通过interceptor实现用户登录权限的验证

src/main/java/cn/efunbox/audio/aop/AuthInterceptor.java

@@ -0,0 +1,70 @@
+package cn.efunbox.audio.aop;
+
+import cn.efunbox.audio.entity.Device;
+import cn.efunbox.audio.impl.DeviceServiceImpl;
+import cn.efunbox.audio.service.DeviceService;
+import cn.efunbox.audio.util.ApiCode;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.servlet.HandlerInterceptor;
+import org.springframework.web.servlet.ModelAndView;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * 用户验证拦截器
+ * Created by yao on 17-9-29.
+ */
+
+public class AuthInterceptor implements HandlerInterceptor {
+
+    @Autowired
+    DeviceService deviceService;
+
+    @Override
+    public boolean preHandle(HttpServletRequest request,
+                             HttpServletResponse response, Object handler) throws Exception {
+        Map map = new HashMap<>();
+        String id = request.getParameter("id");
+        String token = request.getParameter("token");
+        System.out.println("handle");
+        if(id==null && token==null){
+//            map.put("code", ApiCode.PARAMETER_ERROR.getCode());
+//            map.put("msg", ApiCode.PARAMETER_ERROR.getMessage());
+//            return map;
+            return false;
+        }
+        Device device = deviceService.GetOne(Long.valueOf(id));
+        if(device==null ||
+                ((device.getTokenNew()==null || false == device.getTokenNew().equalsIgnoreCase(token))
+                && (device.getTokenOld()==null || false == device.getTokenOld().equalsIgnoreCase(token)))){
+            return false;
+        }
+        if(device.getTokenOld()!=null && device.getTokenOld().equalsIgnoreCase(token)){
+            device.setTokenNew(device.getTokenOld());
+            device.setTokenOld("");
+            deviceService.Update(device);
+        }else if(device.getTokenOld()!=null && false==device.getTokenOld().equalsIgnoreCase(token)){
+            device.setTokenOld("");
+            deviceService.Update(device);
+        }
+
+        return true;
+    }
+
+    @Override
+    public void postHandle(HttpServletRequest request,
+                           HttpServletResponse response, Object handler,
+                           ModelAndView modelAndView) throws Exception {
+    }
+
+    @Override
+    public void afterCompletion(HttpServletRequest request,
+                                HttpServletResponse response, Object handler, Exception ex)
+            throws Exception {
+
+    }
+
+}

src/main/java/cn/efunbox/audio/config/AuthConfig.java

@@ -0,0 +1,38 @@
+package cn.efunbox.audio.config;
+
+import cn.efunbox.audio.aop.AuthInterceptor;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.EnvironmentAware;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.ComponentScan;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.core.env.Environment;
+import org.springframework.web.servlet.config.annotation.EnableWebMvc;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
+
+/**
+ * 用户权限验证拦截器
+ * Created by yao on 17-9-29.
+ */
+@Configuration
+@EnableWebMvc
+public class AuthConfig extends WebMvcConfigurerAdapter{
+
+    /**
+     * 直接采用new interceptor或Autowired注入拦截器会导致dao为null的错误
+     * @return
+     */
+    @Bean
+    AuthInterceptor authInterceptor(){
+        return new AuthInterceptor();
+    }
+
+    @Override
+    public void addInterceptors(InterceptorRegistry registry) {
+        registry.addInterceptor(authInterceptor())
+                .addPathPatterns("/**")
+                .excludePathPatterns("/device/**");
+    }
+
+}

src/main/java/cn/efunbox/audio/impl/DeviceServiceImpl.java

@@ -50,8 +50,8 @@ public class DeviceServiceImpl implements DeviceService {
         Device device = deviceRepo.findById(id);
         if(device==null)
             return null;
-        System.out.println("token:"+token);
-        System.out.println(device.toString());
+//        System.out.println("token:"+token);
+//        System.out.println(device.toString());
         if(device.getTokenNew()!=null && false == device.getTokenNew().equals(token)
             && device.getTokenOld()!=null && false == device.getTokenOld().equals(token))
             return null;
@@ -65,4 +65,16 @@ public class DeviceServiceImpl implements DeviceService {
         return device;
     }
 
+    @Override
+    public Device GetOne(Long id){
+        Device device = deviceRepo.findById(id);
+        return device;
+    }
+
+    @Override
+    public Device Update(Device device){
+        device = deviceRepo.save(device);
+        return device;
+    }
+
 }

src/main/java/cn/efunbox/audio/service/DeviceService.java

@@ -13,4 +13,8 @@ public interface DeviceService {
 
     public Device Login(Long id, String token);
 
+    public Device GetOne(Long id);
+
+    public Device Update(Device device);
+
 }

src/main/resources/application.properties

@@ -5,4 +5,4 @@ spring.datasource.driver-class-name=com.mysql.jdbc.Driver
 
 spring.jpa.properties.hibernate.hbm2ddl.auto=update
 
-spring.jpa.show-sql=true
+#spring.jpa.show-sql=true