场景:spring mvc框架权限拦截.
设计: 继承org.springframework.web.servlet.handler.HandlerInterceptorAdapter,重写preHandle方法.
实现:
xxx-servlet.xml加入:
<mvc:interceptors>
<mvc:interceptor>
<mvc:mapping path="/**"/>
<bean class="com.xxx.AuthInterceptor"/>
</mvc:interceptor>
</mvc:interceptors>
package com.xxx;
import java.io.PrintWriter;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.http.HttpStatus;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import com.xxx.domain.Authority;
public class AuthInterceptor extends HandlerInterceptorAdapter {
@Override
public boolean preHandle(HttpServletRequest request,
HttpServletResponse response, Object handler) throws Exception {
// 编码也可考虑在这设,但还是先使用web.xml配置的filter
boolean flag = true;
if (handler instanceof HandlerMethod) {
Auth auth = ((HandlerMethod) handler).getMethod().getAnnotation(Auth.class);
if (auth != null) {// 有权限控制的就要检查
if (request.getSession().getAttribute(Constants.SESSION_USERID) == null) {// 没登录就要求登录
response.setStatus(HttpStatus.FORBIDDEN.value());
PrintWriter out=response.getWriter();
out.write("{\"type\":\"nosignin\",\"msg\":\"请您先登录!\"}");
out.flush();
out.close();
flag = false;
} else {// 登录了检查,方法上只是@Auth,表示只要求登录就能通过.@Auth("authority")这类型,验证用户权限
if (!"".equals(auth.value())) {
@SuppressWarnings("unchecked")
Set<Authority> auths = (Set<Authority>) request.getSession().getAttribute(Constants.SESSION_AUTHS);
if (!auths.contains(auth.value())) {// 提示用户没权限
response.setStatus(HttpStatus.FORBIDDEN.value());
PrintWriter out=response.getWriter();
out.write("{\"type\":\"noauth\",\"msg\":\"您没有"+auth.name()+"权限!\"}");
out.flush();
out.close();
flag = false;
}
}
}
}
}
return flag;
}
}
不要将response.getWriter()写出if之外哦,因为写出之外,会先造成此处和controller都使用response去取writer,出问题哦.
更多推荐
spring mvc前置拦截器
发布评论