spring mvc 权限拦截

spring配置文件中加上拦截配置：

<!--  配置mvc的拦截器 可以配置多个 -->
    <mvc:interceptors>
        <mvc:interceptor>
            <!--  需要被拦截的路径 -->
            <mvc:mapping path="/operator/**"/>
            <mvc:mapping path="/rights/**"/>
            <mvc:mapping path="/province/**"/>
            <mvc:mapping path="/city/**"/>
            <mvc:mapping path="/school/**"/>
            <mvc:mapping path="/schooluser/**"/>
            <mvc:mapping path="/service/**"/>
            <!-- 拦截处理的interceptor -->
            <bean class="com.jiapeng.xfw.server.filter.MemberInterceptor"></bean>

        </mvc:interceptor>
    </mvc:interceptors>

这样单独加的Path，可以避免js和静态文件被拦截

拦截器：

import java.io.PrintWriter;
import java.net.URLEncoder;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import com.google.gson.Gson;
import com.jiapeng.xfw.server.normalClass.EnumState;
import com.jiapeng.xfw.server.normalClass.JsonResultObject;
import com.jiapeng.xfw.server.service.OperatorService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;

/**
 * Created by ly on 2016/10/13.
 */
public class MemberInterceptor implements HandlerInterceptor

    @Autowired
    OperatorService operatorService;

    @Override
    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o) throws Exception {
        String requestUri = httpServletRequest.getRequestURI();
        String contextPath = httpServletRequest.getContextPath();
        String url = requestUri.substring(contextPath.length());
        httpServletResponse.setContentType("application/json");

        if (url.equals("/operator/logon")) {
            return true;
        } else {
            String userId = httpServletRequest.getHeader("cookie");

            int result = operatorService.chkRights(Integer.parseInt(userId),url);
            if(result==0){
                return true;
            }
            else if(result ==1 ){
                PrintWriter pw = httpServletResponse.getWriter();
                pw.print(new Gson().toJson(new JsonResultObject(EnumState.Fail,"权限路径不存在")));
                pw.flush();
                pw.close();
                return false;
            }else{
                PrintWriter pw = httpServletResponse.getWriter();
                pw.print(new Gson().toJson(new JsonResultObject(EnumState.Fail,"没有操作权限")));
                pw.flush();
                pw.close();
                return false;
            }
        }
    }

    @Override
    public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception {

    }

    @Override
    public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws

httpServletResponse.setContentType(“application/json”); 这个类型得是“application/json”，否则前台js无法正确识别。

主要的思路是取cookie中的Userid,权限表中的权限路径保存的就是action的路径，这样就可以比对了。