<!-- 登陆拦截 -->
<mvc:interceptors>
<bean id="loginInterceptor" class="com.atguigu.atcrowdfunding.interceptor.LoginInterceptor"></bean>
<bean id="loginInterceptor" class="com.atguigu.atcrowdfunding.interceptor.PermissionInterceptor"></bean>
</mvc:interceptors>
package com.atguigu.atcrowdfunding.interceptor;
//public class LoginInterceptor implements HandlerInterceptor {
public class LoginInterceptor extends HandlerInterceptorAdapter {
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object arg2) throws Exception {
String servletPath = request.getServletPath();
System.out.println(servletPath);
Set<String> urls = new HashSet<String>();
urls.add("/index.htm");
urls.add("/login.htm");
urls.add("/main.htm");
urls.add("/doLogin.do");
urls.add("/register.htm");
urls.add("/doRegister.do");
if(urls.contains(servletPath)){
return true;
}
User user = (User)request.getSession().getAttribute(Const.LOGIN_USER);
if(user == null){
response.sendRedirect(request.getContextPath()+"/login.htm");
return false;
}else{
return true;
}
}
}
package com.atguigu.atcrowdfunding.interceptor;
@Component
public class PermissionInterceptor extends HandlerInterceptorAdapter {
@Autowired
private PermissionService permissionService;
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
String servletUrl = request.getServletPath();
System.out.println(servletUrl);
Set<String> urls = new HashSet<String>();
urls.add("/index.htm");
urls.add("/login.htm");
urls.add("/main.htm");
urls.add("/doLogin.do");
urls.add("/register.htm");
urls.add("/doRegister.do");
if(urls.contains(servletUrl)){
return true;
}
List<Permission> queryAllPermission = permissionService.queryAllPermission();
Set<String> allurls = new HashSet<String>();
for (Permission permission : queryAllPermission) {
if(StringUtil.isNotEmpty(permission.getUrl())){
allurls.add("/"+permission.getUrl());
}
}
if(allurls.contains(servletUrl)){
Set<String> set = new HashSet<String>();
User user = (User) request.getSession().getAttribute(Const.LOGIN_USER);
List<Permission> queryPermissionByUserId = permissionService.queryPermissionByUserId(user.getId());
for (Permission permission : queryPermissionByUserId) {
set.add("/"+permission.getUrl());
}
if(set.contains(servletUrl)){
return true;
}
response.sendRedirect(request.getContextPath()+"/error/error.htm");
return false;
}else{
return true;
}
}
}