spring mvc 权限拦截
来源:互联网 发布:恩尼格玛密码机 知乎 编辑:程序博客网 时间:2024/06/07 21:45
spring配置文件中加上拦截配置:
<!-- 配置mvc的拦截器 可以配置多个 --> <mvc:interceptors> <mvc:interceptor> <!-- 需要被拦截的路径 --> <mvc:mapping path="/operator/**"/> <mvc:mapping path="/rights/**"/> <mvc:mapping path="/province/**"/> <mvc:mapping path="/city/**"/> <mvc:mapping path="/school/**"/> <mvc:mapping path="/schooluser/**"/> <mvc:mapping path="/service/**"/> <!-- 拦截处理的interceptor --> <bean class="com.jiapeng.xfw.server.filter.MemberInterceptor"></bean> </mvc:interceptor> </mvc:interceptors>
这样单独加的Path,可以避免js和静态文件被拦截
拦截器:
import java.io.PrintWriter;import java.net.URLEncoder;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import javax.servlet.http.HttpSession;import com.google.gson.Gson;import com.jiapeng.xfw.server.normalClass.EnumState;import com.jiapeng.xfw.server.normalClass.JsonResultObject;import com.jiapeng.xfw.server.service.OperatorService;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.web.servlet.HandlerInterceptor;import org.springframework.web.servlet.ModelAndView;/** * Created by ly on 2016/10/13. */public class MemberInterceptor implements HandlerInterceptor { @Autowired OperatorService operatorService; @Override public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o) throws Exception { String requestUri = httpServletRequest.getRequestURI(); String contextPath = httpServletRequest.getContextPath(); String url = requestUri.substring(contextPath.length()); httpServletResponse.setContentType("application/json"); if (url.equals("/operator/logon")) { return true; } else { String userId = httpServletRequest.getHeader("cookie"); int result = operatorService.chkRights(Integer.parseInt(userId),url); if(result==0){ return true; } else if(result ==1 ){ PrintWriter pw = httpServletResponse.getWriter(); pw.print(new Gson().toJson(new JsonResultObject(EnumState.Fail,"权限路径不存在"))); pw.flush(); pw.close(); return false; }else{ PrintWriter pw = httpServletResponse.getWriter(); pw.print(new Gson().toJson(new JsonResultObject(EnumState.Fail,"没有操作权限"))); pw.flush(); pw.close(); return false; } } } @Override public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception { } @Override public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception { }}
httpServletResponse.setContentType(“application/json”); 这个类型得是“application/json”,否则前台js无法正确识别。
主要的思路是取cookie中的Userid,权限表中的权限路径保存的就是action的路径,这样就可以比对了。
0 0
- spring mvc 权限拦截
- spring mvc + spring security 的权限拦截示例
- Spring MVC拦截器实现session控制,权限控制
- Spring MVC使用拦截器实现权限控制
- 使用spring MVC和jdkAnnotation实现权限拦截
- Spring mvc的自定义注解权限拦截器(一)
- Spring MVC 拦截器
- Spring MVC 拦截器
- Spring MVC 拦截器
- spring MVC拦截器
- Spring MVC拦截器
- spring mvc 拦截器
- spring mvc 拦截器
- spring mvc 拦截器
- Spring mvc 拦截器
- spring mvc 拦截器
- spring mvc 拦截器
- spring mvc 拦截器
- 时间、日期控件
- activemq之主题、队列设置密码
- oracle 排序原理(自己理解不一定准确)
- 虚函数实现原理(转)
- Manifest merger failed : Attribute application@label value=(Dormitory) from AndroidManifest.xml:23:9
- spring mvc 权限拦截
- 给 Android 开发者的 RxJava 详解
- hihocoder1065 点分治 【 全图传送 】
- 如何打印Spark RDD中的内容
- 一个关于先验概率、似然函数与后验概率计算的小例子
- python爬虫文章
- 腾讯云分布式高可靠消息队列CMQ架构
- Android 实现自定义FlowLayout
- 布局文件不常用属性