spring-mvc.xml 配置拦截器
<!--登录拦截器-->
<mvc:interceptors>
<mvc:interceptor>
<mvc:mapping path="/**"/>
<bean class="com.wantu.interceptor.LoginInterceptor"/>
</mvc:interceptor>
</mvc:interceptors>
登录拦截器方法-LoginInterceptor.java
package com.wantu.interceptor;
import java.io.PrintWriter;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import com.wantu.common.AuthCommon;
import com.wantu.conf.GlobalConfig;
import com.wantu.entity.SysUser;
import com.wantu.utils.Assert;
/**
* 登录拦截器
*
* @author Administrator
*
*/
public class LoginInterceptor extends HandlerInterceptorAdapter {
/**
* 最后执行,可用于释放资源
*/
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
throws Exception {
// TODO Auto-generated method stub
super.afterCompletion(request, response, handler, ex);
}
@Override
public void afterConcurrentHandlingStarted(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
// TODO Auto-generated method stub
super.afterConcurrentHandlingStarted(request, response, handler);
}
/**
* 生成视图之前执行
*/
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
ModelAndView modelAndView) throws Exception {
// TODO Auto-generated method stub
super.postHandle(request, response, handler, modelAndView);
}
/**
* 在业务处理器处理请求之前被调用 如果返回false 从当前的拦截器往回执行所有拦截器的afterCompletion(),再退出拦截器链
* 如果返回true 执行下一个拦截器,直到所有的拦截器都执行完毕 再执行被拦截的Controller 然后进入拦截器链,
* 从最后一个拦截器往回执行所有的postHandle() 接着再从最后一个拦截器往回执行所有的afterCompletion()
*/
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
// 获取请求的RUi:去除http:localhost:8080这部分剩下的
String uri = request.getRequestURI();
String contextPath = request.getContextPath();
String base_name = "/demo";
String[] notInterceptor_vague = new String[] { base_name + "/common", base_name + "/login",
base_name + "/index", base_name + "/top", base_name + "/left", base_name + "/right",
base_name + "/exit", base_name + "/no_authority" }; // 模糊匹配
boolean doFilter = true;
for (String s : notInterceptor_vague) {
if (uri.indexOf(s) != -1) {
// 如果uri中包含不过滤的uri,则不进行过滤
doFilter = false;
return true;
}
}
// 判断是否登录
// 获取session
HttpSession session = request.getSession();
SysUser user = (SysUser) session.getAttribute("user");
if (Assert.notNull(user)) {
// 判断加载权限
AuthCommon.userHasAuth(session);
// 判断权限
List<String> auth_list = (List<String>) session.getAttribute("user_auth_url_list"); // 当前用户所有权限
for (int i = 0; i < auth_list.size(); i++) {
if (uri.indexOf(auth_list.get(i)) > 0) {
// 有该权限
return true;
} // if (uri.indexOf(auth_list.get(i))>0) {
} // for (int i = 0; i < auth_list.size(); i++) {
// 无权限,返回无权限页面
System.out.println("拦截器拦截到无该权限 " + uri);
response.sendRedirect(contextPath + "/no_authority"); // 无权限跳转,跳转到无权限页面
return false;
} else {
System.out.println("未登录 ");
// request.getRequestDispatcher("/WEB-INF/jsp/login.jsp").forward(request,
// response);
// response.sendRedirect(contextPath + "/login"); // 未登录跳转,跳转到登录方法
response.setContentType("text/html;charset=utf-8");// 要写在在代码未加载之前!也就是在编译代码之前即请求参数前面!(解决中文乱码)
request.setCharacterEncoding("UTF-8");
response.setCharacterEncoding("UTF-8");
PrintWriter out = response.getWriter();
String loginPage = request.getScheme() + "://" + request.getServerName() + ":" + request.getServerPort()
+ request.getContextPath();
StringBuilder builder = new StringBuilder();
out.println("<html>");
out.println("<script>");
out.println("window.open ('" + request.getContextPath() + "/login','_top')");
out.println("</script>");
out.println("</html>");
return false;
}
// return super.preHandle(request, response, handler);
}
}
获取权限类:AuthCommon.java
package com.wantu.common;
import java.util.List;
import javax.annotation.PostConstruct;
import javax.annotation.Resource;
import javax.servlet.http.HttpSession;
import org.springframework.stereotype.Component;
import com.wantu.entity.SysMenu;
import com.wantu.entity.SysUser;
import com.wantu.service.LoginService;
import com.wantu.utils.Assert;
import com.wantu.utils.SessionUtils;
/**
* 判断是否有权限
*
* @author Administrator
*
*/
@Component
public class AuthCommon {
@Resource
private LoginService loginService;
private static AuthCommon authCommon;
@PostConstruct
public void init() {
authCommon = this;
authCommon.loginService = this.loginService;
}
/**
* 判断登录用户是否有权限,若无权限,数据库中查询,若有权限,返回
* @param session
* user_auth 为空表示 当前用户还未查询权限
* user_auth 为1表示 当前用户已查询权限
* user_auth 为2表示,当前用户需要更新权限(未实现)
*/
public static void userHasAuth(HttpSession session) {
String is_auth = (String) session.getAttribute("user_auth");
if (Assert.notNullOrEmpty(is_auth)) {
// 已加载,不需要重新加载
}
else {
// 权限不存在,进行查询
SysUser info = SessionUtils.getSessionUser(session);
if (Assert.notNull(info)) {
List<String> auth_list = authCommon.loginService.findAllAuthByUser(info);
session.setAttribute("user_auth_url_list", auth_list);
session.setAttribute("user_auth", "1");
} // 用户不为空
//
}
}
}
菜鸟一枚,踽踽独行,拙作一篇,敬请斧正。
欢迎加入Q群:719672717。