如何使用Spring MVC创建自己的过滤器？ [英] How to create my own filter with Spring MVC?

问题描述

我使用Spring MVC（4.0.1）作为休息服务的后端和angularjs作为前端。

I use Spring MVC (4.0.1) as a backend for rest services and angularjs as frontend.

我的服务器后端的每个请求都有一个http-header会话ID

every request to my server backend has a http-header with a session id

我可以使用以下代码在服务器后端读取此标头：

I can read this header in my server backend with the following code:

@Autowired
protected HttpServletRequest request;
String xHeader=request.getHeader("X-Auth-Token"); //returns the sessionID from the header

现在我调用此方法 getPermission（ xHeader）它只返回true或false。如果用户存在于我的数据库中，则返回true，否则返回false！

Now I call this method getPermission(xHeader) it return only true or false. If the user exists in my DB it return true else false!

我现在想要创建一个具有此行为的过滤器，如果用户有权访问，则检查每个请求我的控制员！但是如果方法返回false，它应该发回401错误而不能到达我的控制器！

I want now create a filter with this behavior, that checks every request if the user have the permission to access my controllers! But if the method returns false it should send back a 401 error and not reach my controller!

我怎么能这样做并创建我自己的过滤器？我只使用Java Config而不使用XML。

How can I do this and create my own filter? I use only Java Config and no XML.

我想我必须在这里添加过滤器：

I think I must add the filter here:

public class WebInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
    @Override
    protected Filter[] getServletFilters() {
        MyOwnFilter=new MyOwnFilter();
        return new Filter[] {MyOwnFilter};
    }
}

推荐答案

替代方案到过滤器，您可以使用 HandlerInterceptor 。

Alternative to Filters, you can use HandlerInterceptor.

public class SessionManager implements HandlerInterceptor{

    // This method is called before the controller
    @Override
    public boolean preHandle(HttpServletRequest request,
            HttpServletResponse response, Object handler) throws Exception {

        String xHeader = request.getHeader("X-Auth-Token");
        boolean permission = getPermission(xHeader);
        if(permission) {
            return true;
        }
        else {
            response.setStatus(HttpStatus.UNAUTHORIZED.value());
            return false;
            // Above code will send a 401 with no response body.
            // If you need a 401 view, do a redirect instead of
            // returning false.
            // response.sendRedirect("/401"); // assuming you have a handler mapping for 401

        }
        return false;
    }

    @Override
    public void postHandle(HttpServletRequest request,
            HttpServletResponse response, Object handler,
            ModelAndView modelAndView) throws Exception {

    }

    @Override
    public void afterCompletion(HttpServletRequest request,
            HttpServletResponse response, Object handler, Exception ex)
            throws Exception {

    }
}

然后将此拦截器添加到webmvc配置中。

And then add this interceptor to your webmvc config.

@EnableWebMvc
@Configuration
public class WebConfig extends WebMvcConfigurerAdapter {

    @Bean
    SessionManager getSessionManager() {
         return new SessionManager();
    }

    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        registry.addInterceptor(getSessionManager())
        .addPathPatterns("/**")
        .excludePathPatterns("/resources/**", "/login");
     // assuming you put your serve your static files with /resources/ mapping
     // and the pre login page is served with /login mapping
    }

}

这篇关于如何使用Spring MVC创建自己的过滤器？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！