本文采用拦截器来实现权限拦截。在用户访问相关url时,会检查用户是否已经登录并具有相应访问权限。
一:xml配置文件中拦截器配置
<!-- 拦截器 --> <mvc:interceptors> <mvc:interceptor> <mvc:mapping path="/**" /> <bean class="org.jeecgframework.core.interceptors.EncodingInterceptor" /> </mvc:interceptor> <mvc:interceptor> <mvc:mapping path="/**" /> <bean class="org.jeecgframework.core.interceptors.AuthInterceptor"> <property name="excludeUrls"> <list> <value>loginController.do?goPwdInit</value> <value>loginController.do?pwdInit</value> <value>loginController.do?login</value> </list> </property> <!-- 模糊匹配 --> <property name="excludeContainUrls"> <list> <value>rest/openwx</value> <value>openDataController</value> </list> </property> </bean> </mvc:interceptor> </mvc:interceptors>
二:拦截器实现
org.jeecgframework.core.interceptors.AuthInterceptor 实现代码
public class AuthInterceptor implements HandlerInterceptor { private static final Logger logger = Logger.getLogger(AuthInterceptor.class); private SystemService systemService; private List<String> excludeUrls; /** * 包含匹配(请求链接包含该配置链接,就进行过滤处理) */ private List<String> excludeContainUrls; public List<String> getExcludeContainUrls() { return excludeContainUrls; } public void setExcludeContainUrls(List<String> excludeContainUrls) { this.excludeContainUrls = excludeContainUrls; } private static List<TSFunction> functionList; public List<String> getExcludeUrls() { return excludeUrls; } public void setExcludeUrls(List<String> excludeUrls) { this.excludeUrls = excludeUrls; } public SystemService getSystemService() { return systemService; } @Autowired public void setSystemService(SystemService systemService) { this.systemService = systemService; } /** * 在controller后拦截 */ public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object object, Exception exception) throws Exception { } public void postHandle(HttpServletRequest request, HttpServletResponse response, Object object, ModelAndView modelAndView) throws Exception { } /** * 在controller前拦截 */ public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object object) throws Exception { String requestPath = ResourceUtil.getRequestPath(request);// 用户访问的资源地址 HttpSession session = ContextHolderUtils.getSession(); Client client = ClientManager.getInstance().getClient(session.getId()); if(client == null){ client = ClientManager.getInstance().getClient( request.getParameter("sessionId")); } if (excludeUrls.contains(requestPath)) { return true; }else if(moHuContain(excludeContainUrls, requestPath)){ return true; } else { if(client == null){ forward(request,response); return false; } if (client != null && client.getUser()!=null ) { if(!hasMenuAuth(request)){ response.sendRedirect("loginController.do?noAuth"); //request.getRequestDispatcher("webpage/common/noAuth.jsp").forward(request, response); return false; } String functionId=oConvertUtils.getString(request.getParameter("clickFunctionId")); if(!oConvertUtils.isEmpty(functionId)){ //do somethings } if(!oConvertUtils.isEmpty(functionId)){ //do somethings } return true; } else { return false; } } } private boolean hasMenuAuth(HttpServletRequest request){ //do somethings
return true or false; } /** * 转发 * * @param user * @param req * @return */ @RequestMapping(params = "forword") public ModelAndView forword(HttpServletRequest request) { return new ModelAndView(new RedirectView("loginController.do?login")); } private void forward(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { request.getRequestDispatcher("webpage/login/timeout.jsp").forward(request, response); } /** * 模糊匹配字符串 * @param list * @param key * @return */ private boolean moHuContain(List<String> list,String key){ for(String str : list){ if(key.contains(str)){ return true; } } return false; } }
微信公众号:破局人