ssm项目利用拦截器实现根据资源权限限制访问。
拦截器代码
package com.chz.ssm.interceptor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.User;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import com.chz.ssm.domain.Permission;
import com.chz.ssm.domain.Role;
import com.chz.ssm.domain.UserInfo;
import com.chz.ssm.service.UserService;
import java.io.PrintWriter;
import java.net.URL;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
/*
自定义拦截器
*/
public class MyInterceptor1 implements HandlerInterceptor {
private UserService userService;
@Autowired
public void setUserService(UserService userService) {
this.userService = userService;
}
/**
* 预处理:controller方法执行前 true放行,执行下一个拦截器,如果没有,执行controller中的方法 false不放行
*/
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
Set<String> set = new HashSet<String>();//hashset集合不重复
List<String> newList = new ArrayList<String>();//用于去重处理
String id = null;//用户id
List<Permission> permissions = null;//权限集合
List<String> pList = new ArrayList<>();//用于和set集合配合去重
System.out.println("执行前");
System.out.println("PowerInterceptor:" + request.getContextPath() + "," + request.getRequestURI() + ","
+ request.getMethod());
SecurityContext context = SecurityContextHolder.getContext();
User user = (User) context.getAuthentication().getPrincipal();
String username = user.getUsername();//利用spring-security获取当前登录用户的姓名
List<UserInfo> userList = userService.findAll();//查询用户信息
for (UserInfo users : userList) {
if (users.getUsername().equals(username)) {
id = users.getId();//获取用户id
System.out.println(id);
}
}
UserInfo userInfo = userService.findById(id);//调用id查询用户具体信息
List<Role> roleList = userInfo.getRoles();//将当前用户的角色存入集合
for (Role rolename : roleList) {
permissions = rolename.getPermissions();//获取权限内容
for (Permission p : permissions) {
pList.add(p.getUrl());//将权限存入pList
}
}
set.addAll(pList);
newList.addAll(set);//去重
System.out.println(newList);// 所有的权限列表
System.out.println(username);// 当前用户名
String url = request.getRequestURI();//获取请求路径
String projectName = "/chz_ssm_web";
url = url.substring(projectName.length(), url.length());//删除项目名
System.out.println(url);
//判断是否拦截
boolean flag = false;
//用户是否存在指定url权限
if (newList.contains(url)) {
flag = true;
}
System.out.println(flag);
if (!flag) {
request.getRequestDispatcher("/permissionfailer.jsp").forward(request, response);
}
// for(String s:newList) {
// if(s.equals(url)) {
// flag=true;
// }
// }
// System.out.println(flag);
// if (flag == false) {
// request.getRequestDispatcher("/permissionfailer.jsp").forward(request, response);
// }
return flag;
}
/**
* 后处理方法,controller方法执行后,success.jsp执行之前
*/
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
ModelAndView modelAndView) throws Exception {
System.out.println("执行后");
}
/**
* success.jsp执行后,该方法会执行
*/
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
throws Exception {
System.out.println("执行最后");
}
}
实体类
permission权限类:
package com.chz.ssm.domain;
import java.util.List;
public class Permission {
private String id;
private String permissionName;
private String url;
private List<Role> roles;
public String getId() {
return id;
}
public void setId(String id) {
this.id = id;
}
public String getPermissionName() {
return permissionName;
}
public void setPermissionName(String permissionName) {
this.permissionName = permissionName;
}
public String getUrl() {
return url;
}
public void setUrl(String url) {
this.url = url;
}
public List<Role> getRoles() {
return roles;
}
public void setRoles(List<Role> roles) {
this.roles = roles;
}
}
角色类:
package com.chz.ssm.domain;
import java.util.List;
public class Role {
private String id;
private String roleName;
private String roleDesc;
private List<Permission> permissions;
private List<UserInfo> users;
public String getId() {
return id;
}
public void setId(String id) {
this.id = id;
}
public String getRoleName() {
return roleName;
}
public void setRoleName(String roleName) {
this.roleName = roleName;
}
public String getRoleDesc() {
return roleDesc;
}
public void setRoleDesc(String roleDesc) {
this.roleDesc = roleDesc;
}
public List<Permission> getPermissions() {
return permissions;
}
public void setPermissions(List<Permission> permissions) {
this.permissions = permissions;
}
public List<UserInfo> getUsers() {
return users;
}
public void setUsers(List<UserInfo> users) {
this.users = users;
}
}
用户类
package com.chz.ssm.domain;
import java.util.List;
public class UserInfo {
private String id;
private String username;
private String email;
private String password;
private String phoneNum;
private int status;
private String statusStr;
private List<Role> roles;
public String getId() {
return id;
}
public void setId(String id) {
this.id = id;
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getEmail() {
return email;
}
public void setEmail(String email) {
this.email = email;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public String getPhoneNum() {
return phoneNum;
}
public void setPhoneNum(String phoneNum) {
this.phoneNum = phoneNum;
}
public int getStatus() {
return status;
}
public void setStatus(int status) {
this.status = status;
}
public String getStatusStr() {
if (status == 0) {
statusStr = "未开启";
} else if (status == 1) {
statusStr = "开启";
}
return statusStr;
}
public void setStatusStr(String statusStr) {
this.statusStr = statusStr;
}
public List<Role> getRoles() {
return roles;
}
public void setRoles(List<Role> roles) {
this.roles = roles;
}
}
头大
因篇幅问题不能全部显示,请点此查看更多更全内容