本文探讨了使用AOP(面向切面编程)进行请求拦截的技术实现,特别聚焦于登录验证流程。通过定义切入点和切面,实现了对特定包路径下控制器方法的拦截,同时排除了文件操作相关的方法。在拦截器中,通过读取HTTP请求头中的token来验证用户状态,确保只有已登录用户才能访问受保护的资源。此外,还引入了日志记录机制,用于记录每次操作。
aop拦截和不拦截
@Pointcut("execution(* com.jzlife.nurse.web..*.*(..)) && !execution(* com.jzlife.nurse.web.file..*.*(..))")
@Order(99)
@Aspect
@Component
public class LoginAspect {
// @PermClass(parmName="stageIdsNotNull",orgCode="orgCode111",prmClass="permClass2222")
@Autowired
RedisDataUtil redisDataUtil;
@Autowired
LogExecutor logExecutor;
@Pointcut("execution(* com.jzlife.nurse.web..*.*(..)) && !execution(* com.jzlife.nurse.web.file..*.*(..))")
public void controllerAspect() {
}
@Before("controllerAspect()")
public void doBefore(JoinPoint joinPoint) {
HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes())
.getRequest();
// HttpServletResponse response = ((ServletRequestAttributes)
// RequestContextHolder.getRequestAttributes()).getResponse();
String url = request.getRequestURI();
String url2 = url.substring(url.lastIndexOf("/") + 1,
url.lastIndexOf("?") == -1 ? url.length() : url.lastIndexOf("?"));
if (url2.startsWith("login") || url2.startsWith("loginout")||url2.startsWith("getFile")) {
return;
}
String token = request.getHeader("token");
if (null == token) {
token = request.getParameter("token");
}
if (null == token) {
throw new LoginException("登陆过时,或未登陆");
}
SysUser sysuser = (SysUser) redisDataUtil.getCurrUser(token);
if (null == sysuser) {
throw new LoginException("登陆过时,或未登陆");
}
logExecutor.insertoperatlog(request,sysuser.getId(),joinPoint);
}
}
11
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
