zoukankan      html  css  js  c++  java

  • spring MVC 权限控制拦截

    SecurityInterceptor实现spring mvc 框架的结构在访问控制@Controller之前的权限拦截,具体实现方法,增加总权限控制器

    public class SecurityInterceptor extends HandlerInterceptorAdapter{

    private static final Logger logger = Logger.getLogger(SecurityInterceptor.class);

    @Resource
    private SessionInfoService sessionInfoService;
    
    private List<String> excludeUrls;// 不需要拦截的资源

    public List<String> getExcludeUrls() {
        return excludeUrls;
    }

    public void setExcludeUrls(List<String> excludeUrls) {
        this.excludeUrls = excludeUrls;
    }

    /**
     * 完成页面的render后调用
     */
    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object object, Exception exception) throws Exception {

    }

    /**
     * 在调用controller具体方法后拦截
     */
    @Override
    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object object, ModelAndView modelAndView) throws Exception {

    }

    /**
     * 在调用controller具体方法前拦截
     */
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object object){
        String requestUri = request.getRequestURI();
        ResponseMap errMap = new ResponseMap();
        String contextPath = request.getContextPath();
        String url = requestUri.substring(contextPath.length());
        logger.debug("check url : " + url);
        String token = request.getParameter("token");
        logger.debug("check token : " + token);

        if (excludeUrls.contains(url)) {// 如果要访问的资源是不需要验证的
            return true;
        }
        try {
            if(token == null || token.trim().equals(""))
            {
                errMap.putError(MessageConstants.getMessage("user.notlogin"));
            }else{
                errMap = sessionInfoService.bePermission(token.trim(), url.trim());
            }
            if(!("0".equals(errMap.get("err"))))
            {
                response.setCharacterEncoding("utf-8");
                response.setContentType("application/json");
                response.getWriter().print(JSONObject.fromObject(errMap));  //返回错误提示信息
                response.getWriter().flush();
                return false;
            }
        } catch (IOException e) {
            logger.debug("preHandle error");
        }finally{
        }
        return true;
    }
}

    springMVC 中 对拦截以及不需要拦截的资源的配置

    <mvc:interceptors>
        <mvc:interceptor>
            <mvc:mapping path="/**" />
            <bean class="SecurityInterceptor">   //SecurityInterceptor的class路径
                <property name="excludeUrls">
                    <list>
                        <value>/test/test1</value>
                        <value>/test/test2</value>
                    </list>
                </property>
            </bean>
        </mvc:interceptor>
    </mvc:interceptors>
  • 相关阅读:
    轻量级的Web服务器Nginx0.9.0 开发版发布 狼人:
    微软发布Silverlight 5 Beta新特性 狼人:
    TechCrunch新闻评论:Flash耗电问题严重 狼人:
    IE9是最佳浏览器? 狼人:
    Silverlight面向客户端,HTML5面向Web 狼人:
    Silverlight 结构分析 狼人:
    HTML5是否已经准备好了?仍在W3C层层审核当中 狼人:
    Adobe驳斥Flash过度耗电论 称HTML5更耗电 狼人:
    Silverlight 5即将来临 狼人:
    运行控制[置顶] 有趣的编程控制自己电脑的CPU
  • 原文地址:https://www.cnblogs.com/cyanqx/p/3890642.html
Copyright © 2011-2022 走看看