00:00/00:00

//自定义限制注解,加载controller url 上
@Retention(RUNTIME)
@Target(METHOD)
public @interface AccessLimit {
    int seconds();
    int maxCount();
    boolean needLogin() default true;
}

自定义一个拦截器集成HandlerInterceptorAdapter里面的preHandle方法

@Service
public class AccessInterceptor  extends HandlerInterceptorAdapter{

    @Autowired
    RedisService redisService;

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
            throws Exception {
        if(handler instanceof HandlerMethod) {
            User user = getUser(request, response);
            UserContext.setUser(user);
            HandlerMethod hm = (HandlerMethod)handler;
            AccessLimit accessLimit = hm.getMethodAnnotation(AccessLimit.class);//请求的方法是否带有accesslimit注解
            if(accessLimit == null) {
                return true;
            }
            //如果有判断每请求一次缓存中当前用户key的count+1.直到最大限制禁止访问此接口
            int seconds = accessLimit.seconds();
            int maxCount = accessLimit.maxCount();
            boolean needLogin = accessLimit.needLogin();
            String key = request.getRequestURI();
            if(needLogin) {
                if(user == null) {
                    render(response, CodeMsg.SESSION_ERROR);
                    return false;
                }
                key += "_" + user.getId();
            }else {
                //do nothing
            }
            AccessKey ak = AccessKey.withExpire(seconds);
            Integer count = redisService.get(ak, key, Integer.class);
            if(count  == null) {
                 redisService.set(ak, key, 1);
            }else if(count < maxCount) {
                 redisService.incr(ak, key);
            }else {
                render(response, CodeMsg.ACCESS_LIMIT_REACHED);
                return false;
            }
        }
        return true;
    }
    //返回前台
    private void render(HttpServletResponse response, CodeMsg cm)throws Exception {
        response.setContentType("application/json;charset=UTF-8");
        OutputStream out = response.getOutputStream();
        String str  = JSON.toJSONString(Result.error(cm));
        out.write(str.getBytes("UTF-8"));
        out.flush();
        out.close();
    }

//用户带来的redis key值可能在cookie中或者参数中
    private User getUser(HttpServletRequest request, HttpServletResponse response) {
        String paramToken = request.getParameter(MiaoshaUserService.COOKI_NAME_TOKEN);
        String cookieToken = getCookieValue(request, UserService.COOKI_NAME_TOKEN);
        if(StringUtils.isEmpty(cookieToken) && StringUtils.isEmpty(paramToken)) {
            return null;
        }
        String token = StringUtils.isEmpty(paramToken)?cookieToken:paramToken;
        return userService.getByToken(response, token);
    }

    private String getCookieValue(HttpServletRequest request, String cookiName) {
        Cookie[]  cookies = request.getCookies();
        if(cookies == null || cookies.length <= 0){
            return null;
        }
        for(Cookie cookie : cookies) {
            if(cookie.getName().equals(cookiName)) {
                return cookie.getValue();
            }
        }
        return null;
    }

}
/**
   * 在mvc配置拦截器
   * @param registry
   */
@Configuration
//等价于<mvc:annotation-driven/>
@EnableWebMvc
public class MVCConfiguration extends WebMvcConfigurerAdapter implements ApplicationContextAware {
  @Override
  public void addInterceptors(InterceptorRegistry registry) {
    String interceptPath = "";
    //注册拦截器
    InterceptorRegistration loginIR = registry.addInterceptor(new AccessInterceptor  ());
    //配置拦截路径
    loginIR.addPathPatterns(interceptPath);
    //注册其他拦截器
    InterceptorRegistration permissionIR = registry.addInterceptor(new UserPermissionInterceptor());
    //配置拦截路径
    permissionIR.addPathPatterns(interceptPath);
    //配置不拦截路径
    permissionIR.excludePathPatterns("");
  }
//将数据存在当前线程中,当前线程安全
public class UserContext {

    private static ThreadLocal<User> userHolder = new ThreadLocal<User>();

    public static void setUser(User user) {
        userHolder.set(user);
    }

    public static User getUser() {
        return userHolder.get();
    }

}

You Might Also Like

No Comments

Leave a Reply