需求:要實作一個權限的驗證,在web裡面通常都是用url路徑來控制權限。
demo:
步驟1、
首先在springmvc的配置檔案裡面配置
<mvc:interceptors>
<!-- 國際化操作攔截器 如果采用基于(請求/Session/Cookie)則必需配置 -->
<bean class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor" />
<!-- 如果不定義 mvc:mapping path 将攔截所有的URL請求 -->
<bean class="com.ssh.util.AuthInterceptor"></bean>
</mvc:interceptors>
步驟2、
編寫類:AuthPassport.java
package com.ssh.util;
import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
import java.lang.annotation.Inherited;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
@Documented
@Inherited
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface AuthPassport {
boolean validate() default true;
String fksz() default "";
String hbqq() default "";
String sh() default "";
String pz() default "";
}
編寫類:AuthInterceptor.java
package com.ssh.util;
import java.util.Iterator;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import com.ssh.dao.EmployeeDao;
import com.ssh.entities.Employee;
import com.ssh.entities.Privilege;
import com.ssh.service.EmployeeService;
public class AuthInterceptor extends HandlerInterceptorAdapter {
@Autowired
private EmployeeService employeeService;
@Autowired
private EmployeeDao employeeDao;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
if (handler.getClass().isAssignableFrom(HandlerMethod.class)) {
AuthPassport authPassport = ((HandlerMethod) handler).getMethodAnnotation(AuthPassport.class);
// 沒有聲明需要權限,或者聲明不驗證權限
if (authPassport == null || authPassport.validate() == false) {
System.out.println("沒有聲明需要權限");
System.out.println(request.getRequestURL().toString());
System.out.println("===============================");
return true;
} else {
System.out.println("聲明需要權限");
System.out.println(request.getRequestURL().toString());
String urlpath[] = request.getRequestURL().toString().split("/remit2/");
System.out.println(urlpath[]);
Employee employee = (Employee) request.getSession().getAttribute("emp");
System.out.println(employee);
Employee employee2 = employeeService.getEmployeeByName(employee.getName());
System.out.println(employee2);
Set<Privilege> priSets = employee2.getPrivileges();
Iterator<Privilege> it = priSets.iterator();
while (it.hasNext()) {
Privilege o = it.next();
System.out.println(o.getName());
if (o.getName().equals(authPassport.fksz())){
System.out.println("風控設定");
return true;
}else if (o.getName().equals(authPassport.hbqq())){
System.out.println("劃撥請求");
return true;
}else if (o.getName().equals(authPassport.sh())){
System.out.println("稽核");
return true;
}else if (o.getName().equals(authPassport.pz())){
System.out.println("準許");
return true;
}
}
response.sendRedirect("test");
return false;
// System.out.println("===============================");
// // 在這裡實作自己的權限驗證邏輯
// if (false) {
// // 如果驗證成功傳回true(這裡直接寫false來模拟驗證失敗的處理)
// return true;
// } else {// 如果驗證失敗
// // 傳回到登入界面
// response.sendRedirect("test");
// return false;
// }
}
} else {
return true;
}
}
}
代碼:demo下載下傳