spring boot下通过拦截器完成访问权限限制

遇到一个需求是：要为用户设置不同的菜单、数据访问权限。对于一些特定类型的数据，有的用户可以看有的用户则不可以。一开始没有太多思路，后来一想是不是可以把"特定类型"这个参数通过@PathVariable注解加到路径上，这样就可以通过拦截器拦截后，校验此用户是否可以访问这个路径（类型）下的数据了。
话不多说，以下为具体实践

1. 拦截器配置类

   @Configuration
   public class UserInterceptorConfig {
       //为了保证IDbnetUserService提前实例化，能在userInterceptor使用
       //ConditionalOnMissingBean可以保证只有一个IDbnetUserService的实例
       @Bean
       @ConditionalOnMissingBean(IDbnetUserService.class)
       public IDbnetUserService dbnetUserService() {
           return new DbnetUserServiceImpl();
       }
       //拦截器
       @Bean(name = "userInterceptor")
       public HandlerInterceptor userInterceptor(IDbnetUserService dbnetUserService) {
           return new HandlerInterceptor() {
               @Override
               public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
                   //url = request.getRequestURI() 判断url是否可以有权限访问而返回true或者false
               }
           };
       }
   
   
   }
   
   

2. 注册拦截器

   //注册拦截器
       @Bean
       public WebMvcConfigurer registerInterceptor(@Qualifier("userInterceptor") HandlerInterceptor userInterceptor) {
           return new WebMvcConfigurerAdapter() {
               @Override
               public void addInterceptors(InterceptorRegistry registry) {
                   //要拦截的路径
                   List<String> path = interceptorProperties.getPath();
                   //要排除的路径
                   List<String> excludePath = interceptorProperties.getExcludePath();
                   registry.addInterceptor(userInterceptor).addPathPatterns(path.stream().toArray(String[]::new))
                           .excludePathPatterns(excludePath.stream().toArray(String[]::new));
               }
   
           };
       }
   

3. 配置要拦截的路径

   @Component
   @ConfigurationProperties(prefix = "dbnet.interceptor")
   public class InterceptorProperties {
       /**
        * 需要拦截的接口通配
        */
       private List<String> path = new ArrayList<>();
       /**
        * 需要忽略的接口通配
        */
       private List<String> excludePath = new ArrayList<>();
       public List<String> getPath() {
           return path;
       }
       public void setPath(List<String> path) {
           this.path = path;
       }
       public List<String> getExcludePath() {
           return excludePath;
       }
       public void setExcludePath(List<String> excludePath) {
           this.excludePath = excludePath;
       }
   }
   

   dbnet:
     interceptor:
       path: /net/**,/net/**
       excludePath: /net/detail,/net/recommend,/net/count,/net/getKeys,/net/metadata/**