springMVC+velocity做权限控制 控制到按钮!

1.spring拦截器配置

<mvc:interceptors>
   <mvc:interceptor>
      <mvc:mapping path="/privileges/*"/>
      <mvc:mapping path="/system/*"/>
      <mvc:mapping path="/business/*"/>
      <!--<mvc:exclude-mapping path="/checkCAticket/**"/>-->
      <!--<mvc:exclude-mapping path="/bcookie/**"/>-->
      <!--<mvc:exclude-mapping path="/quickLg/quickLogin.action"/>-->
      <bean class="com.zm.mall.web.interceptor.CacheInterceptor"></bean>
   </mvc:interceptor>
</mvc:interceptors>



2.拦截器拦截
public class CacheInterceptor implements HandlerInterceptor {
   @Override
   public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
       response.setContentType("text/html;charset=UTF-8");
       request.setCharacterEncoding("UTF-8");
       String uri = request.getRequestURI();
//       String url = request.getRequestURL().toString();
       UserResult user=(UserResult)request.getSession().getAttribute("userResult");
	//登录方法 不拦截
       if (uri.endsWith("/toLogin.action")||uri.endsWith("/login.action")||uri.endsWith("/MenuList.action")) { // "/user_loginUI", "/user_login"
           // 如果是去登录,就放行
           return true;
       }else{
           if (user != null) {
		//有权限 放行
               if(user.hasPrivilegeByUri(uri,request)){

                   return true;
               }else {
                   request.getRequestDispatcher("/WEB-INF/vm/system/noPrivilege.vm").forward(request, response);
                   return false;
               }
           }else{
               request.getRequestDispatcher("/WEB-INF/vm/system/login.vm").forward(request, response);
               return false;
           }
       }
   }


3.判断有没有权限的方法
public boolean hasPrivilegeByUri(String url,HttpServletRequest request){
      //管理员放行
	if(isAdmin()){
         return true;
      } 
//循环权限的list 遍历匹配
   for(Role role :roles){
         for(Privileges privileges :role.getPrivileges()){
            if(privileges.getUrl()!=null){//防空指针
               if(privileges.getUrl().equals(url)) {
                  return true;
               }
            }
         }
      }
      return false;

   }

4.根据权限控制按钮显示或者隐藏,重写<a>标签 通过重写velocity标签实现
4.1 velocity.properties配置文件加入自定义标签的路径
userdirective=com.zm.mall.taglib.VelocityTaglib
4.2 自定义标签,通过页面加载之前触发,将页面中的自定义标签的属性 写入到a标签中
package com.zm.mall.taglib;
/**
 * Created by Administrator on 2016/12/21.
 */

import com.zm.mall.client.result.system.UserResult;
import org.apache.velocity.context.InternalContextAdapter;
import org.apache.velocity.exception.MethodInvocationException;
import org.apache.velocity.exception.ParseErrorException;
import org.apache.velocity.exception.ResourceNotFoundException;
import org.apache.velocity.runtime.directive.Directive;
import org.apache.velocity.runtime.parser.node.Node;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.io.Writer;

/**
 * @author
 * @create 2016-12-21 14:13
 */
public class VelocityTaglib extends Directive{
    public String getName() {
            return "vela";
    }
    public int getType() {
        return LINE;
    }
    public boolean render(InternalContextAdapter context, Writer writer,Node node) throws IOException, ResourceNotFoundException, ParseErrorException, MethodInvocationException {
        String href = null;
        String name = null;
        String id = null;
        String clazz = null;
        if(node.jjtGetChild(0) != null){
            href = String.valueOf(node.jjtGetChild(0).value(context));
        }
        if(node.jjtGetChild(1) != null){
            name = String.valueOf(node.jjtGetChild(1).value(context));
        }
        if(node.jjtGetChild(2) != null){
            id = String.valueOf(node.jjtGetChild(2).value(context));
        }
        if(node.jjtGetChild(3) != null){
            clazz = String.valueOf(node.jjtGetChild(3).value(context));
        }
        HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
        UserResult user=(UserResult)request.getSession().getAttribute("userResult");
        int pos = href.indexOf("?");
        String subhref="";
        if (pos > -1) {
            subhref = href.substring(0, pos);
        }else{
            subhref =href;
        }
        if (user.hasPrivilegeByUri(subhref,request)) {
            writer.write("<a   href='"+href+"' id='"+id+"' class='"+clazz+"'  >"+name+"</a>");
            return true;
        } else {
            return false;
        }

    }
}



5.大致这些了,想到再补




  • 0
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值