The application scenario, at the method level to authenticate the call, such as the API interface has a user uniquely labeled Accesstoken, for each request with Accesstoken can be added to the method of an interceptor, the user to obtain this request, stored in requests or session domain.
In python , the adorner can be used in Python flask to preprocess the method for permission handling
Take a look at an example and use @access_required to intercept:
?
12345678 |
@api
.route(
‘/post_apply‘
)
@access_required
def
apply
():
"""
活动报名
"""
print
‘报名者是:‘
+
g.user
return
jsonify(response_data)
|
The implementation is simple:
?
12345678910111213 |
# 验证access_token并保存当前用户到g中
def
access_required(f):
@wraps(f)
def
decorated_func(
*
args,
*
*
kwargs):
access_token
= request.values.get(
‘access_token‘
)
if
access_token
=
=
None
:
return
error_msg(
‘500‘
,
‘access_token required‘
)
if
access_token
=
=
"":
return
error_msg(
‘500‘
,
‘access_token can not empty‘
)
if
is_access_token(access_token)
=
=
False
:
return
error_msg(
‘500‘
,
‘invalid_access_token‘
)
return
f(
*
args,
*
*
kwargs)
return
decorated_func
|
in Java , a custom annotation interceptor is implemented to add an annotation to the required interception method @accessrequired
Examples of usages in the Spring MVC controller
?
123456789 |
/**
* 注解拦截器方法
* @return
*/
@RequestMapping
(value=
"/urlinter"
,method=RequestMethod.GET)
@AccessRequired
public @ResponseBody
String urlInterceptorTest() {
return
"通过拦截器:user"
+request.getAttribute(
"currUser"
);
}
|
How to implement the above example?
Define an annotation:
?
12345678910 |
import < Code class= "Java plain" >java.lang.annotation.elementtype; import java.lang.annotation.retentionpolicy; import java.lang.annotation.target; import java.lang.annotation.retention; @Target (elementtype.method) @Retention (retentionpolicy.runtime) public @interface accessrequired { &NBSP;&NBSP;&NBSP;&NBSP; |
Engage an Interceptor:
?
12345678910111213141516171819202122232425 |
/**
* 拦截url中的access_token
* @author Nob
*
*/
public
class
UserAccessApiInterceptor
extends HandlerInterceptorAdapter {
public
boolean
preHandle(HttpServletRequest request,
HttpServletResponse response, Object handler)
throws
Exception {
HandlerMethod handlerMethod = (HandlerMethod) handler;
Method method = handlerMethod.getMethod();
AccessRequired annotation = method.getAnnotation(AccessRequired.
class
);
if
(annotation !=
null
) {
System.out.println(
"你遇到了:@AccessRequired"
);
String accessToken = request.getParameter(
"access_token"
);
/**
* Do something
*/
response.getWriter().write(
"没有通过拦截,accessToken的值为:"
+ accessToken);
}
// 没有注解通过拦截
return
true
;
}
}
|
In the spring MVC configuration file:
?
123456789101112 |
<!-- 拦截器 -->
<
mvc:interceptors
>
<
mvc:interceptor
>
<!-- 对所有的请求拦截使用/** ,对某个模块下的请求拦截使用:/myPath/* -->
<
mvc:mapping
path
=
"/**"
/>
<
ref
bean
=
"userAccessInterceptor" />
</
mvc:interceptor
>
</
mvc:interceptors
>
<
bean
id
=
"userAccessInterceptor"
class
=
"com.banmacoffee.web.interceptor.UserAccessApiInterceptor"
>
</
bean
>
|
When you're done, you can do whatever you want in the interceptor, and load it up any way you like the controller request.
Spring MVC method Annotation Blocker