Spring boot:如何在静态资源中添加拦截器?

时间:2017-09-27 10:55:43

标签: java spring spring-boot

我在/static/img/**中有几个文件夹,我需要在其中一些文件夹中添加拦截器以检查用户权限。我之前使用过拦截器并以这种方式添加它们:

@SpringBootApplication
@EnableTransactionManagement
public class Application extends WebMvcConfigurerAdapter {

  ...

  @Override
  public void addResourceHandlers(ResourceHandlerRegistry registry) {
    registry
      .addResourceHandler("/static/**")
      .addResourceLocations("classpath:/static/");
  }

  @Bean
  public AuthHeaderInterceptor authHeaderInterceptor() {
    return new AuthHeaderInterceptor();
  }

  @Bean
  public AuthCookieInterceptor authCookieInterceptor() {
    return new AuthCookieInterceptor();
  }

  @Override
  public void addInterceptors(InterceptorRegistry registry) {
    registry
      .addInterceptor(authHeaderInterceptor())
      .addPathPatterns(REST_URL)
      .excludePathPatterns(
        new String[] {
          REST_SECURITY_URL,
          REST_SETTINGS_URL,
          REST_REPORTS_URL
        }
      );

    registry
      .addInterceptor(authCookieInterceptor())
      .addPathPatterns(REST_REPORTS_URL);
  }
}

一切都适用于休息控制器及其URL,但现在我需要保护一些静态资源,我添加了这个:

@SpringBootApplication
@EnableTransactionManagement
public class Application extends WebMvcConfigurerAdapter {

  ...

  @Bean 
  public RoleAdminInterceptor roleAdminInterceptor() {
    return new RoleAdminInterceptor();
  }

  @Override
  public void addInterceptors(InterceptorRegistry registry) {
    registry
      .addInterceptor(authHeaderInterceptor())
      .addPathPatterns(REST_URL)
      .excludePathPatterns(
        new String[] {
          REST_SECURITY_URL,
          REST_SETTINGS_URL,
          REST_REPORTS_URL
        }
      );

    //THIS NOT WORK
    registry
      .addInterceptor(roleAdminInterceptor())
      .addPathPatterns("/static/img/admin/**");

    registry
      .addInterceptor(authCookieInterceptor())
      .addPathPatterns(REST_REPORTS_URL);
  }
}

评论行不起作用。当我向/static/img/admin/test.png RoleAdminInterceptor发送请求时,从未调用过。

我做错了什么?

2 个答案:

答案 0 :(得分:1)

我知道这是一个古老的问题,但是由于未得到解答,可能会帮助其他人进行搜索。

这对我有用:

1-声明一个拦截器类:

class RoleBasedAccessInterceptor implements HandlerInterceptor {
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        AntPathMatcher matcher = new AntPathMatcher();
        String pattern = "/static/img/admin/**";

        String requestURI = request.getRequestURI();

        if (matcher.match(pattern, requestURI)) {
            //Do whatever you need 
            return validateYourLogic();
        }

        return true;
    }

    @Override
    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {

    }

    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {

    }
}

2-配置WebMvcConfigurer 

public class WebMvcConfiguration implements WebMvcConfigurer {
    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        registry.addInterceptor(new RoleBasedAccessInterceptor());
    }
}

答案 1 :(得分:0)

我认为在这种情况下,您可以使用带有Spring Security的筛选器而不是拦截器,因为您甚至可以在击中拦截器之前就在流程中更早地验证访问,除非有特定的用例需要在此处使用拦截器。

有关这两者之间的区别的一些主题: filters-vs-interceptor

相关问题
最新问题