如何使用Spring MVC创建自己的过滤器? [英] How to create my own filter with Spring MVC?
问题描述
我使用Spring MVC(4.0.1)作为休息服务的后端和angularjs作为前端。
I use Spring MVC (4.0.1) as a backend for rest services and angularjs as frontend.
我的服务器后端的每个请求都有一个http-header会话ID
every request to my server backend has a http-header with a session id
我可以使用以下代码在服务器后端读取此标头:
I can read this header in my server backend with the following code:
@Autowired
protected HttpServletRequest request;
String xHeader=request.getHeader("X-Auth-Token"); //returns the sessionID from the header
现在我调用此方法 getPermission( xHeader)
它只返回true或false。如果用户存在于我的数据库中,则返回true,否则返回false!
Now I call this method getPermission(xHeader)
it return only true or false. If the user exists in my DB it return true else false!
我现在想要创建一个具有此行为的过滤器,如果用户有权访问,则检查每个请求我的控制员!但是如果方法返回false,它应该发回401错误而不能到达我的控制器!
I want now create a filter with this behavior, that checks every request if the user have the permission to access my controllers! But if the method returns false it should send back a 401 error and not reach my controller!
我怎么能这样做并创建我自己的过滤器?我只使用Java Config而不使用XML。
How can I do this and create my own filter? I use only Java Config and no XML.
我想我必须在这里添加过滤器:
I think I must add the filter here:
public class WebInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
@Override
protected Filter[] getServletFilters() {
MyOwnFilter=new MyOwnFilter();
return new Filter[] {MyOwnFilter};
}
}
推荐答案
替代方案到过滤器,您可以使用 HandlerInterceptor
。
Alternative to Filters, you can use HandlerInterceptor
.
public class SessionManager implements HandlerInterceptor{
// This method is called before the controller
@Override
public boolean preHandle(HttpServletRequest request,
HttpServletResponse response, Object handler) throws Exception {
String xHeader = request.getHeader("X-Auth-Token");
boolean permission = getPermission(xHeader);
if(permission) {
return true;
}
else {
response.setStatus(HttpStatus.UNAUTHORIZED.value());
return false;
// Above code will send a 401 with no response body.
// If you need a 401 view, do a redirect instead of
// returning false.
// response.sendRedirect("/401"); // assuming you have a handler mapping for 401
}
return false;
}
@Override
public void postHandle(HttpServletRequest request,
HttpServletResponse response, Object handler,
ModelAndView modelAndView) throws Exception {
}
@Override
public void afterCompletion(HttpServletRequest request,
HttpServletResponse response, Object handler, Exception ex)
throws Exception {
}
}
然后将此拦截器添加到webmvc配置中。
And then add this interceptor to your webmvc config.
@EnableWebMvc
@Configuration
public class WebConfig extends WebMvcConfigurerAdapter {
@Bean
SessionManager getSessionManager() {
return new SessionManager();
}
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(getSessionManager())
.addPathPatterns("/**")
.excludePathPatterns("/resources/**", "/login");
// assuming you put your serve your static files with /resources/ mapping
// and the pre login page is served with /login mapping
}
}
这篇关于如何使用Spring MVC创建自己的过滤器?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!