写一个springboot的拦截器,实现rbac,根据老师、学生、管理员的三个角色,跳转不同的菜单
时间: 2024-03-08 12:48:59 浏览: 21
好的,以下是一个简单的示例:
首先,定义三个角色枚举类型:
```
public enum Role {
TEACHER,
STUDENT,
ADMIN
}
```
然后,我们需要创建一个拦截器来进行 RBAC 鉴权:
```
public class RBACInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
HttpSession session = request.getSession();
Role role = (Role) session.getAttribute("role");
if (role == null) {
response.sendRedirect("/login");
return false;
}
if (handler instanceof HandlerMethod) {
HandlerMethod handlerMethod = (HandlerMethod) handler;
RBAC rbac = handlerMethod.getMethodAnnotation(RBAC.class);
if (rbac != null && !rbac.role().equals(role)) {
response.sendRedirect("/403");
return false;
}
}
return true;
}
}
```
这里我们假设 RBAC 注解如下:
```
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface RBAC {
Role role();
}
```
然后,在我们的 Controller 方法上使用 RBAC 注解,指定允许的角色:
```
@Controller
public class MenuController {
@RBAC(role = Role.TEACHER)
@GetMapping("/teacher/menu")
public String teacherMenu() {
return "teacher_menu";
}
@RBAC(role = Role.STUDENT)
@GetMapping("/student/menu")
public String studentMenu() {
return "student_menu";
}
@RBAC(role = Role.ADMIN)
@GetMapping("/admin/menu")
public String adminMenu() {
return "admin_menu";
}
}
```
最后,在 Spring Boot 应用程序中注册拦截器:
```
@Configuration
public class AppConfig implements WebMvcConfigurer {
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(new RBACInterceptor());
}
}
```
这样,当用户访问对应的菜单路由时,我们就可以根据其角色进行鉴权,跳转到对应的菜单页面。