权限拦截器

public class AuthorityInterceptor extends HandlerInterceptorAdapter{

    /**
     * 权限服务
     */
    private AuthorityService authorityService;
    
    /** 
     * @Title: preHandle 
     * @Description: 拦截用户的操作,检验其是否具有相应的权限
     * @param request
     * @param response
     * @param handler
     * @return
     * @throws Exception 
     * @see org.springframework.web.servlet.handler.HandlerInterceptorAdapter#preHandle(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.Object) 
     */
    @Override
    public boolean preHandle(HttpServletRequest request,
            HttpServletResponse response, Object handler) throws Exception {
        response.setContentType("text/html");
        
        //1. 获取当前用户
        Administer administer = (Administer)request.getSession().getAttribute("user");;
        if(administer == null){ //没有登录用户,返回登录页面
            String callbackURL = request.getContextPath() + "/manage/login.html";
            response.getWriter().println("<script type=\"text/javascript\"> top.location= '"+ callbackURL + "';</script>");
            return false;
        }
        
        //2. 获取当前用户是否有访问相应URL的权限
        if(!hasAuthority(administer, request.getServletPath()))
        {
            request.setAttribute("returnMsg", "没有相应的权限!");
            request.getRequestDispatcher("/WEB-INF/error.jsp").forward(request, response);
            return false;
        }
        
        return true;
    }    
    
    /**
     * 
    * @Title:hasAuthority 
    * @Description: 判断一个用户是否有访问某个路径的权限
    * @param administer
    * @param szRequestPath
    * @return
    * @throws
     */
    private boolean hasAuthority(Administer administer, String szRequestPath) {
        if(administer==null){
            return false;
        }
        
        //1. 获取当前用户的权限
        Set<String> authStrings  = authorityService.queryAuthUrlsByUserName(administer.getUserName());
        for (String szString : authStrings) {
            String[] authURLs = szString.split(",");
            for (String authURL : authURLs) {
                if(szRequestPath.startsWith(authURL.trim())){
                    return true;
                }
            }
        }
        
        return false;
    }

    /**
     * @Title:	setAuthorityService
     * @return: void
     */
    public void setAuthorityService(AuthorityService authorityService) {
        this.authorityService = authorityService;
    }
}


   <!-- 通过用户名获取用户权限,不唯一 -->
  <select id="queryUserAuthsByUserName" parameterType="java.lang.String" resultMap="BaseResultMap">
  	SELECT 
  		T1.name, T1.code, T1.AUTHORITY_URL 
  	FROM unionflow_authority T1, unionflow_role_authority T2, unionflow_admin_role T3, unionflow_administer T4
  	WHERE 1=1
  		AND T1.authority_id = T2.authority_id
	  	AND T2.role_id = T3.role_id
	  	AND T3.admin_id = T4.ID
	  	AND T1.delete_flag=0
	  	AND T4.delete_flag=0
	  	AND T4.user_name = #{userName,jdbcType=VARCHAR}
	  	GROUP BY T1.authority_id
  </select>


评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值