spring mvc前置拦截器

admin管理员组

文章数量:1794759

spring mvc前置拦截器

场景:spring mvc框架权限拦截.

设计: 继承org.springframework.web.servlet.handler.HandlerInterceptorAdapter,重写preHandle方法.

实现:

xxx-servlet.xml加入:

<mvc:interceptors> <mvc:interceptor> <mvc:mapping path="/**"/> <bean class="com.xxx.AuthInterceptor"/> </mvc:interceptor> </mvc:interceptors>

package com.xxx; import java.io.PrintWriter; import java.util.Set; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.springframework.http.HttpStatus; import org.springframework.web.method.HandlerMethod; import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; import com.xxx.domain.Authority; public class AuthInterceptor extends HandlerInterceptorAdapter { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { // 编码也可考虑在这设,但还是先使用web.xml配置的filter boolean flag = true; if (handler instanceof HandlerMethod) { Auth auth = ((HandlerMethod) handler).getMethod().getAnnotation(Auth.class); if (auth != null) {// 有权限控制的就要检查 if (request.getSession().getAttribute(Constants.SESSION_USERID) == null) {// 没登录就要求登录 response.setStatus(HttpStatus.FORBIDDEN.value()); PrintWriter out=response.getWriter(); out.write("{\\"type\\":\\"nosignin\\",\\"msg\\":\\"请您先登录!\\"}"); out.flush(); out.close(); flag = false; } else {// 登录了检查,方法上只是@Auth,表示只要求登录就能通过.@Auth("authority")这类型,验证用户权限 if (!"".equals(auth.value())) { @SuppressWarnings("unchecked") Set<Authority> auths = (Set<Authority>) request.getSession().getAttribute(Constants.SESSION_AUTHS); if (!auths.contains(auth.value())) {// 提示用户没权限 response.setStatus(HttpStatus.FORBIDDEN.value()); PrintWriter out=response.getWriter(); out.write("{\\"type\\":\\"noauth\\",\\"msg\\":\\"您没有"+auth.name()+"权限!\\"}"); out.flush(); out.close(); flag = false; } } } } } return flag; } } 不要将response.getWriter()写出if之外哦,因为写出之外,会先造成此处和controller都使用response去取writer,出问题哦.

本文标签： 拦截器springMVC