Examples with HandlerMethod org.springframework.web.method.HandlerMethod used on opensource projects
Example 26 with HandlerMethod
use of org.springframework.web.method.HandlerMethod in project Corgi by kevinYin.
the class AuthorityInterceptor method preHandle.
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
String uri = getURI(request);
String ip = IpAddressUtils.getClientIpAddr(request);
logger.info("权限拦截器 start | uri: {}, ip: {}", uri, ip);
if (handler.getClass().isAssignableFrom(HandlerMethod.class)) {
HandlerMethod method = (HandlerMethod) handler;
// 对只有 MenuResource 注解的方法做处理
RequestMapping requestMapping = method.getMethodAnnotation(RequestMapping.class);
if (method.getMethodAnnotation(MenuResource.class) != null && requestMapping != null) {
long accountId = AdminContext.getAccountId();
AllowAnonymous allowAnonymous = method.getMethodAnnotation(AllowAnonymous.class);
// 没有登录
if (accountId == 0 && allowAnonymous == null) {
response.sendRedirect(AppConstants.SSO_LOGIN_URL);
return false;
}
if (allowAnonymous == null) {
boolean pass = hasAuthorizable(AdminContext.getAccountId(), uri);
// 处理没有权限时的返回值
if (pass == false) {
// 没有权限
logger.error("没有权限访问 | uri: {}", uri);
if (method.getMethodAnnotation(ResponseBody.class) == null) {
// 这是一个页面
response.setCharacterEncoding("UTF-8");
response.sendRedirect("/admin/exception.xhtml?message=" + URLEncoder.encode("没有权限访问", "UTF-8"));
} else {
response.setHeader("Content-Type", "application/json; charset=UTF-8");
response.getWriter().println(DENIED_MESSAGE);
}
return false;
}
}
}
}
logger.info("权限拦截器 end");
return true;
}
Also used :
HandlerMethod(org.springframework.web.method.HandlerMethod)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
ResponseBody(org.springframework.web.bind.annotation.ResponseBody)
Example 27 with HandlerMethod
use of org.springframework.web.method.HandlerMethod in project free-framework by a601942905git.
the class Application method detectHandlerMethods.
/**
* 扫描URL,如果数据库中不存在,则保存入数据库
* 这个注解很重要,可以在每次启动的时候检查是否有URL更新,RequestMappingHandlerMapping只能在controller层用。这里我们放在主类中
*/
@PostConstruct
public void detectHandlerMethods() {
Map<RequestMappingInfo, HandlerMethod> map = requestMappingHandlerMapping.getHandlerMethods();
Set<RequestMappingInfo> mappings = map.keySet();
for (RequestMappingInfo info : mappings) {
HandlerMethod method = map.get(info);
String methodstr = method.toString();
methodstr = methodstr.split("\\(")[0];
methodstr = methodstr.split(" ")[2];
int i = methodstr.lastIndexOf(".");
methodstr = methodstr.substring(0, i);
String urlparm = info.getPatternsCondition().toString();
String url = urlparm.substring(1, urlparm.length() - 1);
}
}
Also used :
RequestMappingInfo(org.springframework.web.servlet.mvc.method.RequestMappingInfo)
HandlerMethod(org.springframework.web.method.HandlerMethod)
PostConstruct(javax.annotation.PostConstruct)
Example 28 with HandlerMethod
use of org.springframework.web.method.HandlerMethod in project free-framework by a601942905git.
the class CsrfTokenInterceptor method preHandle.
/**
* request请求处理之前
* @param request
* @param response
* @param handler
* @return
* @throws Exception
*/
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
// 此处一定要对类型判断,次handler并非一定是HandlerMethod
if (handler instanceof HandlerMethod) {
HandlerMethod handlerMethod = (HandlerMethod) handler;
Method method = handlerMethod.getMethod();
ValidateToken validateToken = method.getAnnotation(ValidateToken.class);
if (null != validateToken && validateToken.vlidate()) {
String requestToken = request.getParameter(CSRF_TOKEN);
boolean validateTokenFlag = validateToken(requestToken);
log.info("CsrfToken验证结果======>" + validateTokenFlag);
// 验证失败
if (!validateTokenFlag) {
return false;
}
// 验证通过移除csrfToken
WebContextUtils.removeSessionAttribute(CSRF_TOKEN);
}
}
return true;
}
Also used :
HandlerMethod(org.springframework.web.method.HandlerMethod)
Method(java.lang.reflect.Method)
HandlerMethod(org.springframework.web.method.HandlerMethod)
ValidateToken(com.free.framework.plateform.csrf.annotation.ValidateToken)
Example 29 with HandlerMethod
use of org.springframework.web.method.HandlerMethod in project fw-cloud-framework by liuweijw.
the class AuthorizationInterceptor method preHandle.
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
if (!permissionConfiguration.isEnabled())
return true;
if (!handler.getClass().isAssignableFrom(HandlerMethod.class))
return true;
final HandlerMethod handlerMethod = (HandlerMethod) handler;
final Method method = handlerMethod.getMethod();
final Class<?> clazz = method.getDeclaringClass();
String requestURI = request.getRequestURI();
String modulePermission = "";
// 为了规范,如果class上面没有设置@PrePermissions则不通过
if (!clazz.isAnnotationPresent(PrePermissions.class)) {
log.error("请求[" + requestURI + "]模块上未设置权限,请设置注解@PrePermissions权限!");
R<Boolean> responseWithR = new R<Boolean>().failure("请求[" + requestURI + "]模块上未设置权限,请设置注解@PrePermissions权限!").data(false);
this.handleWithResponse(response, responseWithR);
return false;
}
PrePermissions clazzPermissions = clazz.getAnnotation(PrePermissions.class);
if (!clazzPermissions.required())
return true;
modulePermission = clazzPermissions.value()[0];
// 为了规范:方法上没设置权限的请求则不通过
if (!method.isAnnotationPresent(PrePermissions.class)) {
log.error("请求[" + requestURI + "]方法上未设置权限,请设置注解@PrePermissions权限!");
R<Boolean> responseWithR = new R<Boolean>().failure("请求[" + requestURI + "]方法上未设置权限,请设置注解@PrePermissions权限!").data(false);
this.handleWithResponse(response, responseWithR);
return false;
}
PrePermissions prePermissions = method.getAnnotation(PrePermissions.class);
String[] permissions = prePermissions.value();
if (null == permissions || permissions.length == 0) {
log.error("请求[" + requestURI + "]方法上未正确设置权限,请设置注解@PrePermissions权限!");
R<Boolean> responseWithR = new R<Boolean>().failure("请求[" + requestURI + "]方法上未正确设置权限,请设置注解@PrePermissions权限!").data(false);
this.handleWithResponse(response, responseWithR);
return false;
}
// 验证是否有功能权限
List<String> roleList = JwtUtil.getRole(request);
if (null == roleList || roleList.size() == 0) {
R<Boolean> responseWithR = new R<Boolean>().failure("请求[" + requestURI + "]权限验证失败!").data(false);
this.handleWithResponse(response, responseWithR);
return false;
}
// 所以角色权限集合
Set<String> menuPermissions = new HashSet<String>();
for (String roleCode : roleList) {
menuPermissions.addAll(this.permissionService.findMenuPermissions(roleCode));
}
if (null == menuPermissions || menuPermissions.size() == 0) {
R<Boolean> responseWithR = new R<Boolean>().failure("请求[" + requestURI + "]权限未配置!").data(false);
this.handleWithResponse(response, responseWithR);
return false;
}
for (String permission : permissions) {
String valiatePermission = modulePermission + permission;
log.info("请求[" + requestURI + "],permission:[" + valiatePermission + "]");
// 验证permission是否有功能权限
if (!menuPermissions.contains(valiatePermission)) {
log.info("请求[" + requestURI + "]权限[" + valiatePermission + "]未配置!");
R<Boolean> responseWithR = new R<Boolean>().failure("请求[" + requestURI + "]权限[" + valiatePermission + "]未配置!").data(false);
this.handleWithResponse(response, responseWithR);
return false;
}
}
return true;
}
Also used :
R(com.github.liuweijw.core.utils.R)
HandlerMethod(org.springframework.web.method.HandlerMethod)
Method(java.lang.reflect.Method)
PrePermissions(com.github.liuweijw.business.commons.web.aop.PrePermissions)
HandlerMethod(org.springframework.web.method.HandlerMethod)
HashSet(java.util.HashSet)
Example 30 with HandlerMethod
use of org.springframework.web.method.HandlerMethod in project entando-core by entando.
the class EntandoOauth2Interceptor method preHandle.
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
if (handler instanceof HandlerMethod) {
HandlerMethod method = (HandlerMethod) handler;
if (method.hasMethodAnnotation(RequestMapping.class)) {
UserDetails user = this.extractOAuthParameters(request);
RestAccessControl rqm = method.getMethodAnnotation(RestAccessControl.class);
if (null == rqm) {
return true;
}
this.checkAuthorization(user, rqm.permission(), request);
}
}
return true;
}
Also used :
UserDetails(com.agiletec.aps.system.services.user.UserDetails)
RestAccessControl(org.entando.entando.web.common.annotation.RestAccessControl)
HandlerMethod(org.springframework.web.method.HandlerMethod)
Aggregations
HandlerMethod (org.springframework.web.method.HandlerMethod)235
Test (org.junit.jupiter.api.Test)87
Method (java.lang.reflect.Method)68
ModelAndView (org.springframework.web.servlet.ModelAndView)44
InvocableHandlerMethod (org.springframework.web.method.support.InvocableHandlerMethod)42
ArrayList (java.util.ArrayList)28
MappingJackson2HttpMessageConverter (org.springframework.http.converter.json.MappingJackson2HttpMessageConverter)26
MethodParameter (org.springframework.core.MethodParameter)25
HttpMessageConverter (org.springframework.http.converter.HttpMessageConverter)25
StringHttpMessageConverter (org.springframework.http.converter.StringHttpMessageConverter)24
Test (org.junit.Test)19
ByteArrayHttpMessageConverter (org.springframework.http.converter.ByteArrayHttpMessageConverter)19
ResourceHttpMessageConverter (org.springframework.http.converter.ResourceHttpMessageConverter)17
AllEncompassingFormHttpMessageConverter (org.springframework.http.converter.support.AllEncompassingFormHttpMessageConverter)17
MappingJackson2XmlHttpMessageConverter (org.springframework.http.converter.xml.MappingJackson2XmlHttpMessageConverter)17
IOException (java.io.IOException)14
RequestMethod (org.springframework.web.bind.annotation.RequestMethod)14
MockHttpServletRequest (org.springframework.web.testfixture.servlet.MockHttpServletRequest)14
Map (java.util.Map)13
AnnotationConfigApplicationContext (org.springframework.context.annotation.AnnotationConfigApplicationContext)12
