springboot使用注解做权限控制

1:添加注解类

@Documented
@Inherited
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface AuthPassport {

    String key() default "";
}

2: 添加注解控制类

/**
 * Created by dong on 2015/11/16.
 */
public class AuthInterceptor extends HandlerInterceptorAdapter {

    @Autowired
    RoleService roleService;

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {

        if (handler.getClass().isAssignableFrom(HandlerMethod.class)) {
            AuthPassport authPassport = ((HandlerMethod) handler).getMethodAnnotation(AuthPassport.class);
            //没有声明需要权限,或者声明不验证权限
            if (authPassport != null) {
                String key = authPassport.key();
                HttpSession session = request.getSession();
                User user = (User) session.getAttribute("user");
 
                    //response.sendRedirect("/forbin");
                    request.getRequestDispatcher("/forbin").forward(request, response);
                    return false;
                }
               /* if(false)//如果验证成功返回true(这里直接写false来模拟验证失败的处理)
                    return true;
                else//如果验证失败
                {
                    //返回到登录界面
                    response.sendRedirect("account/login");
                    return false;
                }*/
            }
        }
        return true;
    }
}

3:将注解类添加到SpringBoot中

@Configuration
public class WebAppConfig extends WebMvcConfigurerAdapter {

    @Bean
    public AuthInterceptor localeInterceptor() {
        return new AuthInterceptor();
    }
    /**
     * 配置拦截器
     * @author lance
     * @param registry
     */
    public void addInterceptors(InterceptorRegistry registry) {
        registry.addInterceptor(localeInterceptor()).addPathPatterns("/**");
    }
}

 

 

设置springboot的过滤器

1:在SpringApplication启动类中,添加一个Bean,注册一下:

@Bean
public FilterRegistrationBean loginFilter() {
    FilterRegistrationBean reg = new FilterRegistrationBean();
    reg.setFilter(new LoginFilter());
    reg.addUrlPatterns("/user");//意思是这个URL要用过滤器过滤
    reg.addUrlPatterns("/user/*");

    return reg;
}

2:编辑过滤器LoginFilter

public class LoginFilter implements Filter {


    RoleService roleService;

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
        ServletContext context = filterConfig.getServletContext();
        ApplicationContext ctx = WebApplicationContextUtils.getWebApplicationContext(context);
        roleService = (RoleService) ctx.getBean("roleService");
    }

    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) servletRequest;
        HttpServletResponse response = (HttpServletResponse) servletResponse;

        HttpSession session = request.getSession();
        User user = (User) session.getAttribute("user");
        String url = request.getRequestURI();
        if (null == user) {

            if (request.getQueryString() != null) {
                url += "?" + request.getQueryString();
            }
            request.setAttribute("raw", url);
            request.getRequestDispatcher("/gologin").forward(request, response);
            return;
        } else {
            //权限判断

            filterChain.doFilter(request, response);


        }
    }

    @Override
    public void destroy() {
        roleService = null;
    }

springboot复杂的表单提交映射

spring 的表单提交一般会自动填充类的信息,但有一些复杂的表单,设置起来会比较复杂,比如提交用户信息,用户信息的地址有多个时

假如有这个类:

public class User{
private long id;
private String name;
public long getId() {
return id;
}

public void setId(long id) {
this.id = id;
}

public String getName() {
return name;
}

public void setName(String name) {
this.name = name;
}

private List<address> subs;

public List<address> getSubs() {
return subs;
}

public void setSubs(List<address> subs) {
this.subs = subs;
}

}

 

那他的页面表单,应该这样设置:

<input type=”text” name=”name”/>
<input type=”text” name=”id”/>

<input type=”hidden” name=”subs[0].addressId” value=”9″ />
<input type=”hidden” name=”subs[0].addressCode” value=”xxx” />

<input type=”hidden” name=”subs[1].addressId” value=”10″ />
<input type=”hidden” name=”subs[1].addressCode” value=”sss” />

controller:

@RequestMapping(value = “/save”, method = RequestMethod.POST)
public Result<Project> save(@NotNull User user){

//这边就可以愉快的使用user.subs[0].getAddressCode 了

}