springboot implements the interceptor authentication login example

  • 2020-06-12 09:16:32
  • OfStack

Collate the documents, find a sample of springboot to implement the interceptor verification login, and slightly collate 1 to share.

Add the jar package. This jar package is not required, but is used in the interceptor. If not used, it can be completely omitted


<dependency> 
      <groupId>org.apache.commons</groupId> 
      <artifactId>commons-lang3</artifactId> 
      <version>3.5</version> 
    </dependency> 

springboot defaults to Tomcat, but if you are using jetty, you need to introduce it


<dependency> 
      <groupId>javax.servlet</groupId> 
      <artifactId>javax.servlet-api</artifactId> 
      <version>3.1.0</version> 
    </dependency> 

1. Take login authentication as an example. First create @Auth annotation


package com.demo.interceptor; 
 
import java.lang.annotation.*; 
 
/** 
 * Created by huguoju on 2016/12/30. 
 *  Add to a class or method @Auth Just verify login  
 */ 
@Target({ElementType.TYPE, ElementType.METHOD}) 
@Retention(RetentionPolicy.RUNTIME) 
@Documented 
public @interface Auth { 
} 

2. Create an Constants to use in the interceptor


package com.demo.util; 
 
/** 
 * Created by huguoju on 2016/12/30. 
 */ 
public interface Constants { 
  int MAX_FILE_UPLOAD_SIZE = 5242880; 
  String MOBILE_NUMBER_SESSION_KEY = "sessionMobileNumber"; 
  String USER_CODE_SESSION_KEY = "userCode"; 
  String SESSION_KEY = "sessionId"; 
} 

3. Create an SessionData for the fields saved in session


package com.demo.model; 
 
import lombok.Data; 
 
/** 
 * Created by huguoju on 2016/12/30. 
 */ 
@Data 
public class SessionData { 
  private Integer userCode; 
  private String mobileNumber; 
} 

4. Implementation of login interception


package com.demo.interceptor; 
 
import com.demo.model.SessionData; 
import com.demo.util.RedisUtil; 
import org.springframework.beans.factory.annotation.Autowired; 
import org.springframework.stereotype.Component; 
import org.springframework.web.method.HandlerMethod; 
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; 
 
import javax.servlet.http.HttpServletRequest; 
import javax.servlet.http.HttpServletResponse; 
import java.lang.reflect.Method; 
 
import static com.demo.util.Constants.MOBILE_NUMBER_SESSION_KEY; 
import static com.demo.util.Constants.SESSION_KEY; 
import static com.demo.util.Constants.USER_CODE_SESSION_KEY; 
 
/** 
 * Created by huguoju on 2016/12/30. 
 */ 
@Component 
public class LoginInterceptor extends HandlerInterceptorAdapter { 
  @Autowired 
  private RedisUtil redisUtils; 
  private final static String SESSION_KEY_PREFIX = "session:"; 
  public boolean preHandle(HttpServletRequest request, 
               HttpServletResponse response, Object handler) throws Exception { 
    if (!handler.getClass().isAssignableFrom(HandlerMethod.class)) { 
      return true; 
    } 
    handlerSession(request); 
 
    final HandlerMethod handlerMethod = (HandlerMethod) handler; 
    final Method method = handlerMethod.getMethod(); 
    final Class<?> clazz = method.getDeclaringClass(); 
    if (clazz.isAnnotationPresent(Auth.class) || 
        method.isAnnotationPresent(Auth.class)) { 
      if(request.getAttribute(USER_CODE_SESSION_KEY) == null){ 
  
         throw new Exception(); 
         
      }else{ 
        return true; 
      } 
    } 
 
    return true; 
 
  } 
  public void handlerSession(HttpServletRequest request) { 
    String sessionId = request.getHeader(SESSION_KEY); 
    if(org.apache.commons.lang3.StringUtils.isBlank(sessionId)){ 
      sessionId=(String) request.getSession().getAttribute(SESSION_KEY); 
    } 
    if (org.apache.commons.lang3.StringUtils.isNotBlank(sessionId)) { 
      SessionData model = (SessionData) redisUtils.get(SESSION_KEY_PREFIX+sessionId); 
      if (model == null) { 
        return ; 
      } 
      request.setAttribute(SESSION_KEY,sessionId); 
      Integer userCode = model.getUserCode(); 
      if (userCode != null) { 
        request.setAttribute(USER_CODE_SESSION_KEY, Long.valueOf(userCode)); 
      } 
      String mobile = model.getMobileNumber(); 
      if (mobile != null) { 
        request.setAttribute(MOBILE_NUMBER_SESSION_KEY, mobile); 
      } 
    } 
    return ; 
  } 
} 

5. Configure interceptors


package com.demo.interceptor; 
 
import org.hibernate.validator.HibernateValidator; 
import org.slf4j.Logger; 
import org.slf4j.LoggerFactory; 
import org.springframework.beans.factory.annotation.Autowired; 
import org.springframework.context.MessageSource; 
import org.springframework.context.annotation.Bean; 
import org.springframework.context.annotation.ComponentScan; 
import org.springframework.context.annotation.Configuration; 
import org.springframework.context.annotation.PropertySource; 
import org.springframework.context.support.PropertySourcesPlaceholderConfigurer; 
import org.springframework.context.support.ReloadableResourceBundleMessageSource; 
import org.springframework.validation.Validator; 
import org.springframework.validation.beanvalidation.LocalValidatorFactoryBean; 
import org.springframework.validation.beanvalidation.MethodValidationPostProcessor; 
import org.springframework.web.servlet.ViewResolver; 
import org.springframework.web.servlet.config.annotation.*; 
import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping; 
import org.springframework.web.servlet.view.InternalResourceViewResolver; 
 
/** 
 * Created by huguoju on 2016/12/30. 
 */ 
@Configuration 
@EnableWebMvc 
@ComponentScan(basePackages = "com.demo.controller") 
@PropertySource(value = "classpath:application.properties", 
    ignoreResourceNotFound = true,encoding = "UTF-8") 
public class MvcConfig extends WebMvcConfigurerAdapter { 
  private static final Logger logger = LoggerFactory.getLogger(MvcConfig.class); 
  @Autowired 
  LoginInterceptor loginInterceptor; 
 
  /** 
 
   * <p> 
   *    View handler  
   * </p> 
   * 
   * @return 
   */ 
  @Bean 
  public ViewResolver viewResolver() { 
    logger.info("ViewResolver"); 
    InternalResourceViewResolver viewResolver = new InternalResourceViewResolver(); 
    viewResolver.setPrefix("/WEB-INF/jsp/"); 
    viewResolver.setSuffix(".jsp"); 
    return viewResolver; 
  } 
 
  /** 
   *  Interceptor configuration  
   * @param registry 
   */ 
  @Override 
  public void addInterceptors(InterceptorRegistry registry) { 
    //  Register monitor interceptors  
    registry.addInterceptor(loginInterceptor) 
        .addPathPatterns("/**") 
     .excludePathPatterns("/configuration/ui"); 
 
  } 
 
  @Override 
  public void addCorsMappings(CorsRegistry registry) { 
    registry.addMapping("/**") 
        .allowedOrigins("*") 
        .allowedHeaders("*/*") 
        .allowedMethods("*") 
        .maxAge(120); 
  } 
 
  /** 
   *  Resource processor  
   * @param registry 
   */ 
  @Override 
  public void addResourceHandlers(ResourceHandlerRegistry registry) { 
    logger.info("addResourceHandlers"); 
    registry.addResourceHandler("/swagger-ui.html") 
        .addResourceLocations("classpath:/META-INF/resources/"); 
    registry.addResourceHandler("/webjars/**") 
        .addResourceLocations("classpath:/META-INF/resources/webjars/"); 
  } 
 
} 

And that's it. When you test, you can break points in LoginInterceptor and add @Auth annotations to controller or methods,
When added to controller, all requests in controller are verified for login, and only when requested in the method


@Auth 
@RestController 
public class TestController {  } 

Related articles: