1.权限拦截器是基于角色做的权限
2.用户信息拦截是检测用户登录的时效性
package com.qiu.framework.web.interceptor; import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; import com.qiu.framework.common.log.LOG_TYPE; import com.qiu.framework.common.util.urong.constant.LoginUserHolder; import com.qiu.urongw.bean.local.supervisors.User; /** * * 权限拦截器. <br> * 权限拦截器,用户信息验证 */ public class AuthorityInterceptor extends HandlerInterceptorAdapter{ private Logger logger =LoggerFactory.getLogger(LOG_TYPE.COMMON.val); private List<String> mappingURL; @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { String url = request.getContextPath()+request.getServletPath(); System.out.println("请求地址:"+url); //查看Session中是否有用户对象 if(!url.equals("/urongw/backstage/login")){ //获取当前登录用户信息 User user = LoginUserHolder.getLoginUser(); if(user==null){ logger.warn("登录拦截器拦截地址:{} 不通过",url); //session 中用户对象为空返回登录页面 response.sendRedirect(request.getContextPath()+"/backstage/login"); return true; } } //权限过滤,验证请求url和权限url是否匹配 if (this.mappingURL.contains(url)) { //匹配继续处理请求 return true; }else{ //不匹配返回无操作权限页面 //response.sendRedirect(request.getContextPath()+"/backstage/login"); return true; } } }配置文件:
<!-- 拦截器 --> <mvc:interceptors> <mvc:interceptor> <mvc:mapping path="/**" /> <bean class="com.qiu.framework.web.interceptor.EnterInterceptor" /> </mvc:interceptor> <!-- 权限拦截器 --> <mvc:interceptor> <mvc:mapping path="/backstage/**" /> <bean class="com.qiu.framework.web.interceptor.AuthorityInterceptor" /> </mvc:interceptor> </mvc:interceptors>
