public class LoginInterceptor implements HandlerInterceptor {
/**
* 进行action方法之前执行,在此方法实现身份认证拦截
*/
@Override
public boolean preHandle(HttpServletRequest request,
HttpServletResponse response, Object handler) throws Exception {
//获取session
HttpSession session = request.getSession();
//用户身份信息
ActiveUser activeUser = (ActiveUser)session.getAttribute(Config.ACTIVEUSER_KEY);
if(activeUser!=null){//表示用户已登录
return true;//放行继续访问
}
//获取用户请求的url
String url = request.getRequestURI();
//例如:/project/first.action
//判断url是否属于公开地址,如果是公开地址放行
//获取公开地址
List<String> openurl_list = ResourcesUtil.gekeyList(Config.ANONYMOUS_ACTIONS);
//校验请求的url是否在公开地址内
for(String open_url:openurl_list){
if(url.indexOf(open_url)>=0){
return true;
}
}
//挑战到登录页面
request.getRequestDispatcher("/WEB-INF/jsp/base/login.jsp").forward(request, response);
return false;
}
/**
* 执行action方法返回视图之前执行
*/
@Override
public void postHandle(HttpServletRequest request,
HttpServletResponse response, Object handler,
ModelAndView modelAndView) throws Exception {
// 根据个性化需求对view进行重新编辑,从而返回浏览器
}
/**
* 执行action方法完成执行此方法
*/
@Override
public void afterCompletion(HttpServletRequest request,
HttpServletResponse response, Object handler, Exception ex)
throws Exception {
// 在这个方法记录操作日志
}
}
public class PermissionInterceptor implements HandlerInterceptor {
/**
* 权限拦截方法
*/
@Override
public boolean preHandle(HttpServletRequest request,
HttpServletResponse response, Object handler) throws Exception {
//校验用户请求的地址是否是公开地址
//获取用户请求的url
String url = request.getRequestURI();
//例如:/project/first.action
//判断url是否属于公开地址,如果是公开地址放行
//获取公开地址
List<String> openurl_list = ResourcesUtil.gekeyList(Config.ANONYMOUS_ACTIONS);
//校验请求的url是否在公开地址内
for(String open_url:openurl_list){
if(url.indexOf(open_url)>=0){
return true;//如果是公开地址则放行
}
}
//校验是否是公共权限
//获取公共权限 地址
List<String> commonurl_list = ResourcesUtil.gekeyList(Config.COMMON_ACTIONS);
//校验请求的url是否在公共权限地址内
for(String common_url:commonurl_list){
if(url.indexOf(common_url)>=0){
return true;//如果是公共权限 地址则放行
}
}
//是否是用户的操作权限
//从session中拿到用户的操作权限
//获取session
HttpSession session = request.getSession();
//用户身份信息
ActiveUser activeUser = (ActiveUser)session.getAttribute(Config.ACTIVEUSER_KEY);
List<Operation> operations = activeUser.getOperationList();
//校验请求的url是否在用户操作权限地址内
for(Operation operation_index:operations){
String operation = operation_index.getActionUrl();
if(url.indexOf(operation)>=0){
return true;//如果是用户的操作权限 地址则放行
}
}
//提示用户无此操作权限
//跳转到无此操作权限操作页面
request.getRequestDispatcher("/WEB-INF/jsp/base/refuse.jsp").forward(request, response);
return false;
}
@Override
public void postHandle(HttpServletRequest request,
HttpServletResponse response, Object handler,
ModelAndView modelAndView) throws Exception {
// TODO Auto-generated method stub
}
@Override
public void afterCompletion(HttpServletRequest request,
HttpServletResponse response, Object handler, Exception ex)
throws Exception {
// TODO Auto-generated method stub
}
}
浙公网安备 33010602011771号