基于SpringMVC和注解实现controller中访问权限控制SpringMVC的HandlerInterceptorAdapter对应提供了三个preHandle,postHandle,afterCompletion⽅法。
1. preHandle在业务处理器处理请求之前被调⽤;
2. postHandle在业务处理器处理请求执⾏完成后,⽣成视图之前执⾏;
3. afterCompletion在DispatcherServlet完全处理完请求后被调⽤,可⽤于清理资源等;
所以要想实现⾃⼰的权限管理逻辑,需要继承HandlerInterceptorAdapter并重写其三个⽅法。
⼀、⾃定义配置⽅法
1. 在sping的xml配置中可以⽤<mvc:interceptors>和<mvc:interceptor>来配置类(实现HandlerInterceptorAdapter)
2. 在javaConfig中配置通过WebMvcConfiguration的实现类配置类(实现HandlerInterceptorAdapter)
⼆、⽰例
2.1、javaconfig中配置SpringMVC⽰例
1、新建⼀个springboot项⽬auth-demo2
2、权限校验相关的注解
package com.dxz.authdemo2.web.auth;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
@Target(ElementType.TYPE)
@Retention(RetentionPolicy.RUNTIME)
public @interface Permission {
/
** 检查项枚举 */
PermissionEnum[] permissionTypes() default {};
/** 检查项关系 */
RelationEnum relation() default RelationEnum.OR;
}
package com.dxz.authdemo2.web.auth;
import java.io.PrintWriter;
import java.lang.annotation.Annotation;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.hod.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
/**
* 权限检查
*/
@Component
public class PermissionCheckInterceptor extends HandlerInterceptorAdapter {
/** 权限检查服务 */
@Autowired
private PermissionCheckProcessor permissionCheckProcessor;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
//Class<?> clazz = Class();
Class<?> clazz = ((HandlerMethod)handler).getBeanType();
System.out.println("PermissionCheckInterceptor.preHandle()" + clazz);
for(Annotation a : Annotations()){
System.out.println(a);
}
if (clazz.isAnnotationPresent(Permission.class)) {
Permission permission = (Permission) Annotation(Permission.class);
return permissionCheckProcessor.process(permission, request, response);
}
return true;
}
public boolean preHandle2(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {        System.out.println("SecurityInterceptor:"+ContextPath()+","+RequestURI()+","+Method());        HttpSession session = Session();
if (Attribute("uid") == null) {
System.out.println("AuthorizationException:未登录!"+Method());
if("POST".Method())){
response.setContentType("text/html; charset=utf-8");
PrintWriter out = Writer();
out.write("未登录!");
out.flush();
out.close();
}else{
response.ContextPath()+"/login");
}
return false;
} else {
return true;
}
}
}
package com.dxz.authdemo2.web.auth;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.stereotype.Component;
@Component
public class PermissionCheckProcessor {
public boolean process(Permission permission, HttpServletRequest request, HttpServletResponse response) {
PermissionEnum[] permissionTypes = permission.permissionTypes();
try {
String uid = Parameter("uid");
if ("duanxz".equals(uid)) {
System.out.println("认证成功");
spring mvc和boot区别return true;
} else {
System.out.println("认证失败");
return false;
}
} catch (Exception e) {
return false;
}
}
}
package com.dxz.authdemo2.web.auth;
public enum PermissionEnum {
DEVELOPER_VALID, DEVELOPER_FREEZE;
}
package com.dxz.authdemo2.web.auth;
public enum RelationEnum {
OR, AND;
}
3、SpringMVC配置
package com.dxz.authdemo2.web.auth;
import org.springframework.beans.factory.annotation.Autowired;
import t.annotation.Configuration;
import org.springframework.fig.annotation.InterceptorRegistry;
import org.springframework.fig.annotation.WebMvcConfigurerAdapter;
@Configuration
public class WebMvcConfiguration extends WebMvcConfigurerAdapter {
@Autowired
PermissionCheckInterceptor permissionCheckInterceptor;
@Override
public void addInterceptors(InterceptorRegistry registry) {
/
/ addPathPatterns ⽤于添加拦截规则
// excludePathPatterns ⽤户排除拦截
// 映射为 user 的控制器下的所有映射
registry.addInterceptor(permissionCheckInterceptor).addPathPatterns("/admin/*").excludePathPatterns("/index", "/");
super.addInterceptors(registry);
}
}
4、测试controller
package com.dxz.authdemo2.web;
import javax.servlet.http.HttpServletRequest;
import org.springframework.stereotype.Controller;
import org.springframework.ui.ModelMap;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.servlet.ModelAndView;
import com.dxz.authdemo2.web.auth.Permission;
import com.dxz.authdemo2.web.auth.PermissionEnum;
@Controller
@RequestMapping("/admin")
@Permission(permissionTypes = { PermissionEnum.DEVELOPER_VALID })
public class AppDetailController {
@RequestMapping(value="/appDetail", method = RequestMethod.GET)
public String doGet(ModelMap modelMap, HttpServletRequest httpServletRequest) {          //1. 业务操作,此处省略
System.out.println("appDetail.htm 处理中...");
return "appDetail";
}
}
package com.dxz.authdemo2.web;
import javax.servlet.http.HttpServletRequest;
import org.springframework.stereotype.Controller;
import org.springframework.ui.ModelMap;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import com.dxz.authdemo2.web.auth.Permission;
import com.dxz.authdemo2.web.auth.PermissionEnum;
@Controller
@RequestMapping("index")
public class IndexController {
@RequestMapping(method = RequestMethod.GET)
public void doGet(ModelMap modelMap, HttpServletRequest httpServletRequest) {
System.out.println("index");
}
}
cotroller中的jsp⽂件appDetail.jsp
<html>
<h1>appDetail</h1>
</html>
启动类:
package com.dxz.authdemo2;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import t.annotation.Bean;
import org.springframework.web.servlet.ViewResolver;
import org.springframework.fig.annotation.DefaultServletHandlerConfigurer; import org.springframework.fig.annotation.EnableWebMvc;
import org.springframework.web.servlet.view.InternalResourceViewResolver;
@EnableWebMvc
@EnableAutoConfiguration
@SpringBootApplication
public class AuthDemo2Application {
public static void main(String[] args) {
SpringApplication.run(AuthDemo2Application.class, args);
}
// 配置JSP视图解析器
@Bean
public ViewResolver viewResolver() {
InternalResourceViewResolver resolver = new InternalResourceViewResolver();
resolver.setPrefix("/WEB-INF/views/");
resolver.setSuffix(".jsp");
return resolver;
}
}
结果:
访问:
访问:
2.2、xml中配置SpringMVC⽰例
⾸先在l中加⼊⾃⼰定义的我的实现逻辑PermissionCheckInterceptor,如下:
<!--配置, 多个,顺序执⾏ -->
<mvc:interceptors>
<mvc:interceptor>
<!-- 匹配的是url路径,如果不配置或/**,将拦截所有的Controller -->
<mvc:mapping path="/" />
<mvc:mapping path="/user/**" />
<mvc:mapping path="/test/**" />
<bean class="com.dxz.authdemo2.web.auth.PermissionCheckInterceptor"></bean>
</mvc:interceptor>
<!-- 当设置多个时,先按顺序调⽤preHandle⽅法,然后逆序调⽤每个的postHandle和afterCompletion⽅法 -->  </mvc:interceptors>

版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。