zoukankan      html  css  js  c++  java
  • spring MVC 权限控制拦截

    SecurityInterceptor实现spring mvc 框架的结构在访问控制@Controller之前的权限拦截,具体实现方法,增加总权限控制器

    public class SecurityInterceptor extends HandlerInterceptorAdapter{
    
        private static final Logger logger = Logger.getLogger(SecurityInterceptor.class);
    
        @Resource
        private SessionInfoService sessionInfoService;
        
        private List<String> excludeUrls;// 不需要拦截的资源
    
        public List<String> getExcludeUrls() {
            return excludeUrls;
        }
    
        public void setExcludeUrls(List<String> excludeUrls) {
            this.excludeUrls = excludeUrls;
        }
    
        /**
         * 完成页面的render后调用
         */
        @Override
        public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object object, Exception exception) throws Exception {
    
        }
    
        /**
         * 在调用controller具体方法后拦截
         */
        @Override
        public void postHandle(HttpServletRequest request, HttpServletResponse response, Object object, ModelAndView modelAndView) throws Exception {
    
        }
    
        /**
         * 在调用controller具体方法前拦截
         */
        @Override
        public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object object){
            String requestUri = request.getRequestURI();
            ResponseMap errMap = new ResponseMap();
            String contextPath = request.getContextPath();
            String url = requestUri.substring(contextPath.length());
            logger.debug("check url : " + url);
            String token = request.getParameter("token");
            logger.debug("check token : " + token);
    
            if (excludeUrls.contains(url)) {// 如果要访问的资源是不需要验证的
                return true;
            }
            try {
                if(token == null || token.trim().equals(""))
                {
                    errMap.putError(MessageConstants.getMessage("user.notlogin"));
                }else{
                    errMap = sessionInfoService.bePermission(token.trim(), url.trim());
                }
                if(!("0".equals(errMap.get("err"))))
                {
                    response.setCharacterEncoding("utf-8");
                    response.setContentType("application/json");
                    response.getWriter().print(JSONObject.fromObject(errMap));  //返回错误提示信息
                    response.getWriter().flush();
                    return false;
                }
            } catch (IOException e) {
                logger.debug("preHandle error");
            }finally{
            }
            return true;
        }
    }

    springMVC 中 对拦截以及不需要拦截的资源的配置

    <mvc:interceptors>
            <mvc:interceptor>
                <mvc:mapping path="/**" />
                <bean class="SecurityInterceptor">   //SecurityInterceptor的class路径
                    <property name="excludeUrls">
                        <list>
                            <value>/test/test1</value>
                            <value>/test/test2</value>
                        </list>
                    </property>
                </bean>
            </mvc:interceptor>
        </mvc:interceptors>
  • 相关阅读:
    母版
    扣点计算
    付费推广的投入产出比达到多少才合理?
    关于京东POP和采销双平台选择合作
    学习Swift--枚举的初步认识 --个人备忘 大神勿喷
    前台操作及技巧的一些文档
    ABAP 四舍五入函数
    设置ALV 行颜色
    初学笔记
    模块 BAPI
  • 原文地址:https://www.cnblogs.com/cyanqx/p/3890642.html
Copyright © 2011-2022 走看看