPointerException) { throw new BusinessException(CommonErrorCode.TOKEN_REMIND, "token无效"); } else if (e instanceof JWTDecodeException) { throw new BusinessException(CommonErrorCode.TOKEN_REMIND, "token信息不完整"); } else { throw new BusinessException(e.toString()); } } } if (!method.equals("OPTIONS") && !hasPerm) { throw new BusinessException(CommonErrorCode.NO_SESSION); } return !method.equals("OPTIONS"); }解释代码
这段代码是一个Java Spring框架中拦截器(Interceptor)的实现,用于拦截所有的请求,并对请求进行处理。当请求到达时,会先判断该请求是否是静态资源请求或者是视图控制器请求,如果是,则直接放行。如果不是,则获取该请求的ApiOperation注解,用于记录该请求的访问名称。接着,会判断该请求是否在白名单中,如果是,则检查请求是否为OPTIONS方法,如果是,则放行。如果不是,则会进行权限校验,根据请求头中的token获取用户信息,并进行JWT解析和验证。如果验证通过,则将用户信息存储到request中,并返回true,表示该请求通过拦截器的校验,可以进行后续的处理。如果请求不在白名单中,且权限校验未通过,则会抛出BusinessException异常,表示该请求被拦截,无法通过。
HandlerInterceptor中的preHandle的参数handler怎么获取到目标方法并做入参的赋值
可以通过HandlerExecutionChain对象获取目标方法的信息,然后使用反射机制对目标方法的入参进行赋值。具体实现可以参考以下代码:
```
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
if (handler instanceof HandlerMethod) {
HandlerMethod handlerMethod = (HandlerMethod) handler;
Method method = handlerMethod.getMethod();
Object[] args = new Object[method.getParameterTypes().length];
Annotation[][] parameterAnnotations = method.getParameterAnnotations();
for (int i = 0; i < parameterAnnotations.length; i++) {
for (Annotation annotation : parameterAnnotations[i]) {
if (annotation.annotationType().equals(RequestBody.class)) {
args[i] = readRequestBody(request, method.getParameterTypes()[i]);
break;
} else if (annotation.annotationType().equals(RequestParam.class)) {
args[i] = readRequestParam(request, method.getParameterTypes()[i], method.getParameters()[i].getName());
break;
} else if (annotation.annotationType().equals(RequestHeader.class)) {
args[i] = readRequestHeader(request, method.getParameterTypes()[i], method.getParameters()[i].getName());
break;
} else if (annotation.annotationType().equals(PathVariable.class)) {
args[i] = readPathVariable(request, method.getParameterTypes()[i], ((PathVariable) annotation).value());
break;
}
}
}
request.setAttribute("args", args);
}
return true;
}
private Object readRequestBody(HttpServletRequest request, Class<?> clazz) throws IOException {
String body = IOUtils.toString(request.getReader());
return objectMapper.readValue(body, clazz);
}
private Object readRequestParam(HttpServletRequest request, Class<?> clazz, String paramName) {
String value = request.getParameter(paramName);
return conversionService.convert(value, clazz);
}
private Object readRequestHeader(HttpServletRequest request, Class<?> clazz, String headerName) {
String value = request.getHeader(headerName);
return conversionService.convert(value, clazz);
}
private Object readPathVariable(HttpServletRequest request, Class<?> clazz, String variableName) {
String value = (String) request.getAttribute(HandlerMapping.URI_TEMPLATE_VARIABLES_ATTRIBUTE).get(variableName);
return conversionService.convert(value, clazz);
}
```
阅读全文