Use @PreAuthorize annotation to custom permission verification
Use scenarios
Since the project requires opening the interface to the outside world, request header verification is required, and no other permission control is required. Therefore, it is planned to release all open interfaces without login verification. I thought of using this annotation to implement permission verification in the management background before, so in order to facilitate the annotation on the interface that needs to be opened to the outside world, record the implementation process.
1. Enable @EnableGlobalMethodSecurity(prePostEnabled = true) annotation
Post this annotation on the class inheriting the WebSecurityConfigurerAdapter class. And prePostEnabled is set to true, and the @PreAuthorize annotation will take effect. SpringSecurity is turned off by default.
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter implements WebMvcConfigurer {....}2. Write a custom authentication method
// Service name sc is convenient for annotation call@Service("sc")
@Slf4j
public class SginCheckService {
@Autowired
private PlatformManageService platformManageService;
public boolean checkSgin(){
HttpServletRequest request = ();
String appid = ("appid");
String signature = ("signature");
String timestamp = ("timestamp");
//Non-crm management platform PlatformManage platformManage = (Wrappers.<PlatformManage>lambdaQuery().eq(PlatformManage::getSourcetype, appid));
if (platformManage == null) {
("The platform does not exist:" + appid);
//Authentication failed and throws a custom exception throw new SginCheckException();
}
//Check the signature String secretKey = ();
MD5 md5 = new MD5();
String lowerCase = md5.getMD5ofStr(appid + secretKey + timestamp).toLowerCase();
if (!(signature)) {
("Signature verification failed:" + "crm:" + lowerCase + ",interface:" + signature);
//Authentication failed and throws a custom exception throw new SginCheckException();
}
//If the authentication is successful and returns true, an error will be reported. return true;
}
}3. Create a custom exception class
public class SginCheckException extends BaseException {
public SginCheckException() {
super();
}
public SginCheckException(String message) {
super(SystemErrorType.SIGNATURE_ERROR,message);
}
}
4. Catch the exception class and perform corresponding processing in the unified exception handling class
@ControllerAdvice
@Slf4j
public class GlobalExceptionHandler {
/**
* Exception thrown if signature fails
*
* @param e
* @return
*/
@ResponseBody
@ResponseStatus()
@ExceptionHandler(value = {})
public Result sginCheckException(SginCheckException e) {
return (SystemErrorType.SIGNATURE_ERROR);
}
}5. Finally, put annotations on the interface that requires authentication
// Call method syntax @() @ApiOperation(value = "Member Registration", notes = "Member Registration", httpMethod = "POST")
@PostMapping("/register")
@PreAuthorize("@()")
public Result register(@RequestBody @Valid MemberRegisterParam memberRegisterParam, HttpServletRequest request) {
("Member Registration:" + memberRegisterParam);
return (memberRegisterParam, request);
}Summarize
Of course, there are many uses of this annotation, and I just record my usage.
The above is personal experience. I hope you can give you a reference and I hope you can support me more.