spring配置文件中加上拦截配置:
<!-- 配置mvc的拦截器 可以配置多个 -->
<mvc:interceptors>
<mvc:interceptor>
<!-- 需要被拦截的路径 -->
<mvc:mapping path="/operator/**"/>
<mvc:mapping path="/rights/**"/>
<mvc:mapping path="/province/**"/>
<mvc:mapping path="/city/**"/>
<mvc:mapping path="/school/**"/>
<mvc:mapping path="/schooluser/**"/>
<mvc:mapping path="/service/**"/>
<!-- 拦截处理的interceptor -->
<bean class="com.jiapeng.xfw.server.filter.MemberInterceptor"></bean>
</mvc:interceptor>
</mvc:interceptors>
这样单独加的Path,可以避免js和静态文件被拦截
拦截器:
import java.io.PrintWriter;
import java.net.URLEncoder;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import com.google.gson.Gson;
import com.jiapeng.xfw.server.normalClass.EnumState;
import com.jiapeng.xfw.server.normalClass.JsonResultObject;
import com.jiapeng.xfw.server.service.OperatorService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
/**
* Created by ly on 2016/10/13.
*/
public class MemberInterceptor implements HandlerInterceptor {
@Autowired
OperatorService operatorService;
@Override
public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o) throws Exception {
String requestUri = httpServletRequest.getRequestURI();
String contextPath = httpServletRequest.getContextPath();
String url = requestUri.substring(contextPath.length());
httpServletResponse.setContentType("application/json");
if (url.equals("/operator/logon")) {
return true;
} else {
String userId = httpServletRequest.getHeader("cookie");
int result = operatorService.chkRights(Integer.parseInt(userId),url);
if(result==0){
return true;
}
else if(result ==1 ){
PrintWriter pw = httpServletResponse.getWriter();
pw.print(new Gson().toJson(new JsonResultObject(EnumState.Fail,"权限路径不存在")));
pw.flush();
pw.close();
return false;
}else{
PrintWriter pw = httpServletResponse.getWriter();
pw.print(new Gson().toJson(new JsonResultObject(EnumState.Fail,"没有操作权限")));
pw.flush();
pw.close();
return false;
}
}
}
@Override
public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception {
}
@Override
public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception {
}
}
httpServletResponse.setContentType(“application/json”); 这个类型得是“application/json”,否则前台js无法正确识别。
主要的思路是取cookie中的Userid,权限表中的权限路径保存的就是action的路径,这样就可以比对了。