spring mvc 权限拦截

spring配置文件中加上拦截配置：

 <!--  配置mvc的拦截器 可以配置多个 -->    <mvc:interceptors>        <mvc:interceptor>            <!--  需要被拦截的路径 -->            <mvc:mapping path="/operator/**"/>            <mvc:mapping path="/rights/**"/>            <mvc:mapping path="/province/**"/>            <mvc:mapping path="/city/**"/>            <mvc:mapping path="/school/**"/>            <mvc:mapping path="/schooluser/**"/>            <mvc:mapping path="/service/**"/>            <!-- 拦截处理的interceptor -->            <bean class="com.jiapeng.xfw.server.filter.MemberInterceptor"></bean>        </mvc:interceptor>    </mvc:interceptors>

这样单独加的Path，可以避免js和静态文件被拦截

拦截器：

import java.io.PrintWriter;import java.net.URLEncoder;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import javax.servlet.http.HttpSession;import com.google.gson.Gson;import com.jiapeng.xfw.server.normalClass.EnumState;import com.jiapeng.xfw.server.normalClass.JsonResultObject;import com.jiapeng.xfw.server.service.OperatorService;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.web.servlet.HandlerInterceptor;import org.springframework.web.servlet.ModelAndView;/** * Created by ly on 2016/10/13. */public class MemberInterceptor implements HandlerInterceptor {    @Autowired    OperatorService operatorService;    @Override    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o) throws Exception {        String requestUri = httpServletRequest.getRequestURI();        String contextPath = httpServletRequest.getContextPath();        String url = requestUri.substring(contextPath.length());        httpServletResponse.setContentType("application/json");        if (url.equals("/operator/logon")) {            return true;        } else {            String userId = httpServletRequest.getHeader("cookie");            int result = operatorService.chkRights(Integer.parseInt(userId),url);            if(result==0){                return true;            }            else if(result ==1 ){                PrintWriter pw = httpServletResponse.getWriter();                pw.print(new Gson().toJson(new JsonResultObject(EnumState.Fail,"权限路径不存在")));                pw.flush();                pw.close();                return false;            }else{                PrintWriter pw = httpServletResponse.getWriter();                pw.print(new Gson().toJson(new JsonResultObject(EnumState.Fail,"没有操作权限")));                pw.flush();                pw.close();                return false;            }        }    }    @Override    public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception {    }    @Override    public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception {    }}

httpServletResponse.setContentType(“application/json”); 这个类型得是“application/json”，否则前台js无法正确识别。

主要的思路是取cookie中的Userid,权限表中的权限路径保存的就是action的路径，这样就可以比对了。