package com.xxl.job.admin.controller.interceptor; import com.xxl.job.admin.controller.annotation.PermissionLimit; import com.xxl.job.admin.core.model.XxlJobUser; import com.xxl.job.admin.core.util.I18nUtil; import com.xxl.job.admin.service.LoginService; import org.springframework.stereotype.Component; import org.springframework.web.method.HandlerMethod; import org.springframework.web.servlet.AsyncHandlerInterceptor; import javax.annotation.Resource; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; /** * 权限拦截 * * @author xuxueli 2015-12-12 18:09:04 */ @Component public class PermissionInterceptor implements AsyncHandlerInterceptor { @Resource private LoginService loginService; @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { if (!(handler instanceof HandlerMethod)) { return true; // proceed with the next interceptor } // if need login boolean needLogin = true; boolean needAdminuser = false; HandlerMethod method = (HandlerMethod)handler; PermissionLimit permission = method.getMethodAnnotation(PermissionLimit.class); if (permission!=null) { needLogin = permission.limit(); needAdminuser = permission.adminuser(); } if (needLogin) { XxlJobUser loginUser = loginService.ifLogin(request, response); if (loginUser == null) { response.setStatus(302); response.setHeader("location", request.getContextPath()+"/toLogin"); return false; } if (needAdminuser && loginUser.getRole()!=1) { throw new RuntimeException(I18nUtil.getString("system_permission_limit")); } request.setAttribute(LoginService.LOGIN_IDENTITY_KEY, loginUser); } return true; // proceed with the next interceptor } }