1.权限拦截器是基于角色做的权限
2.用户信息拦截是检测用户登录的时效性
package com.qiu.framework.web.interceptor;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import com.qiu.framework.common.log.LOG_TYPE;
import com.qiu.framework.common.util.urong.constant.LoginUserHolder;
import com.qiu.urongw.bean.local.supervisors.User;
/**
*
* 权限拦截器. <br>
* 权限拦截器,用户信息验证
*/
public class AuthorityInterceptor extends HandlerInterceptorAdapter{
private Logger logger =LoggerFactory.getLogger(LOG_TYPE.COMMON.val);
private List<String> mappingURL;
@Override
public boolean preHandle(HttpServletRequest request,
HttpServletResponse response, Object handler) throws Exception {
String url = request.getContextPath()+request.getServletPath();
System.out.println("请求地址:"+url);
//查看Session中是否有用户对象
if(!url.equals("/urongw/backstage/login")){
//获取当前登录用户信息
User user = LoginUserHolder.getLoginUser();
if(user==null){
logger.warn("登录拦截器拦截地址:{} 不通过",url);
//session 中用户对象为空返回登录页面
response.sendRedirect(request.getContextPath()+"/backstage/login");
return true;
}
}
//权限过滤,验证请求url和权限url是否匹配
if (this.mappingURL.contains(url)) {
//匹配继续处理请求
return true;
}else{
//不匹配返回无操作权限页面
//response.sendRedirect(request.getContextPath()+"/backstage/login");
return true;
}
}
}
配置文件:
<!-- 拦截器 -->
<mvc:interceptors>
<mvc:interceptor>
<mvc:mapping path="/**" />
<bean class="com.qiu.framework.web.interceptor.EnterInterceptor" />
</mvc:interceptor>
<!-- 权限拦截器 -->
<mvc:interceptor>
<mvc:mapping path="/backstage/**" />
<bean class="com.qiu.framework.web.interceptor.AuthorityInterceptor" />
</mvc:interceptor>
</mvc:interceptors>