淘淘商城08_权限拦截器04

于 2018-12-14 15:33:51 发布
阅读量144 收藏
点赞数
分类专栏: interceptor permission
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/fjz_lihuapiaoxiang/article/details/85003283
版权

把用户的权限和菜单存放到session中

SysPermissionUserMapper:

package com.taotao.mapper;

import java.util.List;

import com.taotao.pojo.SysPermission;

public interface SysPermissionUserMapper {
	//根据用户id查询用户菜单
	List<SysPermission> getMenuByUserId(String userId);
	
	//根据用户id查询用户权限
	List<SysPermission> getPermissionUrlByUserId(String userId);
}

SysPermissionUserMapper.xml

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<mapper namespace="com.taotao.mapper.SysPermissionUserMapper" >
 	<!-- 查询用户菜单 -->
 	<select id="getMenuByUserID" parameterType="String" resultType="com.taotao.pojo.SysPermission">
 		SELECT
			*
		FROM
			sys_permission
		WHERE
			type = 'menu'
		AND id IN (
			SELECT
				sys_permission_id
			FROM
				sys_role_permission
			WHERE
				sys_role_id IN (
					SELECT
						sys_role_id
					FROM
						sys_user_role
					WHERE
						sys_user_id = #{userid}
				)
		)
 	</select>
 	
 		<!-- 查询用户权限URL -->
 	<select id="getPermissionByUserID" parameterType="String" resultType="com.taotao.pojo.SysPermission">
 		SELECT
			*
		FROM
			sys_permission
		WHERE
			type = 'permission'
		AND id IN (
			SELECT
				sys_permission_id
			FROM
				sys_role_permission
			WHERE
				sys_role_id IN (
					SELECT
						sys_role_id
					FROM
						sys_user_role
					WHERE
						sys_user_id = #{userid}
				)
		)
 	</select>
 	
 	
</mapper>

SysPermissionService:

package com.taotao.service;

import java.util.List;

import com.taotao.pojo.SysPermission;
import com.taotao.pojo.SysUser;
import com.taotao.utils.TaotaoResult;
/**
 * 用户认证接口
 * @author fengjinzhu
 *
 */
public interface SysPermissionService {
	//用户认证
	 public TaotaoResult authenticat(String usercode, String password);
	
	 //查询用户
	 public SysUser getSysUser(String usercode);
	 
	//根据用户id查询用户菜单
		List<SysPermission> getMenuByUserId(String userId);
		
		//根据用户id查询用户权限
		List<SysPermission> getPermissionUrlByUserId(String userId);
}

 SysPermissionServiceImpl

package com.taotao.service;

import java.util.List;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.util.DigestUtils;

import com.taotao.mapper.SysPermissionUserMapper;
import com.taotao.mapper.SysUserMapper;
import com.taotao.pojo.ActiveUser;
import com.taotao.pojo.SysPermission;
import com.taotao.pojo.SysUser;
import com.taotao.utils.TaotaoResult;

@Service
public class SysPermissionServiceImpl implements SysPermissionService {
	@Autowired
	private SysUserMapper sysUserMapper;
	
	@Autowired
	private SysPermissionUserMapper sysPermissionUserMapper;

	@Override
	public TaotaoResult authenticat(String usercode, String password) {
		//1.获取该对象
		SysUser sysUser = this.getSysUser(usercode);
		//2.判断该用户 是否存在
		if (sysUser == null) {
			return TaotaoResult.build(400, "该用户不存在!");
		}
		
		//判断用户的密码
		//从数据库中取出该用户的密码,该密码是经过Md5加密的
		String pwd_db = sysUser.getPassword();
		//1.获取该用户的盐值
		String salt = sysUser.getSalt();
		//2.获取前台输入的密码password
		//3.将盐值和password相加后加密
		String salt_pwd = salt+password;
		//获取到该用户输入的密码,将输入的密码经过MD5加密
		String pwd_input = DigestUtils.md5DigestAsHex(salt_pwd.getBytes());
		//与数据库中取出的密码相比较
		if (! pwd_db.equalsIgnoreCase(pwd_input)) {
			return TaotaoResult.build(400, "用户名或密码错误!");
		}
		
		//将数据添加到activeUser类中
		ActiveUser activeUser = new ActiveUser();
		activeUser.setUsercode(usercode);
		activeUser.setUsername(sysUser.getUsername());
		activeUser.setUserid(sysUser.getId());
		
		return TaotaoResult.ok(activeUser);
	}
	
	public SysUser getSysUser(String usercode){
		SysUser sysUser = new SysUser();    
		sysUser.getUsercode();
		List<SysUser> list = sysUserMapper.getSysUserByCode(usercode);
		if (list !=null && list.size() >0) {
			 return  list.get(0);
		}
		return null;
	}

	@Override
	public List<SysPermission> getMenuByUserId(String userId) {
		// TODO Auto-generated method stub
		return sysPermissionUserMapper.getMenuByUserId(userId);
	}

	@Override
	public List<SysPermission> getPermissionUrlByUserId(String userId) {
		// TODO Auto-generated method stub
		return sysPermissionUserMapper.getPermissionUrlByUserId(userId);
	}
}

 

 

package com.taotao.service;

import java.util.List;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.util.DigestUtils;

import com.taotao.mapper.SysPermissionUserMapper;
import com.taotao.mapper.SysUserMapper;
import com.taotao.pojo.ActiveUser;
import com.taotao.pojo.SysPermission;
import com.taotao.pojo.SysUser;
import com.taotao.utils.TaotaoResult;

@Service
public class SysPermissionServiceImpl implements SysPermissionService {
	@Autowired
	private SysUserMapper sysUserMapper;
	
	@Autowired
	private SysPermissionUserMapper sysPermissionUserMapper;

	@Override
	public TaotaoResult authenticat(String usercode, String password) {
		//1.获取该对象
		SysUser sysUser = this.getSysUser(usercode);
		//2.判断该用户 是否存在
		if (sysUser == null) {
			return TaotaoResult.build(400, "该用户不存在!");
		}
		
		//判断用户的密码
		//从数据库中取出该用户的密码,该密码是经过Md5加密的
		String pwd_db = sysUser.getPassword();
		//1.获取该用户的盐值
		String salt = sysUser.getSalt();
		//2.获取前台输入的密码password
		//3.将盐值和password相加后加密
		String salt_pwd = salt+password;
		//获取到该用户输入的密码,将输入的密码经过MD5加密
		String pwd_input = DigestUtils.md5DigestAsHex(salt_pwd.getBytes());
		//与数据库中取出的密码相比较
		if (! pwd_db.equalsIgnoreCase(pwd_input)) {
			return TaotaoResult.build(400, "用户名或密码错误!");
		}
		
		String userId = sysUser.getId();
		//将数据添加到activeUser类中
		ActiveUser activeUser = new ActiveUser();
		activeUser.setUsercode(usercode);
		activeUser.setUsername(sysUser.getUsername());
		activeUser.setUserid(sysUser.getId());
		
		activeUser.setMenus(this.getMenuByUserId(userId));//权限 菜单
		activeUser.setPermissions(this.getPermissionUrlByUserId(userId));//权限url
		
		return TaotaoResult.ok(activeUser);
	}
	
	public SysUser getSysUser(String usercode){
		SysUser sysUser = new SysUser();    
		sysUser.getUsercode();
		List<SysUser> list = sysUserMapper.getSysUserByCode(usercode);
		if (list !=null && list.size() >0) {
			 return  list.get(0);
		}
		return null;
	}

	@Override
	public List<SysPermission> getMenuByUserId(String userId) {
		// TODO Auto-generated method stub
		return sysPermissionUserMapper.getMenuByUserId(userId);
	}

	@Override
	public List<SysPermission> getPermissionUrlByUserId(String userId) {
		// TODO Auto-generated method stub
		return sysPermissionUserMapper.getPermissionUrlByUserId(userId);
	}
}

PermissionInterceptor.java

package com.taotao.interceptor;

import java.util.List;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;

import com.taotao.pojo.ActiveUser;
import com.taotao.pojo.SysPermission;
import com.taotao.utils.ResourcesUtil;

public class PermissionInterceptor implements HandlerInterceptor {

	@Override
	public void afterCompletion(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, Exception arg3)
			throws Exception {
		// TODO Auto-generated method stub
		//执行后
	}

	@Override
	public void postHandle(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, ModelAndView arg3)
			throws Exception {
		// TODO Auto-generated method stub
		//执行前
	}

	@Override
	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object arg2) throws Exception {
		//1.获取到请求的URL
		String url = request.getRequestURI();
		//2.判断,公共的资源给放行,否则拦截
		//用工具类ResourcesUtil.java读取commonURL.properties,返回一个list集合,读取commonURL.properties中的key值
		List<String> opencomm_url = ResourcesUtil.gekeyList("commonURL");
		for (String opencomm_urls : opencomm_url) {
			if (url.indexOf(opencomm_urls)>=0) {
				return true;
			}
		}
		
		HttpSession session = request.getSession();//获取到session
		ActiveUser activeUser = (ActiveUser) session.getAttribute("activeUser");//获取到session中存储的activeUser
		
		//从session中取出permission的url
		//把url进行遍历,放行
		List<SysPermission> permissionList = activeUser.getPermissions();
		for (SysPermission sysPermission : permissionList) {
			//取出url字段,只要数据库中有的就放行
			String openPermissionUrl = sysPermission.getUrl();
			if (url.indexOf(openPermissionUrl)>=0) {
				return true;
			}
		}
		
		//跳转页面,不放行的就 无权访问
		request.getRequestDispatcher("/WEB-INF/jsp/refuse.jsp").forward(request, response);
		return false;
	}

}

 

commonURL.properties

#公开的url
/index=首页

springmvc.xml

<!-- 用户权限拦截 -->
		<mvc:interceptor>
			<mvc:mapping path="/**"/>
			<mvc:exclude-mapping path="/**/fonts/*"/>
	        <mvc:exclude-mapping path="/**/*.css"/>
	        <mvc:exclude-mapping path="/**/*.js"/>
	        <mvc:exclude-mapping path="/**/*.png"/>
	        <mvc:exclude-mapping path="/**/*.gif"/>
	        <mvc:exclude-mapping path="/**/*.jpg"/>
	        <mvc:exclude-mapping path="/**/*.jpeg"/>
	        <mvc:exclude-mapping path="/**/*validatecode*"/>
	        <mvc:exclude-mapping path="/**/*Login*"/>
	        <mvc:exclude-mapping path="/**/*error*"/>
			<bean class="com.taotao.interceptor.PermissionInterceptor"/>
		</mvc:interceptor>

 

梨花飘香
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值