Spring boot:如何为静态资源添加拦截器?
[英]Spring boot: How to add interceptors to static resources?
问题描述
I have several folders in /static/img/** and I need to add interceptors to some of them to check user permissions.
我在/static/img/**有几个文件夹,我需要向其中一些文件夹添加拦截器以检查用户权限。 I've used interceptors earlier and added them this way:我之前使用过拦截器并以这种方式添加它们:
@SpringBootApplication
@EnableTransactionManagement
public class Application extends WebMvcConfigurerAdapter {
...
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry
.addResourceHandler("/static/**")
.addResourceLocations("classpath:/static/");
}
@Bean
public AuthHeaderInterceptor authHeaderInterceptor() {
return new AuthHeaderInterceptor();
}
@Bean
public AuthCookieInterceptor authCookieInterceptor() {
return new AuthCookieInterceptor();
}
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry
.addInterceptor(authHeaderInterceptor())
.addPathPatterns(REST_URL)
.excludePathPatterns(
new String[] {
REST_SECURITY_URL,
REST_SETTINGS_URL,
REST_REPORTS_URL
}
);
registry
.addInterceptor(authCookieInterceptor())
.addPathPatterns(REST_REPORTS_URL);
}
}
All works fine for rest controllers and their URLs, but now I need to secure some static resources and I added this:对于其余控制器及其 URL,一切正常,但现在我需要保护一些静态资源,并添加了以下内容:
@SpringBootApplication
@EnableTransactionManagement
public class Application extends WebMvcConfigurerAdapter {
...
@Bean
public RoleAdminInterceptor roleAdminInterceptor() {
return new RoleAdminInterceptor();
}
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry
.addInterceptor(authHeaderInterceptor())
.addPathPatterns(REST_URL)
.excludePathPatterns(
new String[] {
REST_SECURITY_URL,
REST_SETTINGS_URL,
REST_REPORTS_URL
}
);
//THIS NOT WORK
registry
.addInterceptor(roleAdminInterceptor())
.addPathPatterns("/static/img/admin/**");
registry
.addInterceptor(authCookieInterceptor())
.addPathPatterns(REST_REPORTS_URL);
}
}
Commented line doesn't work.注释行不起作用。 When I send request to /static/img/admin/test.png RoleAdminInterceptor is never called.当我向/static/img/admin/test.png发送请求时, RoleAdminInterceptor从未被调用。
What I'm doing wrong?我做错了什么?
2 个解决方案
解决方案1
2 2020-05-25 22:41:32
I know this is an old question, but since it's unanswered it might help others searching for it.我知道这是一个老问题,但由于它没有答案,它可能会帮助其他人搜索它。
This is what worked for me:这对我有用:
1- Declare an interceptor class: 1-声明一个拦截器类:
class RoleBasedAccessInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
AntPathMatcher matcher = new AntPathMatcher();
String pattern = "/static/img/admin/**";
String requestURI = request.getRequestURI();
if (matcher.match(pattern, requestURI)) {
//Do whatever you need
return validateYourLogic();
}
return true;
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
}
}
2- Configure WebMvcConfigurer 2- 配置WebMvcConfigurer
public class WebMvcConfiguration implements WebMvcConfigurer {
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(new RoleBasedAccessInterceptor());
}
}
解决方案2
0 2018-08-22 22:46:58
I think in this case you could use Filters with Spring Security instead of Interceptors as you could Validate the access earlier on the process even before hitting the Interceptor, unless there is a specific use case that you need to use the interceptor here.我认为在这种情况下,您可以使用带有 Spring Security 的过滤器而不是拦截器,因为您甚至可以在访问拦截器之前在流程中更早地验证访问,除非有特定用例需要在此处使用拦截器。
Some topic about the difference between these two: filters-vs-interceptor关于这两者之间区别的一些主题: filters-vs-interceptor
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.