Redis实现Restful的访问权限控制（四）

redis数据源接入

redis缓存

用户登录标识缓存

访问接口权限拦截

访问接口权限拦截

@Authorization

@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface Authorization {
//    UserTypeEnum userType() default UserTypeEnum.NORMAL_USER;
}

@CurrentUser

@Target(ElementType.PARAMETER)
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface CurrentUser {
}

CurrentUserMethodArgumentResolver

package arthur.test.resolver;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.MethodParameter;
import org.springframework.stereotype.Component;
import org.springframework.web.bind.support.WebDataBinderFactory;
import org.springframework.web.context.request.NativeWebRequest;
import org.springframework.web.context.request.RequestAttributes;
import org.springframework.web.method.support.HandlerMethodArgumentResolver;
import org.springframework.web.method.support.ModelAndViewContainer;
import org.springframework.web.multipart.support.MissingServletRequestPartException;
import arthur.test.annotation.CurrentUser;
import arthur.test.constant.WebConstants;
import arthur.test.manager.BuSystemManager;
import arthur.test.po.BuSystemPO;

/**
* @Author:Arthur Han
* @Description:
* @CreateDate:2017/3/2912:13
* @Modified By:
*/
@Component
public class CurrentUserMethodArgumentResolver implements HandlerMethodArgumentResolver {

@Autowired
private BuSystemManager buSystemManager;

@Override
public boolean supportsParameter(MethodParameter parameter) {
if (parameter.hasParameterAnnotation(CurrentUser.class)) {
return true;
}
return false;
}

@Override
public Object resolveArgument(MethodParameter parameter, ModelAndViewContainer mavContainer, NativeWebRequest webRequest, WebDataBinderFactory binderFactory) throws Exception {
//取出鉴权时存入的登录用户Id
Long currentUserId = (Long) webRequest.getAttribute(WebConstants.CURRENT_USER_ID, RequestAttributes.SCOPE_REQUEST);
if (currentUserId != null) {
//从数据库中查询并返回
BuSystemGetRequest buSystemGetRequest=new BuSystemGetRequest();
buSystemGetRequest.setUserID(currentUserId);
BuSystemGetRespone buSystemGetRespone=buSystemManager.get(buSystemGetRequest);
if (buSystemGetRespone.hasError()||buSystemGetRespone.getResult()==null) throw new MissingServletRequestPartException(WebConstants.CURRENT_USER_ID);;
BuSystemPO user=buSystemGetRespone.getResult();
return user;
}else {
throw new MissingServletRequestPartException(WebConstants.CURRENT_USER_ID);
}
}
}

UserController

public class UserController {
@Autowired
private UserManager userManager;
@Autowired
private TokenManager tokenManager;
@RequestMapping(value = "/login", method = RequestMethod.POST)
public ResponseEntity<ResultModel> login( @RequestParam String userName,
@RequestParam String passWord){
//验证登录
User user=userManager.login(userName,passWord);
if(user!=null){
//记录token至Redis
TokenModel model=new TokenModel(user.getUserId(),UUID.randomUUID().toString(),user.getUserName());
model=tokenManager.createToken(model);
return new ResponseEntity<>(ResultModel.error(ResultStatus.INVALID_USERNAME), HttpStatus.NOT_ACCEPTABLE);
}else{
return new ResponseEntity<>(ResultModel.error(ResultStatus.INVALID_USERNAME), HttpStatus.NOT_ACCEPTABLE);
}
}

@RequestMapping(value = "/loginout",method = RequestMethod.POST)
@Authorization
@ApiImplicitParams({
@ApiImplicitParam(name = "authorization", value = "authorization", required = true,paramType = "header", dataType = "string")
})
public ResponseEntity<ResultModel> loginOut(@ApiParam(name="user",value="当前用户",required=false) @CurrentUser BuSystemPO user){
tokenManager.deleteToken(user.getUserId());
return new ResponseEntity<>(ResultModel.ok(), HttpStatus.OK);
}
}

将用户标识放在请求头中authorization:token;

ajax设置请求头：

$.ajax({
headers: {
authorization: $.cookie('authorization')
},
type: typr,
url:url,
data:data,
success: function (res) {
}
});