2021-01-11 20:08:17 +08:00
|
|
|
|
# 路由拦截式鉴权
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
假设我们有如下需求:
|
|
|
|
|
> 项目中所有接口均需要登录验证,只有'登录接口'本身对外开放
|
|
|
|
|
|
|
|
|
|
我们怎么实现呢?给每个接口加上鉴权注解?手写全局拦截器?似乎都不是非常方便。<br/>
|
2021-06-19 01:38:37 +08:00
|
|
|
|
在这个需求中我们真正需要的是一种基于路由拦截的鉴权模式, 那么在Sa-Token怎么实现路由拦截鉴权呢?
|
2021-01-11 20:08:17 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2021-06-03 23:30:16 +08:00
|
|
|
|
### 1、注册路由拦截器
|
2021-04-12 03:22:01 +08:00
|
|
|
|
以`SpringBoot2.0`为例, 新建配置类`SaTokenConfigure.java`
|
2021-01-11 20:08:17 +08:00
|
|
|
|
``` java
|
|
|
|
|
@Configuration
|
2021-04-12 03:22:01 +08:00
|
|
|
|
public class SaTokenConfigure implements WebMvcConfigurer {
|
2021-06-19 01:38:37 +08:00
|
|
|
|
// 注册Sa-Token的登录拦截器
|
2021-01-11 20:08:17 +08:00
|
|
|
|
@Override
|
|
|
|
|
public void addInterceptors(InterceptorRegistry registry) {
|
2021-05-19 15:30:46 +08:00
|
|
|
|
// 注册登录拦截器,并排除登录接口或其他可匿名访问的接口地址 (与注解拦截器无关)
|
2021-01-11 20:08:17 +08:00
|
|
|
|
registry.addInterceptor(new SaRouteInterceptor()).addPathPatterns("/**").excludePathPatterns("/user/doLogin");
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
```
|
2021-03-14 00:04:11 +08:00
|
|
|
|
以上代码,我们注册了一个登录验证拦截器,并且排除了`/user/doLogin`接口用来开放登录(除了`/user/doLogin`以外的所有接口都需要登录才能访问) <br>
|
2021-01-11 20:08:17 +08:00
|
|
|
|
那么我们如何进行权限认证拦截呢,且往下看
|
|
|
|
|
|
|
|
|
|
|
2021-06-03 23:30:16 +08:00
|
|
|
|
### 2、自定义权限验证规则
|
2021-03-14 00:04:11 +08:00
|
|
|
|
你可以使用函数式编程自定义验证规则
|
2021-01-11 20:08:17 +08:00
|
|
|
|
|
2021-01-13 09:42:12 +08:00
|
|
|
|
``` java
|
|
|
|
|
@Configuration
|
2021-04-12 03:22:01 +08:00
|
|
|
|
public class SaTokenConfigure implements WebMvcConfigurer {
|
2021-01-13 09:42:12 +08:00
|
|
|
|
@Override
|
|
|
|
|
public void addInterceptors(InterceptorRegistry registry) {
|
2021-03-14 00:04:11 +08:00
|
|
|
|
// 注册路由拦截器,自定义验证规则
|
2021-06-03 23:30:16 +08:00
|
|
|
|
registry.addInterceptor(new SaRouteInterceptor((req, res, handler)->{
|
2021-01-14 02:06:39 +08:00
|
|
|
|
// 根据路由划分模块,不同模块不同鉴权
|
2021-06-03 23:30:16 +08:00
|
|
|
|
SaRouter.match("/user/**", () -> StpUtil.checkPermission("user"));
|
|
|
|
|
SaRouter.match("/admin/**", () -> StpUtil.checkPermission("admin"));
|
|
|
|
|
SaRouter.match("/goods/**", () -> StpUtil.checkPermission("goods"));
|
|
|
|
|
SaRouter.match("/orders/**", () -> StpUtil.checkPermission("orders"));
|
|
|
|
|
SaRouter.match("/notice/**", () -> StpUtil.checkPermission("notice"));
|
|
|
|
|
SaRouter.match("/comment/**", () -> StpUtil.checkPermission("comment"));
|
2021-01-13 09:42:12 +08:00
|
|
|
|
})).addPathPatterns("/**");
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
```
|
2021-01-11 20:08:17 +08:00
|
|
|
|
|
2021-06-03 23:30:16 +08:00
|
|
|
|
### 3、完整示例
|
2021-03-14 00:04:11 +08:00
|
|
|
|
所有用法示例:
|
2021-01-13 09:42:12 +08:00
|
|
|
|
|
|
|
|
|
``` java
|
|
|
|
|
@Configuration
|
2021-04-12 03:22:01 +08:00
|
|
|
|
public class SaTokenConfigure implements WebMvcConfigurer {
|
2021-06-19 01:38:37 +08:00
|
|
|
|
// 注册Sa-Token的拦截器
|
2021-01-13 09:42:12 +08:00
|
|
|
|
@Override
|
|
|
|
|
public void addInterceptors(InterceptorRegistry registry) {
|
2021-03-14 00:04:11 +08:00
|
|
|
|
// 注册路由拦截器,自定义验证规则
|
2021-06-03 23:30:16 +08:00
|
|
|
|
registry.addInterceptor(new SaRouteInterceptor((req, res, handler) -> {
|
2021-01-13 09:42:12 +08:00
|
|
|
|
|
|
|
|
|
// 登录验证 -- 拦截所有路由,并排除/user/doLogin 用于开放登录
|
2021-06-03 23:30:16 +08:00
|
|
|
|
SaRouter.match("/**", "/user/doLogin", () -> StpUtil.checkLogin());
|
2021-01-13 09:42:12 +08:00
|
|
|
|
|
2021-03-14 00:04:11 +08:00
|
|
|
|
// 登录验证 -- 排除多个路径
|
2021-06-03 23:30:16 +08:00
|
|
|
|
SaRouter.match(Arrays.asList("/**"), Arrays.asList("/user/doLogin", "/user/reg"), () -> StpUtil.checkLogin());
|
2021-03-14 00:04:11 +08:00
|
|
|
|
|
2021-01-14 02:06:39 +08:00
|
|
|
|
// 角色认证 -- 拦截以 admin 开头的路由,必须具备[admin]角色或者[super-admin]角色才可以通过认证
|
2021-06-03 23:30:16 +08:00
|
|
|
|
SaRouter.match("/admin/**", () -> StpUtil.checkRoleOr("admin", "super-admin"));
|
2021-01-13 09:42:12 +08:00
|
|
|
|
|
|
|
|
|
// 权限认证 -- 不同模块, 校验不同权限
|
2021-06-03 23:30:16 +08:00
|
|
|
|
SaRouter.match("/user/**", () -> StpUtil.checkPermission("user"));
|
|
|
|
|
SaRouter.match("/admin/**", () -> StpUtil.checkPermission("admin"));
|
|
|
|
|
SaRouter.match("/goods/**", () -> StpUtil.checkPermission("goods"));
|
|
|
|
|
SaRouter.match("/orders/**", () -> StpUtil.checkPermission("orders"));
|
|
|
|
|
SaRouter.match("/notice/**", () -> StpUtil.checkPermission("notice"));
|
|
|
|
|
SaRouter.match("/comment/**", () -> StpUtil.checkPermission("comment"));
|
2021-01-13 09:42:12 +08:00
|
|
|
|
|
2021-02-06 15:24:11 +08:00
|
|
|
|
// 匹配 restful 风格路由
|
2021-06-03 23:30:16 +08:00
|
|
|
|
SaRouter.match("/article/get/{id}", () -> StpUtil.checkPermission("article"));
|
2021-01-14 02:06:39 +08:00
|
|
|
|
|
2021-03-14 00:04:11 +08:00
|
|
|
|
// 检查请求方式
|
2021-06-03 23:30:16 +08:00
|
|
|
|
SaRouter.match("/notice/**", () -> {
|
|
|
|
|
if(req.getMethod().equals(HttpMethod.GET.toString())) {
|
2021-03-14 00:04:11 +08:00
|
|
|
|
StpUtil.checkPermission("notice");
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
|
2021-06-03 23:30:16 +08:00
|
|
|
|
// 提前退出
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2021-03-14 00:04:11 +08:00
|
|
|
|
// 在多账号模式下,可以使用任意StpUtil进行校验
|
2021-06-03 23:30:16 +08:00
|
|
|
|
SaRouter.match("/user/**", () -> StpUserUtil.checkLogin());
|
2021-03-14 00:04:11 +08:00
|
|
|
|
|
2021-01-13 09:42:12 +08:00
|
|
|
|
})).addPathPatterns("/**");
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
```
|
2021-01-11 20:08:17 +08:00
|
|
|
|
|
|
|
|
|
|
2021-06-03 23:30:16 +08:00
|
|
|
|
### 4、提前退出匹配链条
|
|
|
|
|
使用 `SaRouter.stop()` 可以提前退出匹配链,例:
|
2021-01-11 20:08:17 +08:00
|
|
|
|
|
2021-06-03 23:30:16 +08:00
|
|
|
|
``` java
|
|
|
|
|
// 原写法
|
|
|
|
|
registry.addInterceptor(SaRouteInterceptor.createPermissionVal("user")).addPathPatterns("/user/**");
|
|
|
|
|
|
|
|
|
|
// 改为以下方式,效果同上
|
|
|
|
|
registry.addInterceptor(new SaRouteInterceptor((req, res, handler) -> {
|
|
|
|
|
SaRouter.match("/**", () -> System.out.println("进入1"));
|
|
|
|
|
SaRouter.match("/**", () -> {System.out.println("进入2"); SaRouter.stop();});
|
|
|
|
|
SaRouter.match("/**", () -> System.out.println("进入3"));
|
|
|
|
|
})).addPathPatterns("/**");
|
|
|
|
|
```
|
|
|
|
|
如上示例,代码运行至第2条匹配链时,会在stop函数处提前退出整个匹配函数,从而忽略掉剩余的所有match匹配
|
2021-01-11 20:08:17 +08:00
|
|
|
|
|
|
|
|
|
|
2021-06-03 23:30:16 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<!--
|
|
|
|
|
### 注意事项
|
2021-04-28 18:27:02 +08:00
|
|
|
|
在`v1.14`及以前版本下,路由拦截器提供了封装式写法,该方法代码比较冗余,在`v1.15`版本已移除,替代方案如下:
|
2021-01-11 20:08:17 +08:00
|
|
|
|
|
2021-03-22 17:02:09 +08:00
|
|
|
|
``` java
|
|
|
|
|
// 原写法
|
|
|
|
|
registry.addInterceptor(SaRouteInterceptor.createPermissionVal("user")).addPathPatterns("/user/**");
|
2021-01-11 20:08:17 +08:00
|
|
|
|
|
2021-03-22 17:02:09 +08:00
|
|
|
|
// 改为以下方式,效果同上
|
|
|
|
|
registry.addInterceptor(new SaRouteInterceptor((request, response, handler) -> {
|
2021-06-03 23:30:16 +08:00
|
|
|
|
SaRouter.match("/user/**", () -> StpUtil.checkPermission("user"));
|
2021-03-22 17:02:09 +08:00
|
|
|
|
})).addPathPatterns("/**");
|
|
|
|
|
```
|
2021-06-03 23:30:16 +08:00
|
|
|
|
-->
|
2021-03-22 17:02:09 +08:00
|
|
|
|
|
|
|
|
|
|