springMVC权限过滤器以及登录过滤器

原创

贤云xianyun 2022-09-08 15:20:12 博主文章分类：springMVC ©著作权

©著作权归作者所有：来自51CTO博客作者贤云xianyun的原创作品，请联系作者获取转载授权，否则将追究法律责任

package com.zero2ipo.plugins.servlet;

import java.io.PrintWriter;
import java.util.List;

import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.stereotype.Repository;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import com.zero2ipo.plugins.menu.biz.IsysMenu;
import com.zero2ipo.plugins.menu.bo.SysMenu;
import com.zero2ipo.plugins.user.bo.User;

/**
 * @title springMVC权限过滤器以及登录过滤器
 * @author ZhengYunFei
 * @date 2014-9-29
 */
@Repository
public class SystemInterceptor implements HandlerInterceptor {
  //自动注入菜单项接口
  @Resource(name = "sysMenu")
  private IsysMenu sysMenu;
  @Override
  public boolean preHandle(HttpServletRequest request,
      HttpServletResponse response, Object handler) throws Exception {
      HttpServletRequest req = (HttpServletRequest) request;
        HttpServletResponse res = (HttpServletResponse) response;
          String uri =  req.getRequestURI();
          req.setAttribute("path", req.getContextPath());
          //过滤器器中维护的特定url页面不进行拦截
          if(!uri.matches("/c/login/userLogin")&&!uri.matches("/c/login/userLogout")){
              //如果没有登陆，或者请求session超时都返回重新登陆 
              User so = (User) req.getSession().getAttribute("user");
              if(so == null || so.equals("")){
                  PrintWriter out = res.getWriter() ;
                  out.print("<html>") ;
                  out.print("<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />") ;
                  out.print("<script> ") ;   
                  out.print("window.top.location='/index.html?errorType=7';") ; 
                  out.print("</script>") ; 
                  out.print("</html>") ;
                  return false;
              }else{
                //已经登录的用户，防止其越权，访问其没有权限的url
                //根据此登录用户的ID查询该用户所拥有的url权限
                String userId=so.getUserId();
                List<SysMenu> list=sysMenu.findMenuListByUserId(userId);
                System.out.println("访问的url="+uri);
                for(int i=0;i<list.size();i++){
                  System.out.println("该用户拥有的url权限为："+list.get(i).getPathCode());
                }
                //判断uri是否存在list中，如果存在
                if(list.contains(uri)){
                  return true;
                }else{
                  PrintWriter out = res.getWriter() ;
                  //非法操作,该用户试图访问无权限的uri
                    out.print("<html>") ;
                    out.print("<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />") ;
                    out.print("<script> ") ;   
                    out.print("window.top.location='/index.html?errorType=9';") ; 
                    out.print("</script>") ; 
                    out.print("</html>") ;
                  return false;
                }
              }
           }
      return true;
  }

  @Override
  public void afterCompletion(HttpServletRequest arg0,
      HttpServletResponse arg1, Object arg2, Exception arg3)
      throws Exception {
    
  }

  @Override
  public void postHandle(HttpServletRequest arg0, HttpServletResponse arg1,
      Object arg2, ModelAndView arg3) throws Exception {
    
  }

}

spring-servlet.xml中配置

<!-- 权限过滤配置 -->
<mvc:annotation-driven/>
<mvc:interceptors>
   <mvc:interceptor>
       <mvc:mapping path="/**" />
       <bean class="com.zero2ipo.plugins.servlet.SystemInterceptor"/>
   </mvc:interceptor>
</mvc:interceptors>