Recently, when writing projects with SpringMvc, I encountered a problem, which is the authentication problem of the method. This problem has been solved for a day and finally solved. Let’s take a look at the solution below.
Project requirements: Where authentication is required, I only need to label it, such as only the operation that can be performed by the user login. Generally, we will first verify the user's identity input when executing the method, which invisibly increases a lot of workload and recreate the wheel. With Java annotations, you only need to label it on the method that requires authentication:
Solution:
1. First create an annotation class:
@Documented@Inherited@Target({ElementType.METHOD,ElementType.TYPE})@Retention(RetentionPolicy.RUNTIME)public @interface Auth { boolean validate() default true;}2. Create another interceptor:
public class AuthInterceptor extends BaseInterceptor{@Override public Boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {if(handler.getClass().isAssignableFrom(HandlerMethod.class)){Auth authPassport = ((HandlerMethod) handler).getMethodAnnotation(Auth.class);//No permission is declared, or no permission is declared to be not verified if(authPassport==null){return true;} else{//Implement your own permission verification logic here if(true){//If verification is successful, return true (this is written directly to simulate the processing of verification failure) System.out.println("Execution permission verification");return true;} else{//If verification fails//Return to the login interface// System.out.println("Permission verification is correct");// response.sendRedirect("account/login");return false;}}} else{return true;}}}3. Configure the interceptor: You need to add the following code to *-servlet.xml. If you customize the configuration file, you can also directly put it into the configuration file you defined.
<mvc:interceptors><bean/></mvc:interceptors>
Note: You need to change the default to RequestMappingHandlerMapping and add the bean of RequestMappingHandlerAdapter
Just restart tomcat.
Warm reminder: If you need authentication for a method, you only need to type @Auth on the method. If you need authentication for all methods of a class, you only need to type @Auth on the class.
So the problem is, the method interceptor will intercept static resources together. We need to intercept static files in tomcat, such as: My solution is to configure it in web.xml. If you have a good method, you can also add me QQ 752432995 to discuss it.
<servlet-mapping> <servlet-name>default</servlet-name> <url-pattern>*.jpg</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>default</servlet-name> <url-pattern>*.png</url-pattern> </servlet-mapping>
Summarize
The above is the entire content of this article about the solution code of the annotation interceptor used for springmvc for method authentication. I hope it will be helpful to everyone. Interested friends can continue to refer to this site:
SpringMVC interceptor implements single sign-on
Detailed explanation of whether the SpringMVC interceptor implements monitoring session expires
If there are any shortcomings, please leave a message to point it out. Thank you friends for your support for this site!