• spring拦截器


    本文采用拦截器来实现权限拦截。在用户访问相关url时,会检查用户是否已经登录并具有相应访问权限。

    一:xml配置文件中拦截器配置

    <!-- 拦截器 -->
        <mvc:interceptors>
            <mvc:interceptor>
                <mvc:mapping path="/**" />
                <bean class="org.jeecgframework.core.interceptors.EncodingInterceptor" />
            </mvc:interceptor>
            <mvc:interceptor>
                <mvc:mapping path="/**" />
                <bean class="org.jeecgframework.core.interceptors.AuthInterceptor">
                    <property name="excludeUrls">
                        <list>
                            <value>loginController.do?goPwdInit</value>
                            <value>loginController.do?pwdInit</value>
                            <value>loginController.do?login</value>
                        </list>
                    </property>
                    <!-- 模糊匹配 -->
                    <property name="excludeContainUrls">
                        <list>
                            <value>rest/openwx</value>
                            <value>openDataController</value>
                        </list>
                    </property>
                </bean>
            </mvc:interceptor>
        </mvc:interceptors>

    二:拦截器实现

    org.jeecgframework.core.interceptors.AuthInterceptor 实现代码
    public class AuthInterceptor implements HandlerInterceptor {
         
        private static final Logger logger = Logger.getLogger(AuthInterceptor.class);
        private SystemService systemService;
        private List<String> excludeUrls;
        /**
         * 包含匹配(请求链接包含该配置链接,就进行过滤处理)
         */
        private List<String> excludeContainUrls;
        
        public List<String> getExcludeContainUrls() {
            return excludeContainUrls;
        }
    
        public void setExcludeContainUrls(List<String> excludeContainUrls) {
            this.excludeContainUrls = excludeContainUrls;
        }
    
        private static List<TSFunction> functionList;
    
        public List<String> getExcludeUrls() {
            return excludeUrls;
        }
    
        public void setExcludeUrls(List<String> excludeUrls) {
            this.excludeUrls = excludeUrls;
        }
    
        public SystemService getSystemService() {
            return systemService;
        }
    
        @Autowired
        public void setSystemService(SystemService systemService) {
            this.systemService = systemService;
        }
    
        /**
         * 在controller后拦截
         */
        public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object object, Exception exception) throws Exception {
        }
    
        public void postHandle(HttpServletRequest request, HttpServletResponse response, Object object, ModelAndView modelAndView) throws Exception {
    
        }
    
        /**
         * 在controller前拦截
         */
        public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object object) throws Exception {
            String requestPath = ResourceUtil.getRequestPath(request);// 用户访问的资源地址
            
            HttpSession session = ContextHolderUtils.getSession();
            Client client = ClientManager.getInstance().getClient(session.getId());
            if(client == null){ 
                client = ClientManager.getInstance().getClient(
                        request.getParameter("sessionId"));
            }
            if (excludeUrls.contains(requestPath)) {
                return true;
            }else if(moHuContain(excludeContainUrls, requestPath)){
                return true;
            } else {
                if(client == null){
                    forward(request,response);
                    return false;
                }
                if (client != null && client.getUser()!=null ) {
                    if(!hasMenuAuth(request)){
                         response.sendRedirect("loginController.do?noAuth");
                        //request.getRequestDispatcher("webpage/common/noAuth.jsp").forward(request, response);
                        return false;
                    } 
                    String functionId=oConvertUtils.getString(request.getParameter("clickFunctionId"));
                    if(!oConvertUtils.isEmpty(functionId)){
                        //do somethings
                    }
                    if(!oConvertUtils.isEmpty(functionId)){
                       //do somethings
                    }
                    return true;
                } else {
                    return false;
                }
            }
        }
        private boolean hasMenuAuth(HttpServletRequest request){
            //do somethings
        return true or false; } /** * 转发 * * @param user * @param req * @return */ @RequestMapping(params = "forword") public ModelAndView forword(HttpServletRequest request) { return new ModelAndView(new RedirectView("loginController.do?login")); } private void forward(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { request.getRequestDispatcher("webpage/login/timeout.jsp").forward(request, response); } /** * 模糊匹配字符串 * @param list * @param key * @return */ private boolean moHuContain(List
    <String> list,String key){ for(String str : list){ if(key.contains(str)){ return true; } } return false; } }
    微信公众号:破局人

    
    
    
  • 相关阅读:
    pip:No module named setuptools_rust
    pip:ffi.h: No such file or directory"
    docker一键搭建postgresql脚本(全网精华版原创)
    前端父子页面传递消息
    ubuntu内核系统安装node和npm打包前端代码
    强制刷新dom问题
    关于html中属性设置在代码中取消问题
    mybatis-mapper.xml中调用方法
    mysql内置属性及方法
    swagger入门
  • 原文地址:https://www.cnblogs.com/fdzfd/p/5715699.html
Copyright © 2020-2023  润新知