zoukankan      html  css  js  c++  java

  • SpringMVC用户与权限验证

    一、先写一个拦截器(新建一个Class,实现HandlerInterceptor接口,他会重写3个方法)

    package com.hd.common.interceptor;

    import java.util.ArrayList;

    import javax.servlet.http.HttpServletRequest;
    import javax.servlet.http.HttpServletResponse;

    import org.springframework.web.bind.annotation.RequestMapping;
    import org.springframework.web.servlet.HandlerInterceptor;
    import org.springframework.web.servlet.ModelAndView;


    public class ValidationInterceptor implements HandlerInterceptor{

    @Override
    public void afterCompletion(HttpServletRequest arg0,
    HttpServletResponse arg1, Object arg2, Exception arg3)
    throws Exception {
    //主要是执行完方法,做资源的释放
    System.out.println("会在请求Controller方法执行完毕后执行");

    }

    @Override
    public void postHandle(HttpServletRequest arg0, HttpServletResponse arg1,
    Object arg2, ModelAndView arg3) throws Exception {

    System.out.println("会在请求Controller方法执行完毕后,跳转到下个页面(请求)之前执行");


    }

    @Override
    public boolean preHandle(HttpServletRequest req,
    HttpServletResponse resp,
    Object obj) throws Exception {

    System.out.println("会在请求Controller方法之前执行");

    if(req.getSession().getAttribute("userid")==null){
    resp.sendRedirect("login.html");
    return false;
    }

    //是否有该权限("获取调用方法上面的注解值")
    RequestMapping rm=null;
    String[] v = rm.value();
    //从数据库查询出来的权限值 根据userid查数据库权限
    ArrayList list = new ArrayList<String>();
    list.add("/save.do");
    list.add("/find.do");
    //匹配注解上的值/save.do
    if(list.contains(v)){
    //代表有权限
    return true;
    }

    return true;
    }
    }

    在SpringMVC的配置文件中配置

    <?xml version="1.0" encoding="UTF-8"?>
    <beans
    xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:p="http://www.springframework.org/schema/p"
    xmlns:mvc="http://www.springframework.org/schema/mvc"
    xmlns:context="http://www.springframework.org/schema/context"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
    http://www.springframework.org/schema/context
    http://www.springframework.org/schema/context/spring-context.xsd
    http://www.springframework.org/schema/mvc
    http://www.springframework.org/schema/mvc/spring-mvc.xsd">

    <!-- 公共配置 扫描所有模块的控制器,给所有的控制器加入后缀.jsp -->

    <context:component-scan
    base-package="com.hd.controll"/>
    <bean id="dao" class="com.hd.dao.UserDao"/>
    <mvc:interceptors>
    <mvc:interceptor>
    <mvc:mapping path="/**"/> <!-- 拦截任意包、子包下所有.do请求, -->
    <mvc:exclude-mapping path="/isLogin.do"/><!-- 不拦截某些.do请求, -->
    <bean class="com.hd.common.interceptor.ValidationInterceptor"/> <!--把自定义拦截器配置进来 -->
    </mvc:interceptor>
    </mvc:interceptors>



    </beans>

    二、aop配置校验

    1)先写一个验证的方法

    package com.hd.common.aop;

    import java.io.IOException;
    import java.io.PrintWriter;
    import java.lang.reflect.Field;
    import java.lang.reflect.Method;
    import java.util.ArrayList;

    import javax.servlet.ServletContext;
    import javax.servlet.http.HttpServletRequest;
    import javax.servlet.http.HttpServletResponse;
    import javax.servlet.http.HttpSession;

    import org.aspectj.lang.ProceedingJoinPoint;
    import org.springframework.beans.factory.annotation.Autowired;
    import org.springframework.context.ApplicationContext;
    import org.springframework.http.ResponseEntity;
    import org.springframework.stereotype.Controller;
    import org.springframework.web.bind.annotation.ModelAttribute;
    import org.springframework.web.bind.annotation.ResponseBody;
    import org.springframework.web.context.ContextLoader;
    import org.springframework.web.context.ServletContextAware;
    import org.springframework.web.context.WebApplicationContext;
    import org.springframework.web.context.request.RequestContextHolder;
    import org.springframework.web.context.request.ServletRequestAttributes;
    import org.springframework.web.context.request.ServletWebRequest;
    import org.springframework.web.context.support.ServletContextAwareProcessor;

    import com.hd.controll.HandlerController;
    import com.sun.mail.iap.ResponseInputStream;

    public class HandlerValidation{
    /**
    * 校验用户登录与权限
    * ProceedingJoinPoint:可以获取配置文件中aop:aspect标签下所有的配置对象
    * @return
    * @throws Throwable
    */
    public Object validation(ProceedingJoinPoint join) throws Throwable{
    System.out.println("调用控制器的方法时,通知到了该方法");
    ArrayList list = new ArrayList<String>();
    list.add("user_save");
    list.add("user_update");
    list.add("user_delete");
    list.add("user_find");

    // HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
    // HttpSession s = r`equest.getSession();
    // ServletWebRequest servletWebRequest=new ServletWebRequest(request);
    // HttpServletResponse response=servletWebRequest.getResponse();
    //获取请求的控制器
    Class c = join.getTarget().getClass();
    //获取请求的方法
    String methodname = join.getSignature().getName();
    //将方法字符串转化成Method对象
    Method method = c.getMethod(methodname);
    //获取请求方法上的注解对象
    Permission p = method.getAnnotation(Permission.class);
    if(p!=null){
    //获取到的权限值与数据库中权限值匹配
    if(list.contains(p.privilege()))
    return join.proceed();//继续执行
    }
    return null;
    // if(s.getAttribute("userid")==null){
    // request.
    // response.sendRedirect("login.html");
    // return null;
    // }

    // return join.proceed();//继续执行
    }

    }

    <------------------------------------------------------------------------------------------------

    package com.hd.common.aop;

    import java.lang.annotation.*; 

    @Target(ElementType.METHOD)
    @Retention(RetentionPolicy.RUNTIME)
    public @interface Permission{

    /**权限值*/
    String privilege();
    }

    2)在SpringMVC中配置aop插入校验的方法

    <?xml version="1.0" encoding="UTF-8"?>
    <beans
    xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:p="http://www.springframework.org/schema/p"
    xmlns:aop="http://www.springframework.org/schema/aop"
    xmlns:context="http://www.springframework.org/schema/context"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
    http://www.springframework.org/schema/context
    http://www.springframework.org/schema/context/spring-context.xsd
    http://www.springframework.org/schema/aop
    http://www.springframework.org/schema/aop/spring-aop.xsd">

    <!-- 公共配置 扫描所有模块的控制器,给所有的控制器加入后缀.jsp -->

    <context:component-scan
    base-package="com.hd.controll"/>

    <bean id="dao" class="com.hd.dao.UserDao"/>

    <!-- 验证权限类 -->
    <bean id="handlervalidation" class="com.hd.common.aop.HandlerValidation"/>

    <aop:config>
    <!-- 将验证处理类捆绑到切入点mycut上,
    当mycut里面的方法运行之前,会先通知中的method属性对应的方法 -->
    <aop:aspect id="val" ref="handlervalidation">

    <!--execution需要验证的方法位置,!execution不需要验证的方法-->
    <aop:pointcut id="mycut" expression="execution(* com.hd.controll.*.*(..)) and !execution(* com.hd.controll.*.login*(..))" />
    <aop:before method="validation" pointcut-ref="mycut"/>
    </aop:aspect>
    </aop:config>

    </beans>
  • 相关阅读:
    MySQL数据库的登陆
    Mysql 数据库的介绍
    前台后台数据的传递
    header函数
    循环结构
    流程控制
    JS与PHP数组操作的不同
    HDU 3265/POJ 3832 Posters(扫描线+线段树)(2009 Asia Ningbo Regional)
    HDU 3264/POJ 3831 Open-air shopping malls(计算几何+二分)(2009 Asia Ningbo Regional)
    HDU 3262/POJ 3829 Seat taking up is tough(模拟+搜索)(2009 Asia Ningbo Regional)
  • 原文地址:https://www.cnblogs.com/joyous-day/p/6138731.html
Copyright © 2011-2022 走看看