本文采用拦截器来实现权限拦截。在用户访问相关url时,会检查用户是否已经登录并具有相应访问权限。
一:xml配置文件中拦截器配置
<!-- 拦截器 -->
<mvc:interceptors>
<mvc:interceptor>
<mvc:mapping path="/**" />
<bean class="org.jeecgframework.core.interceptors.EncodingInterceptor" />
</mvc:interceptor>
<mvc:interceptor>
<mvc:mapping path="/**" />
<bean class="org.jeecgframework.core.interceptors.AuthInterceptor">
<property name="excludeUrls">
<list>
<value>loginController.do?goPwdInit</value>
<value>loginController.do?pwdInit</value>
<value>loginController.do?login</value>
</list>
</property>
<!-- 模糊匹配 -->
<property name="excludeContainUrls">
<list>
<value>rest/openwx</value>
<value>openDataController</value>
</list>
</property>
</bean>
</mvc:interceptor>
</mvc:interceptors>
二:拦截器实现
org.jeecgframework.core.interceptors.AuthInterceptor 实现代码
public class AuthInterceptor implements HandlerInterceptor {
private static final Logger logger = Logger.getLogger(AuthInterceptor.class);
private SystemService systemService;
private List<String> excludeUrls;
/**
* 包含匹配(请求链接包含该配置链接,就进行过滤处理)
*/
private List<String> excludeContainUrls;
public List<String> getExcludeContainUrls() {
return excludeContainUrls;
}
public void setExcludeContainUrls(List<String> excludeContainUrls) {
this.excludeContainUrls = excludeContainUrls;
}
private static List<TSFunction> functionList;
public List<String> getExcludeUrls() {
return excludeUrls;
}
public void setExcludeUrls(List<String> excludeUrls) {
this.excludeUrls = excludeUrls;
}
public SystemService getSystemService() {
return systemService;
}
@Autowired
public void setSystemService(SystemService systemService) {
this.systemService = systemService;
}
/**
* 在controller后拦截
*/
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object object, Exception exception) throws Exception {
}
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object object, ModelAndView modelAndView) throws Exception {
}
/**
* 在controller前拦截
*/
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object object) throws Exception {
String requestPath = ResourceUtil.getRequestPath(request);// 用户访问的资源地址
HttpSession session = ContextHolderUtils.getSession();
Client client = ClientManager.getInstance().getClient(session.getId());
if(client == null){
client = ClientManager.getInstance().getClient(
request.getParameter("sessionId"));
}
if (excludeUrls.contains(requestPath)) {
return true;
}else if(*Contain(excludeContainUrls, requestPath)){
return true;
} else {
if(client == null){
forward(request,response);
return false;
}
if (client != null && client.getUser()!=null ) {
if(!hasMenuAuth(request)){
response.sendRedirect("loginController.do?noAuth");
//request.getRequestDispatcher("webpage/common/noAuth.jsp").forward(request, response);
return false;
}
String functionId=oConvertUtils.getString(request.getParameter("clickFunctionId"));
if(!oConvertUtils.isEmpty(functionId)){
//do somethings
}
if(!oConvertUtils.isEmpty(functionId)){
//do somethings
}
return true;
} else {
return false;
}
}
}
private boolean hasMenuAuth(HttpServletRequest request){
//do somethings
return true or false;
}
/**
* 转发
*
* @param user
* @param req
* @return
*/
@RequestMapping(params = "forword")
public ModelAndView forword(HttpServletRequest request) {
return new ModelAndView(new RedirectView("loginController.do?login"));
}
private void forward(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
request.getRequestDispatcher("webpage/login/timeout.jsp").forward(request, response);
}
/**
* 模糊匹配字符串
* @param list
* @param key
* @return
*/
private boolean *Contain(List<String> list,String key){
for(String str : list){
if(key.contains(str)){
return true;
}
}
return false;
}
}
微信公众号:破局人
