zoukankan      html  css  js  c++  java

  • spring MVC 权限控制拦截

    SecurityInterceptor实现spring mvc 框架的结构在访问控制@Controller之前的权限拦截,具体实现方法,增加总权限控制器

    public class SecurityInterceptor extends HandlerInterceptorAdapter{

    private static final Logger logger = Logger.getLogger(SecurityInterceptor.class);

    @Resource
    private SessionInfoService sessionInfoService;
    
    private List<String> excludeUrls;// 不需要拦截的资源

    public List<String> getExcludeUrls() {
        return excludeUrls;
    }

    public void setExcludeUrls(List<String> excludeUrls) {
        this.excludeUrls = excludeUrls;
    }

    /**
     * 完成页面的render后调用
     */
    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object object, Exception exception) throws Exception {

    }

    /**
     * 在调用controller具体方法后拦截
     */
    @Override
    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object object, ModelAndView modelAndView) throws Exception {

    }

    /**
     * 在调用controller具体方法前拦截
     */
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object object){
        String requestUri = request.getRequestURI();
        ResponseMap errMap = new ResponseMap();
        String contextPath = request.getContextPath();
        String url = requestUri.substring(contextPath.length());
        logger.debug("check url : " + url);
        String token = request.getParameter("token");
        logger.debug("check token : " + token);

        if (excludeUrls.contains(url)) {// 如果要访问的资源是不需要验证的
            return true;
        }
        try {
            if(token == null || token.trim().equals(""))
            {
                errMap.putError(MessageConstants.getMessage("user.notlogin"));
            }else{
                errMap = sessionInfoService.bePermission(token.trim(), url.trim());
            }
            if(!("0".equals(errMap.get("err"))))
            {
                response.setCharacterEncoding("utf-8");
                response.setContentType("application/json");
                response.getWriter().print(JSONObject.fromObject(errMap));  //返回错误提示信息
                response.getWriter().flush();
                return false;
            }
        } catch (IOException e) {
            logger.debug("preHandle error");
        }finally{
        }
        return true;
    }
}

    springMVC 中 对拦截以及不需要拦截的资源的配置

    <mvc:interceptors>
        <mvc:interceptor>
            <mvc:mapping path="/**" />
            <bean class="SecurityInterceptor">   //SecurityInterceptor的class路径
                <property name="excludeUrls">
                    <list>
                        <value>/test/test1</value>
                        <value>/test/test2</value>
                    </list>
                </property>
            </bean>
        </mvc:interceptor>
    </mvc:interceptors>
  • 相关阅读:
    base64编码
    URL编码和解码
    Android MineType
    Gzip压缩
    关于文件与文件系统的压缩与打包命令-Linux(笔记)
    tesseract的编译安装
    HDOJ How many ways?? 2157【矩阵高速幂】
    [ACM] POJ 3253 Fence Repair (Huffman树思想,优先队列)
    6.非关系型数据库(Nosql)之mongodb:集群(主从复制)
    androidproject有红色叹号的解决方式
  • 原文地址:https://www.cnblogs.com/cyanqx/p/3890642.html
Copyright © 2011-2022 走看看