AclControlFilter
@Slf 4j
public class AclControlFilter implements Filter {
private static Set<String> exclusionUrlSet = Sets.newConcurrentHashSet();
private final static String noAuthUrl = "/sys/user/noAuth.page" ;
@Override
public void init (FilterConfig filterConfig) throws ServletException {
String exclusionUrls = filterConfig.getInitParameter("exclusionUrls" );
List<String> exclusionUrlList = Splitter.on("," ).trimResults().omitEmptyStrings().splitToList(exclusionUrls);
exclusionUrlSet = Sets.newConcurrentHashSet(exclusionUrlList);
exclusionUrlSet.add(noAuthUrl);
}
@Override
public void doFilter (ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
String servletPath = request.getServletPath();
Map requestMap = request.getParameterMap();
if (exclusionUrlSet.contains(servletPath)) {
filterChain.doFilter(servletRequest, servletResponse);
return ;
}
SysUser sysUser = RequestHolder.getCurrentUser();
if (sysUser == null ) {
log.info("someone visit {}, but no login, parameter:{}" , servletPath, JsonMapper.obj2String(requestMap));
noAuth(request, response);
return ;
}
SysCoreService sysCoreService = ApplicationContextHelper.popBean(SysCoreService.class);
if (!sysCoreService.hasUrlAcl(servletPath)) {
log.info("{} visit {}, but no login, parameter:{}" , JsonMapper.obj2String(sysUser), servletPath, JsonMapper.obj2String(requestMap));
noAuth(request, response);
return ;
}
filterChain.doFilter(servletRequest, servletResponse);
return ;
}
private void noAuth (HttpServletRequest request, HttpServletResponse response) throws IOException {
String servletPath = request.getServletPath();
if (servletPath.endsWith(".json" )) {
JsonData jsonData = JsonData.fail("没有访问权限,如需要访问,请联系管理员" );
response.setHeader("Content-Type" , "application/json" );
response.getWriter().print(JsonMapper.obj2String(jsonData));
return ;
} else {
clientRedirect(noAuthUrl, response);
return ;
}
}
private void clientRedirect (String url, HttpServletResponse response) throws IOException{
response.setHeader("Content-Type" , "text/html" );
response.getWriter().print("<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\n"
+ "<html xmlns=\"http://www.w3.org/1999/xhtml\">\n" + "<head>\n" + "<meta http-equiv=\"content-type\" content=\"text/html; charset=UTF-8\"/>\n"
+ "<title>跳转中...</title>\n" + "</head>\n" + "<body>\n" + "跳转中,请稍候...\n" + "<script type=\"text/javascript\">//<![CDATA[\n"
+ "window.location.href='" + url + "?ret='+encodeURIComponent(window.location.href);\n" + "//]]></script>\n" + "</body>\n" + "</html>\n" );
}
@Override
public void destroy () {
}
}
/noAuth.page
@RequestMapping ("/noAuth.page" )
public ModelAndView noAuth () {
return new ModelAndView("noAuth" );
}
sql
<select id ="getByUrl" parameterType ="string" resultMap ="BaseResultMap" >
SELECT <include refid ="Base_Column_List" />
FROM sys_acl
WHERE url = #{url}
</select >
SysCoreService
public boolean hasUrlAcl(String url) {
if (isSuperAdmin()) {
return true ;
}
List < SysAcl> aclList = sysAclMapper. getByUrl(url);
if (CollectionUtils. isEmpty(aclList)) {
return true ;
}
List < SysAcl> userAclList = getCurrentUserAclListFromCache();
Set < Integer > userAclIdSet = userAclList. stream(). map (acl -> acl. getId()). collect(Collectors. toSet());
boolean hasValidAcl = false ;
for (SysAcl acl : aclList) {
if (acl == null || acl. getStatus() != 1 ) {
continue;
}
hasValidAcl = true ;
if (userAclIdSet. contains(acl. getId())) {
return true ;
}
}
if (! hasValidAcl) {
return true ;
}
return false ;
}
Web.xml
<filter >
<filter -name>aclControlFilter</filter -name>
<filter -class>com.mmall.filter .AclControlFilter</filter -class>
<init-param >
<param -name>targetFilterLifecycle</param -name>
<param -value >true </param -value >
</init-param >
<init-param >
<param -name>exclusionUrls</param -name>
<param -value >/sys/user/noAuth.page,/login.page</param -value >
</init-param >
</filter >
<filter -mapping>
<filter -name>aclControlFilter</filter -name>
<url-pattern>/sys