Spring引导拦截器返回JSON
我有一个SpringBoot应用程序,它是RESTWebService 我想添加一个拦截器,这样每个没有特定操作权限的角色都会返回401错误代码Spring引导拦截器返回JSON,spring,spring-boot,interceptor,Spring,Spring Boot,Interceptor,我有一个SpringBoot应用程序,它是RESTWebService 我想添加一个拦截器,这样每个没有特定操作权限的角色都会返回401错误代码 @Override public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o) throws Exception { logger.info("Request URL
@Override
public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o) throws Exception {
logger.info("Request URL::" + httpServletRequest.getRequestURL().toString()
+ ":: Start Time=" + System.currentTimeMillis());
UsernamePasswordAuthenticationToken token = (UsernamePasswordAuthenticationToken) httpServletRequest.getUserPrincipal();
String roleStr = token.getAuthorities().iterator().next().getAuthority();
String action = httpServletRequest.getServletPath();
Role role = roleRepository.findOne(Long.parseLong(roleStr));
if (role.getActions().contains(action)) {
return true;
}
httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return false;
}
问题是响应总是返回HTML,如何使响应像用@RestController注释的控制器一样返回JSON
谢谢您使用的是Spring Security,那么您到底为什么需要它呢?Spring Security已经为您做到了这一点……我希望动态修改操作,并且这些操作可能不仅与它们可以在函数中设置的url相关,这在Spring Security中可行吗?您阅读过文档了吗?您可以使用URL和/或基于方法的安全性,它们对表达式和所有内容也可能非常复杂。
package com.sha.home;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.sha.model.Message;
public class ExecuteTimeInterceptor extends HandlerInterceptorAdapter{
private static final Logger logger = Logger.getLogger(ExecuteTimeInterceptor.class);
//before the actual handler will be executed
public boolean preHandle(HttpServletRequest request,
HttpServletResponse response, Object handler)
throws Exception {
long startTime = System.currentTimeMillis();
request.setAttribute("startTime", startTime);
System.out.println("start time"+startTime);
ObjectMapper mapper = new ObjectMapper();
Message msg = new Message("invalid","userinvalid");// customised pojo for error json message
response.setContentType("application/json");
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
response.getWriter().write(mapper.writeValueAsString(msg));
return false;
}
//after the handler is executed
public void postHandle(
HttpServletRequest request, HttpServletResponse response,
Object handler, ModelAndView modelAndView)
throws Exception {
long startTime = (Long)request.getAttribute("startTime");
long endTime = System.currentTimeMillis();
long executeTime = endTime - startTime;
//modified the exisitng modelAndView
//log it
if(logger.isDebugEnabled()){
logger.debug("[" + handler + "] executeTime : " + executeTime + "ms");
}
}
}
enter code here