• spring MVC 权限控制拦截

    SecurityInterceptor实现spring mvc 框架的结构在访问控制@Controller之前的权限拦截,具体实现方法,增加总权限控制器

    public class SecurityInterceptor extends HandlerInterceptorAdapter{

    private static final Logger logger = Logger.getLogger(SecurityInterceptor.class);

    @Resource
    private SessionInfoService sessionInfoService;
    
    private List<String> excludeUrls;// 不需要拦截的资源

    public List<String> getExcludeUrls() {
        return excludeUrls;
    }

    public void setExcludeUrls(List<String> excludeUrls) {
        this.excludeUrls = excludeUrls;
    }

    /**
     * 完成页面的render后调用
     */
    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object object, Exception exception) throws Exception {

    }

    /**
     * 在调用controller具体方法后拦截
     */
    @Override
    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object object, ModelAndView modelAndView) throws Exception {

    }

    /**
     * 在调用controller具体方法前拦截
     */
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object object){
        String requestUri = request.getRequestURI();
        ResponseMap errMap = new ResponseMap();
        String contextPath = request.getContextPath();
        String url = requestUri.substring(contextPath.length());
        logger.debug("check url : " + url);
        String token = request.getParameter("token");
        logger.debug("check token : " + token);

        if (excludeUrls.contains(url)) {// 如果要访问的资源是不需要验证的
            return true;
        }
        try {
            if(token == null || token.trim().equals(""))
            {
                errMap.putError(MessageConstants.getMessage("user.notlogin"));
            }else{
                errMap = sessionInfoService.bePermission(token.trim(), url.trim());
            }
            if(!("0".equals(errMap.get("err"))))
            {
                response.setCharacterEncoding("utf-8");
                response.setContentType("application/json");
                response.getWriter().print(JSONObject.fromObject(errMap));  //返回错误提示信息
                response.getWriter().flush();
                return false;
            }
        } catch (IOException e) {
            logger.debug("preHandle error");
        }finally{
        }
        return true;
    }
}

    springMVC 中 对拦截以及不需要拦截的资源的配置

    <mvc:interceptors>
        <mvc:interceptor>
            <mvc:mapping path="/**" />
            <bean class="SecurityInterceptor">   //SecurityInterceptor的class路径
                <property name="excludeUrls">
                    <list>
                        <value>/test/test1</value>
                        <value>/test/test2</value>
                    </list>
                </property>
            </bean>
        </mvc:interceptor>
    </mvc:interceptors>
  • 相关阅读:
    objective-c内存管理中autorelease的作用
    objective-c在Xcode中@property相关参数的解释
    objective-c中的内存管理
    c#扩展方法-摘自msdn
    objective-c中的category
    c语言中结构体的定义、初始化及内存分配
    c语言中的结构体为值类型,当把一个结构体赋值给另一个结构体时,为值传递
    手动通过Lucene判断该pom文件中jar是否存在,子依赖没判断
    代码方式删除SVN
    Maven多层嵌套
  • 原文地址:https://www.cnblogs.com/cyanqx/p/3890642.html
Copyright © 2020-2023  润新知