0
点赞
收藏
分享

微信扫一扫

spring mvc 权限拦截


spring配置文件中加上拦截配置:

<!--  配置mvc的拦截器 可以配置多个 -->
<mvc:interceptors>
<mvc:interceptor>
<!-- 需要被拦截的路径 -->
<mvc:mapping path="/operator/**"/>
<mvc:mapping path="/rights/**"/>
<mvc:mapping path="/province/**"/>
<mvc:mapping path="/city/**"/>
<mvc:mapping path="/school/**"/>
<mvc:mapping path="/schooluser/**"/>
<mvc:mapping path="/service/**"/>
<!-- 拦截处理的interceptor -->
<bean class="com.jiapeng.xfw.server.filter.MemberInterceptor"></bean>

</mvc:interceptor>
</mvc:interceptors>

这样单独加的Path,可以避免js和静态文件被拦截

拦截器:

import java.io.PrintWriter;
import java.net.URLEncoder;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import com.google.gson.Gson;
import com.jiapeng.xfw.server.normalClass.EnumState;
import com.jiapeng.xfw.server.normalClass.JsonResultObject;
import com.jiapeng.xfw.server.service.OperatorService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;

/**
* Created by ly on 2016/10/13.
*/
public class MemberInterceptor implements HandlerInterceptor

@Autowired
OperatorService operatorService;

@Override
public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o) throws Exception {
String requestUri = httpServletRequest.getRequestURI();
String contextPath = httpServletRequest.getContextPath();
String url = requestUri.substring(contextPath.length());
httpServletResponse.setContentType("application/json");

if (url.equals("/operator/logon")) {
return true;
} else {
String userId = httpServletRequest.getHeader("cookie");

int result = operatorService.chkRights(Integer.parseInt(userId),url);
if(result==0){
return true;
}
else if(result ==1 ){
PrintWriter pw = httpServletResponse.getWriter();
pw.print(new Gson().toJson(new JsonResultObject(EnumState.Fail,"权限路径不存在")));
pw.flush();
pw.close();
return false;
}else{
PrintWriter pw = httpServletResponse.getWriter();
pw.print(new Gson().toJson(new JsonResultObject(EnumState.Fail,"没有操作权限")));
pw.flush();
pw.close();
return false;
}
}
}

@Override
public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception {

}

@Override
public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws

httpServletResponse.setContentType(“application/json”); 这个类型得是“application/json”,否则前台js无法正确识别。

主要的思路是取cookie中的Userid,权限表中的权限路径保存的就是action的路径,这样就可以比对了。


举报

相关推荐

0 条评论