用mybatis 拦截器实现数据权限

@Intercepts( { @Signature(type = Executor.class, method = "query", args = {MappedStatement.class, Object.class, RowBounds.class,ResultHandler.class }) })public class DataAuthorityInterceptor implements Interceptor{@Overridepublic Object intercept(Invocation invocation) throws Throwable {MappedStatement mappedStatement = (MappedStatement) invocation.getArgs()[0];Object parameter = invocation.getArgs()[1];BoundSql boundSql = mappedStatement.getBoundSql(parameter);String originalSql = boundSql.getSql().trim();Object parameterObject = boundSql.getParameterObject();String check_user=null;if(parameterObject instanceof HashMap){try{check_user=(String)((HashMap)parameterObject).get("check_user");}catch(Exception e){}}if(check_user!=null){//获取角色String getRoleSql="select a.grpcname from TBLGROUPINFO a,tblusergroup b where a.grpid=b.grpid and b.workid=?";Connection connection=mappedStatement.getConfiguration().getEnvironment().getDataSource().getConnection()  ;              PreparedStatement countStmt = connection.prepareStatement(getRoleSql);      countStmt.setString(1, check_user);    ResultSet rs = countStmt.executeQuery();    String role=null;    if (rs.next()) {       role=rs.getString(1);     }     rs.close();       countStmt.close();       connection.close();          if(role!=null){     if(role.equals("新沂管理员")||role.equals("系统管理员")){     //查看全部     }else if(role.equals("风险员")){     if(originalSql.toLowerCase().indexOf("checker_userid")!=-1){     String usersSql="select a.userid from tbldepartment_user a where a.departmentcode=(select b.departmentcode from tbldepartment_user b where b.userid='"+check_user+"')";     String riskSql="select a.* from ("+originalSql+")a  where a.checker_userid in ("+usersSql+")";          BoundSql newBoundSql = copyFromBoundSql(mappedStatement,boundSql, riskSql);     ParameterMap map=mappedStatement.getParameterMap();     //ParameterMapping mapping=new ParameterMapping.Builder(mappedStatement.getConfiguration(), check_user, String.class).build();     //map.getParameterMappings().add(mapping); MappedStatement newMs = copyFromMappedStatement(mappedStatement, new BoundSqlSqlSource(newBoundSql),map); invocation.getArgs()[0] = newMs;     }     }else if(role.equals("支行副行长")||role.equals("客户经理")){     if(originalSql.toLowerCase().indexOf("checker_userid")!=-1){     String selfSql="select a.* from ("+originalSql+")a  where a.checker_userid='"+check_user+"'";     BoundSql newBoundSql = copyFromBoundSql(mappedStatement,boundSql, selfSql);     ParameterMap map=mappedStatement.getParameterMap(); MappedStatement newMs = copyFromMappedStatement(mappedStatement, new BoundSqlSqlSource(newBoundSql),map); invocation.getArgs()[0] = newMs;     }     }else{     throw new RuntimeException("角色错误");     }     }}Object obj = invocation.proceed();return obj;}public class BoundSqlSqlSource implements SqlSource {BoundSql boundSql;public BoundSqlSqlSource(BoundSql boundSql) {this.boundSql = boundSql;}public BoundSql getBoundSql(Object parameterObject) {return boundSql;}}/** * 复制MappedStatement对象 */private MappedStatement copyFromMappedStatement(MappedStatement ms,SqlSource newSqlSource,ParameterMap parameterMap) {Builder builder = new Builder(ms.getConfiguration(), ms.getId(),newSqlSource, ms.getSqlCommandType());builder.resource(ms.getResource());builder.fetchSize(ms.getFetchSize());builder.statementType(ms.getStatementType());builder.keyGenerator(ms.getKeyGenerator());// builder.keyProperty(ms.getKeyProperty());builder.timeout(ms.getTimeout());builder.parameterMap(parameterMap);builder.resultMaps(ms.getResultMaps());builder.resultSetType(ms.getResultSetType());builder.cache(ms.getCache());builder.flushCacheRequired(ms.isFlushCacheRequired());builder.useCache(ms.isUseCache());return builder.build();}/** * 复制BoundSql对象 */private BoundSql copyFromBoundSql(MappedStatement ms, BoundSql boundSql,String sql) {BoundSql newBoundSql = new BoundSql(ms.getConfiguration(), sql,boundSql.getParameterMappings(), boundSql.getParameterObject());for (ParameterMapping mapping : boundSql.getParameterMappings()) {String prop = mapping.getProperty();if (boundSql.hasAdditionalParameter(prop)) {newBoundSql.setAdditionalParameter(prop, boundSql.getAdditionalParameter(prop));}}return newBoundSql;}@Overridepublic Object plugin(Object arg0) {return Plugin.wrap(arg0, this);}@Overridepublic void setProperties(Properties arg0) {}}

上面是拦截器代码，思路很简单，就是根据业务特性，按不同的角色拼装sql语句。