public class AuthorityInterceptor extends HandlerInterceptorAdapter{
/**
* 权限服务
*/
private AuthorityService authorityService;
/**
* @Title: preHandle
* @Description: 拦截用户的操作,检验其是否具有相应的权限
* @param request
* @param response
* @param handler
* @return
* @throws Exception
* @see org.springframework.web.servlet.handler.HandlerInterceptorAdapter#preHandle(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.Object)
*/
@Override
public boolean preHandle(HttpServletRequest request,
HttpServletResponse response, Object handler) throws Exception {
response.setContentType("text/html");
//1. 获取当前用户
Administer administer = (Administer)request.getSession().getAttribute("user");;
if(administer == null){ //没有登录用户,返回登录页面
String callbackURL = request.getContextPath() + "/manage/login.html";
response.getWriter().println("<script type=\"text/javascript\"> top.location= '"+ callbackURL + "';</script>");
return false;
}
//2. 获取当前用户是否有访问相应URL的权限
if(!hasAuthority(administer, request.getServletPath()))
{
request.setAttribute("returnMsg", "没有相应的权限!");
request.getRequestDispatcher("/WEB-INF/error.jsp").forward(request, response);
return false;
}
return true;
}
/**
*
* @Title:hasAuthority
* @Description: 判断一个用户是否有访问某个路径的权限
* @param administer
* @param szRequestPath
* @return
* @throws
*/
private boolean hasAuthority(Administer administer, String szRequestPath) {
if(administer==null){
return false;
}
//1. 获取当前用户的权限
Set<String> authStrings = authorityService.queryAuthUrlsByUserName(administer.getUserName());
for (String szString : authStrings) {
String[] authURLs = szString.split(",");
for (String authURL : authURLs) {
if(szRequestPath.startsWith(authURL.trim())){
return true;
}
}
}
return false;
}
/**
* @Title: setAuthorityService
* @return: void
*/
public void setAuthorityService(AuthorityService authorityService) {
this.authorityService = authorityService;
}
}
<!-- 通过用户名获取用户权限,不唯一 -->
<select id="queryUserAuthsByUserName" parameterType="java.lang.String" resultMap="BaseResultMap">
SELECT
T1.name, T1.code, T1.AUTHORITY_URL
FROM unionflow_authority T1, unionflow_role_authority T2, unionflow_admin_role T3, unionflow_administer T4
WHERE 1=1
AND T1.authority_id = T2.authority_id
AND T2.role_id = T3.role_id
AND T3.admin_id = T4.ID
AND T1.delete_flag=0
AND T4.delete_flag=0
AND T4.user_name = #{userName,jdbcType=VARCHAR}
GROUP BY T1.authority_id
</select>