springmvc 权限 测试版
参考博文
https://blog.csdn.net/u011277123/article/details/68940939
1.Listener加载权限信息
2.interceptor验证权限
测试代码
springmvc-servlet.xml
<mvc:interceptor>
<mvc:mapping path="/**"/>
<mvc:exclude-mapping path="/login/**"/>
<mvc:exclude-mapping path="/**/*.css"/>
<mvc:exclude-mapping path="/**/*.js"/>
<mvc:exclude-mapping path="/**/*.js"/>
<mvc:exclude-mapping path="/**/*.png"/>
<mvc:exclude-mapping path="/**/*.gif"/>
<mvc:exclude-mapping path="/**/*.jpg"/>
<mvc:exclude-mapping path="/**/*.jpeg"/>
<bean class="*****.UserControllerInterceptor"></bean>
</mvc:interceptor>
web.xml
<listener-class> ****.DictionaryCacheListener </listener-class>
UserControllerInterceptor.java
public class UserControllerInterceptor extends HandlerInterceptorAdapter {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
HttpSession session = request.getSession();
String contextPath = request.getContextPath();
User user = (User)session.getAttribute("user");
if (user == null) {
response.sendRedirect(contextPath+"/login/index");
return false;
}
if ("post".equals(request.getMethod().toLowerCase())) {
System.out.println("preHandle----------------post");
}
List<Integer> permissions = user.getPermissions();
String url = request.getRequestURI();
int pos = url.indexOf("?");
String matchUrl = url;
if (pos != -1) {
matchUrl = matchUrl.substring(0, pos);
}
Map<String,Set<Integer>> urlMap= (Map<String,Set<Integer>>)request.getServletContext().getAttribute("urlsMap");
Set<Integer> permissionSet = urlMap.get(matchUrl);
if (permissionSet == null || permissionSet.size() < 1) {
// 无需权限,直接通过
return true;
} else {
for(Integer per : permissions) {
if (permissionSet.contains(per)) {
// 匹配成功
return true;
}
}
// 提示权限不足
// 非ajax提交
if (request.getHeader("x-requested-with") == null) {
response.sendRedirect(contextPath+"/login/unauthorized");
// ajax提交
} else {
response.getWriter().write("{\"msg\":\"noPadding\"}");
}
return false;
}
}
}
DictionaryCacheListener.java
package com.ryuantech.mp.controll;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import javax.servlet.ServletContext;
import javax.servlet.ServletContextEvent;
import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;
public class DictionaryCacheListener implements javax.servlet.ServletContextListener {
@Override
public void contextDestroyed(ServletContextEvent arg0) {
}
@Override
public void contextInitialized(ServletContextEvent arg0) {
System.out.println("++++++++++++++++++ contextInitialized 开始 +++++++++++++++++++++");
WebApplicationContext webApplicationContext = WebApplicationContextUtils.getWebApplicationContext(arg0.getServletContext());
// DictionaryService dc = (DictionaryService) webApplicationContext.getBean("dictionaryService");
// dc.getCacheDic(); // 调用数据字典Manager的一个方法来缓存
ServletContext servletContext= webApplicationContext.getServletContext();
Map<String,Set<Integer>> urlMap= new HashMap<String,Set<Integer>>();
Set<Integer> set12 = new HashSet<Integer>();
set12.add(1);
set12.add(2);
Set<Integer> set1 = new HashSet<Integer>();
set1.add(1);
String contextPath = servletContext.getContextPath();
urlMap.put(contextPath+"/blacklist/toSelectBlacklist", set12);
urlMap.put(contextPath+"/blacklist/selectBlacklist", set12);
urlMap.put(contextPath+"/blacklist/delete", set1);
urlMap.put(contextPath+"/blacklist/insert", set1);
servletContext.setAttribute("urlsMap", urlMap);
System.out.println("++++++++++++++++++ 数据字典已缓存 +++++++++++++++++++++");
System.out.println("++++++++++++++++++ contextInitialized 结束 +++++++++++++++++++++");
}
}
浙公网安备 33010602011771号