在拦截器中获取RequestParam的值

时间:2014-07-22 06:11:51

标签: spring spring-mvc spring-security

我希望你能帮助我。我有一个Spring Interceptor来根据控制器方法的@RequestMapping中配置的URL和传递给控制器​​的参数(参数)来授权用户。所有这些请求参数都使用@RequestParam注释进行配置。我需要检索从Interceptor中的@RequestParam传递的值,以便我可以使用这些参数来验证url是否已被正确的用户访问,以及是否允许用户传入documentId。如果可能,请告诉我。当我执行request.getParameter(“documentId”)时,我什么也得不到。我有一些代码如下

(控制器方法)

@RequestMapping(value = "/viewDocument.html")
public ModelAndView viewDocument(@RequestParam("documentId");

拦截课程

@Override
public boolean preHandle(final HttpServletRequest req, final HttpServletResponse resp, final Object handler) throws IOException {

    if (handler instanceof HandlerMethod) {
        final HandlerMethod handlerMethod = (HandlerMethod) handler;
        final RequestMapping requstMapping = handlerMethod.getMethodAnnotation(RequestMapping.class);

        if (requstMapping != null) {
            final AuthorizeRequest authorizeRequestAnnotation = handlerMethod.getMethodAnnotation(AuthorizeRequest.class);
            if (authorizeRequestAnnotation != null) {
                try {
                    checkAccess(req, requstMapping, handlerMethod);                        
                } catch (final SecurityException e) {
                    resp.sendError(HttpServletResponse.SC_FORBIDDEN, "You are not allowed to perform this function");
                    // return false;
                } catch (final Exception e) {
                    resp.sendError(HttpServletResponse.SC_BAD_REQUEST);
                    // return false;
                }
            }
        }
    }

    return true;
}

private void checkAccess(final HttpServletRequest req, final RequestMapping requestMapping, final HandlerMethod handlerMethod) throws SecurityException {

    final Map<String, Object> arguments = Maps.newHashMap();

    final RequestMethod[] methods = requestMapping.method();
    final MethodParameter[] methodParameters = handlerMethod.getMethodParameters();

    for (final MethodParameter methodParameter : methodParameters) {
        String parameterName = null;

        final RequestParam requestParam = methodParameter.getParameterAnnotation(RequestParam.class);
        if (requestParam != null) {
            parameterName = requestParam.value();
            arguments.put(parameterName, req.getParameter(parameterName));
        }
    }

    final RuleValidator ruleValidator = rulesConfiguration.get(requestMapping.value()[0]);
    ruleValidator.validate(arguments);
}

这是我正在使用的GET方法。是的,如果我删除了拦截器,则会发送documentId。下面是我的拦截器配置

<mvc:interceptors>
   <bean class="mypackage.SecurityInterceptor" />
</mvc:interceptors>

1 个答案:

答案 0 :(得分:0)

目前,我正在尝试实现同一目标。所以我最后一次尝试:

request.getAttribute("org.springframework.web.servlet.HandlerMapping.uriTemplateVariables")

为您提供参数的值。

但是我不确定这是正确的方法。

相关问题
最新问题