1.spring拦截器配置
<mvc:interceptors>
<mvc:interceptor>
<mvc:mapping path="/privileges/*"/>
<mvc:mapping path="/system/*"/>
<mvc:mapping path="/business/*"/>
<!--<mvc:exclude-mapping path="/checkCAticket/**"/>-->
<!--<mvc:exclude-mapping path="/bcookie/**"/>-->
<!--<mvc:exclude-mapping path="/quickLg/quickLogin.action"/>-->
<bean class="com.zm.mall.web.interceptor.CacheInterceptor"></bean>
</mvc:interceptor>
</mvc:interceptors>
2.拦截器拦截
public class CacheInterceptor implements HandlerInterceptor { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { response.setContentType("text/html;charset=UTF-8"); request.setCharacterEncoding("UTF-8"); String uri = request.getRequestURI(); // String url = request.getRequestURL().toString(); UserResult user=(UserResult)request.getSession().getAttribute("userResult"); //登录方法 不拦截 if (uri.endsWith("/toLogin.action")||uri.endsWith("/login.action")||uri.endsWith("/MenuList.action")) { // "/user_loginUI", "/user_login" // 如果是去登录,就放行 return true; }else{ if (user != null) { //有权限 放行 if(user.hasPrivilegeByUri(uri,request)){ return true; }else { request.getRequestDispatcher("/WEB-INF/vm/system/noPrivilege.vm").forward(request, response); return false; } }else{ request.getRequestDispatcher("/WEB-INF/vm/system/login.vm").forward(request, response); return false; } } }
3.判断有没有权限的方法
public boolean hasPrivilegeByUri(String url,HttpServletRequest request){ //管理员放行 if(isAdmin()){ return true; } //循环权限的list 遍历匹配 for(Role role :roles){ for(Privileges privileges :role.getPrivileges()){ if(privileges.getUrl()!=null){//防空指针 if(privileges.getUrl().equals(url)) { return true; } } } } return false; }
4.根据权限控制按钮显示或者隐藏,重写<a>标签 通过重写velocity标签实现
4.1 velocity.properties配置文件加入自定义标签的路径
userdirective=com.zm.mall.taglib.VelocityTaglib
4.2 自定义标签,通过页面加载之前触发,将页面中的自定义标签的属性 写入到a标签中
package com.zm.mall.taglib; /** * Created by Administrator on 2016/12/21. */ import com.zm.mall.client.result.system.UserResult; import org.apache.velocity.context.InternalContextAdapter; import org.apache.velocity.exception.MethodInvocationException; import org.apache.velocity.exception.ParseErrorException; import org.apache.velocity.exception.ResourceNotFoundException; import org.apache.velocity.runtime.directive.Directive; import org.apache.velocity.runtime.parser.node.Node; import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.ServletRequestAttributes; import javax.servlet.http.HttpServletRequest; import java.io.IOException; import java.io.Writer; /** * @author * @create 2016-12-21 14:13 */ public class VelocityTaglib extends Directive{ public String getName() { return "vela"; } public int getType() { return LINE; } public boolean render(InternalContextAdapter context, Writer writer,Node node) throws IOException, ResourceNotFoundException, ParseErrorException, MethodInvocationException { String href = null; String name = null; String id = null; String clazz = null; if(node.jjtGetChild(0) != null){ href = String.valueOf(node.jjtGetChild(0).value(context)); } if(node.jjtGetChild(1) != null){ name = String.valueOf(node.jjtGetChild(1).value(context)); } if(node.jjtGetChild(2) != null){ id = String.valueOf(node.jjtGetChild(2).value(context)); } if(node.jjtGetChild(3) != null){ clazz = String.valueOf(node.jjtGetChild(3).value(context)); } HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest(); UserResult user=(UserResult)request.getSession().getAttribute("userResult"); int pos = href.indexOf("?"); String subhref=""; if (pos > -1) { subhref = href.substring(0, pos); }else{ subhref =href; } if (user.hasPrivilegeByUri(subhref,request)) { writer.write("<a href='"+href+"' id='"+id+"' class='"+clazz+"' >"+name+"</a>"); return true; } else { return false; } } }
5.大致这些了,想到再补