English | 简体中文 | 繁體中文 | Русский язык | Français | Español | Português | Deutsch | 日本語 | 한국어 | Italiano | بالعربية
Recently, while working on a project using SpringMvc, I encountered a problem with method authorization. After a day of troubleshooting, I finally solved it. Below is the solution.
Project requirements: where authentication is needed, I just need to put a tag, such as operations that only logged-in users can perform. Generally, we would first verify the user's identity when executing the method, which would increase a huge amount of work in vain, reinventing the wheel. With Java annotations, you just need to put a tag on the methods that require authentication:}}
Solution:
1、First create an annotation class:
@Documented
@Inherited
@Target({ElementType.METHOD,ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
public @interface Auth {
boolean validate() default true;
}
2、Then create another interceptor:
public class AuthInterceptor extends BaseInterceptor{
@Override
public Boolean preHandle(HttpServletRequest request,
HttpServletResponse response, Object handler) throws Exception {
if(handler.getClass().isAssignableFrom(HandlerMethod.class)){
Auth authPassport = ((HandlerMethod) handler).getMethodAnnotation(Auth.class);
//No declaration of required permissions, or declaration of not verifying permissions
if(authPassport==null){
return true;
} else{
//Implement your own permission verification logic here
if(true){
//If the verification is successful, return true (here false is written directly to simulate the handling of a failed verification)
System.out.println("Permission verification executed");
return true;
} else{
//If the verification fails
//Return to the login page
// System.out.println("Permission verification passed");
// response.sendRedirect("account/login");
return false;
}
}
} else{
return true;
}
}
}
3、Configure interceptors: need to be in*-Add the following code to servlet.xml, or you can directly put it into your custom configuration file if you have one
<mvc:interceptors> <bean class="com.benxq.shop.user.interceptors.AuthInterceptor">/> </mvc:interceptors>
Note: You need to change the default to RequestMappingHandlerMapping and add the bean of RequestMappingHandlerAdapter
Restart tomcat to take effect
Tip: If you need to authenticate a method, just add @Auth above the method. If you need to authenticate all methods of a class, just add @Auth above the class.
So, the problem is that the method interceptor will also intercept static resources, so we need to intercept static files in tomcat, such as: my solution is to configure it in web.xml, and if you have a good method, you can also add me QQ752432995Let's discuss this together
<servlet-mapping> <servlet-name>default</servlet-name> <url-pattern>*.jpg</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>default</servlet-name> <url-pattern>*.png</url-pattern> </servlet-mapping>
Summary
That's all about the code solutions for the annotation interceptors used for method authorization in springmvc in this article. I hope it will be helpful to everyone. Those who are interested can continue to refer to this site:
SpringMVC Interceptor Implementation for Single Sign-On
Detailed Explanation of SpringMVC Interceptor Implementation for Listening to Session Expiration
If there are any shortcomings, please leave a message to point them out. Thank you for your friends' support to this site!
Statement: The content of this article is from the Internet, and the copyright belongs to the original author. The content is contributed and uploaded by Internet users spontaneously. This website does not own the copyright, has not been manually edited, and does not assume relevant legal liability. If you find any suspected copyright content, please send an email to: notice#oldtoolbag.com (Please replace # with @ when sending an email for reporting, and provide relevant evidence. Once verified, this site will immediately delete the suspected infringing content.)