权限拦截器 用户信息验证

1.权限拦截器是基于角色做的权限

2.用户信息拦截是检测用户登录的时效性

package com.qiu.framework.web.interceptor;import java.util.List;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import org.slf4j.Logger;import org.slf4j.LoggerFactory;import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;import com.qiu.framework.common.log.LOG_TYPE;import com.qiu.framework.common.util.urong.constant.LoginUserHolder;import com.qiu.urongw.bean.local.supervisors.User;/** *  * 权限拦截器. <br> * 权限拦截器，用户信息验证 */public class AuthorityInterceptor extends HandlerInterceptorAdapter{ private Logger logger =LoggerFactory.getLogger(LOG_TYPE.COMMON.val); private List<String> mappingURL;@Overridepublic boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception {String url = request.getContextPath()+request.getServletPath();System.out.println("请求地址："+url); //查看Session中是否有用户对象if(!url.equals("/urongw/backstage/login")){//获取当前登录用户信息 User user = LoginUserHolder.getLoginUser(); if(user==null){ logger.warn("登录拦截器拦截地址：{} 不通过",url);//session 中用户对象为空返回登录页面response.sendRedirect(request.getContextPath()+"/backstage/login"); return true; }}//权限过滤，验证请求url和权限url是否匹配 if (this.mappingURL.contains(url)) { //匹配继续处理请求 return true;            }else{        //不匹配返回无操作权限页面        //response.sendRedirect(request.getContextPath()+"/backstage/login");         return true;         } }}

配置文件：

<!-- 拦截器 --><mvc:interceptors><mvc:interceptor><mvc:mapping path="/**" /><bean class="com.qiu.framework.web.interceptor.EnterInterceptor" /></mvc:interceptor><!-- 权限拦截器 --><mvc:interceptor><mvc:mapping path="/backstage/**" /><bean class="com.qiu.framework.web.interceptor.AuthorityInterceptor" /></mvc:interceptor></mvc:interceptors>