SecurityInterceptor实现spring mvc 框架的结构在访问控制@Controller之前的权限拦截,具体实现方法,增加总权限控制器
public class SecurityInterceptor extends HandlerInterceptorAdapter{ private static final Logger logger = Logger.getLogger(SecurityInterceptor.class); @Resource private SessionInfoService sessionInfoService; private List<String> excludeUrls;// 不需要拦截的资源 public List<String> getExcludeUrls() { return excludeUrls; } public void setExcludeUrls(List<String> excludeUrls) { this.excludeUrls = excludeUrls; } /** * 完成页面的render后调用 */ @Override public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object object, Exception exception) throws Exception { } /** * 在调用controller具体方法后拦截 */ @Override public void postHandle(HttpServletRequest request, HttpServletResponse response, Object object, ModelAndView modelAndView) throws Exception { } /** * 在调用controller具体方法前拦截 */ @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object object){ String requestUri = request.getRequestURI(); ResponseMap errMap = new ResponseMap(); String contextPath = request.getContextPath(); String url = requestUri.substring(contextPath.length()); logger.debug("check url : " + url); String token = request.getParameter("token"); logger.debug("check token : " + token); if (excludeUrls.contains(url)) {// 如果要访问的资源是不需要验证的 return true; } try { if(token == null || token.trim().equals("")) { errMap.putError(MessageConstants.getMessage("user.notlogin")); }else{ errMap = sessionInfoService.bePermission(token.trim(), url.trim()); } if(!("0".equals(errMap.get("err")))) { response.setCharacterEncoding("utf-8"); response.setContentType("application/json"); response.getWriter().print(JSONObject.fromObject(errMap)); //返回错误提示信息 response.getWriter().flush(); return false; } } catch (IOException e) { logger.debug("preHandle error"); }finally{ } return true; } }
springMVC 中 对拦截以及不需要拦截的资源的配置
<mvc:interceptors> <mvc:interceptor> <mvc:mapping path="/**" /> <bean class="SecurityInterceptor"> //SecurityInterceptor的class路径 <property name="excludeUrls"> <list> <value>/test/test1</value> <value>/test/test2</value> </list> </property> </bean> </mvc:interceptor> </mvc:interceptors>