Redis实现Restful的访问权限控制(四)
2017-04-19 11:12
381 查看
redis数据源接入
redis缓存
用户登录标识缓存
访问接口权限拦截
@CurrentUser
CurrentUserMethodArgumentResolver
UserController
将用户标识放在请求头中authorization:token;
ajax设置请求头:
redis缓存
用户登录标识缓存
访问接口权限拦截
访问接口权限拦截
@Authorization@Target(ElementType.METHOD) @Retention(RetentionPolicy.RUNTIME) public @interface Authorization { // UserTypeEnum userType() default UserTypeEnum.NORMAL_USER; }
@CurrentUser
@Target(ElementType.PARAMETER) @Retention(RetentionPolicy.RUNTIME) @Documented public @interface CurrentUser { }
CurrentUserMethodArgumentResolver
package arthur.test.resolver; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.core.MethodParameter; import org.springframework.stereotype.Component; import org.springframework.web.bind.support.WebDataBinderFactory; import org.springframework.web.context.request.NativeWebRequest; import org.springframework.web.context.request.RequestAttributes; import org.springframework.web.method.support.HandlerMethodArgumentResolver; import org.springframework.web.method.support.ModelAndViewContainer; import org.springframework.web.multipart.support.MissingServletRequestPartException; import arthur.test.annotation.CurrentUser; import arthur.test.constant.WebConstants; import arthur.test.manager.BuSystemManager; import arthur.test.po.BuSystemPO; /** * @Author:Arthur Han * @Description: * @CreateDate:2017/3/2912:13 * @Modified By: */ @Component public class CurrentUserMethodArgumentResolver implements HandlerMethodArgumentResolver { @Autowired private BuSystemManager buSystemManager; @Override public boolean supportsParameter(MethodParameter parameter) { if (parameter.hasParameterAnnotation(CurrentUser.class)) { return true; } return false; } @Override public Object resolveArgument(MethodParameter parameter, ModelAndViewContainer mavContainer, NativeWebRequest webRequest, WebDataBinderFactory binderFactory) throws Exception { //取出鉴权时存入的登录用户Id Long currentUserId = (Long) webRequest.getAttribute(WebConstants.CURRENT_USER_ID, RequestAttributes.SCOPE_REQUEST); if (currentUserId != null) { //从数据库中查询并返回 BuSystemGetRequest buSystemGetRequest=new BuSystemGetRequest(); buSystemGetRequest.setUserID(currentUserId); BuSystemGetRespone buSystemGetRespone=buSystemManager.get(buSystemGetRequest); if (buSystemGetRespone.hasError()||buSystemGetRespone.getResult()==null) throw new MissingServletRequestPartException(WebConstants.CURRENT_USER_ID);; BuSystemPO user=buSystemGetRespone.getResult(); return user; }else { throw new MissingServletRequestPartException(WebConstants.CURRENT_USER_ID); } } }
UserController
public class UserController { @Autowired private UserManager userManager; @Autowired private TokenManager tokenManager; @RequestMapping(value = "/login", method = RequestMethod.POST) public ResponseEntity<ResultModel> login( @RequestParam String userName, @RequestParam String passWord){ //验证登录 User user=userManager.login(userName,passWord); if(user!=null){ //记录token至Redis TokenModel model=new TokenModel(user.getUserId(),UUID.randomUUID().toString(),user.getUserName()); model=tokenManager.createToken(model); return new ResponseEntity<>(ResultModel.error(ResultStatus.INVALID_USERNAME), HttpStatus.NOT_ACCEPTABLE); }else{ return new ResponseEntity<>(ResultModel.error(ResultStatus.INVALID_USERNAME), HttpStatus.NOT_ACCEPTABLE); } } @RequestMapping(value = "/loginout",method = RequestMethod.POST) @Authorization @ApiImplicitParams({ @ApiImplicitParam(name = "authorization", value = "authorization", required = true,paramType = "header", dataType = "string") }) public ResponseEntity<ResultModel> loginOut(@ApiParam(name="user",value="当前用户",required=false) @CurrentUser BuSystemPO user){ tokenManager.deleteToken(user.getUserId()); return new ResponseEntity<>(ResultModel.ok(), HttpStatus.OK); } }
将用户标识放在请求头中authorization:token;
ajax设置请求头:
$.ajax({ headers: { authorization: $.cookie('authorization') }, type: typr, url:url, data:data, success: function (res) { } });
相关文章推荐
- Redis实现Restful的访问权限控制(三)
- Redis实现Restful的访问权限控制(一)
- Redis实现Restful的访问权限控制(二)
- Subversion之路---实现精细的目录访问权限控制
- Subversion之路--实现精细的目录访问权限控制
- 基于角色的访问控制'的权限管理的数据库的设计实现
- Subversion之路实现精细的目录访问权限控制
- Subversion之路--实现精细的目录访问权限控制
- Subversion之路-实现精细的目录访问权限控制
- Subversion之路--实现精细的目录访问权限控制 (转)
- Subversion之路--实现精细的目录访问权限控制
- 用Cacls修改文件访问控制权限 VB实现
- 用session实现頁麵访问权限控制
- 基于角色的访问控制'的权限管理的数据库的设计实现
- svn 实现精细的目录访问权限控制
- Subversion实现精细的目录访问权限控制
- svn 实现精细的目录访问权限控制
- Subversion之路--实现精细的目录访问权限控制(v1.0 更新于2006.12.05) (二)
- Subversion之路--实现精细的目录访问权限控制(v1.0 更新于2006.12.05)(二)
- Subversion之路--实现精细的目录访问权限控制(v1.0 更新于2006.12.05)