一、首先配置拦截器
<!-- 配置拦截器 -->
<mvc:interceptors>
<mvc:interceptor>
<!-- 拦截所有mvc控制器 -->
<mvc:mapping path="/**"/>
<!-- mvc:exclude-mapping是另外一种拦截,它可以在你后来的测试中对某个页面进行不拦截,这样就不用在
LoginInterceptor的preHandler方法里面获取不拦截的请求uri地址了(优选) -->
<mvc:exclude-mapping path="/test"/>
<mvc:exclude-mapping path="/addUser"/>
<mvc:exclude-mapping path="/pmsUpload"/>
<mvc:exclude-mapping path="/login"/>
<mvc:exclude-mapping path="/checkLogin"/>
<mvc:exclude-mapping path="/registerUser"/>
<mvc:exclude-mapping path="/loginAPI"/>
<mvc:exclude-mapping path="/loginError"/>
<mvc:exclude-mapping path="/res/**" />
<mvc:exclude-mapping path="/fileDir/**" />
<bean class="com.zy.bayonet.interceptor.MyInterceptor"></bean>
</mvc:interceptor>
</mvc:interceptors>
二、编写拦截器代码
public class MyInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o) throws Exception {
String uri = httpServletRequest.getRequestURI(); //监听请求路由
HttpSession session = httpServletRequest.getSession();
if(session.getAttribute("user") != null){
User user = (User)session.getAttribute("user");
return MyPermission.checkPermission(uri,user.getType()); //通过路由和用户类型进行验证
}
return false;
}
@Override
public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception {
}
@Override
public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception {
}
}
三、用户权限验证
public class MyPermission {
private final static String per99 = "goEditApplyInfo goShowApplyView goMain goAddOrder goAllow goManageCargo goOrderTypeChoose goOneCarOneOrder goApplyRecordQuery";
private final static String per9 = "goAllow goShowApplyView";
private final static String per2 = "goManageCargo goManageInfo findAllManageCargo";
private final static String per1 = "goAddOrder goOrderTypeChoose goOneCarOneOrder goApplyRecordQuery";
//共同可以访问的uri 不拦截
private final static String publicUri = "goMain";
public static boolean checkPermission(String uri,String type){
uri = uri.replace("/","").replace("\\","");
if(publicUri.contains(uri) || !uri.substring(0,2).equals("go")){
return true; //不拦截
}
int iType = Integer.parseInt(type);
boolean bRet = false;
switch (iType){
case 99:
bRet = per99.contains(uri);
break;
case 9:
bRet = per9.contains(uri);
break;
case 2:
bRet = per2.contains(uri);
break;
case 1:
bRet = per1.contains(uri);
break;
}
MyUtil.printfInfo((bRet?"不拦截":"拦截")+" uri:"+uri+" ret:"+bRet);
return bRet;
}
}
这样一个拦截器就完成了!!!