spring如何做登录检测以及权限处理?

1.我们在Eclipse中建立一个类

SecurityInterceptor.java

 1 package com.zcl.blog.framework.interceptors;
 2 
 3 import java.util.List;
 4 
 5 import javax.servlet.http.HttpServletRequest;
 6 import javax.servlet.http.HttpServletResponse;
 7 
 8 import org.apache.commons.logging.Log;
 9 import org.apache.commons.logging.LogFactory;
10 import org.springframework.web.servlet.HandlerInterceptor;
11 import org.springframework.web.servlet.ModelAndView;
12 
13 import com.zcl.blog.constants.GlobalConstants;
14 import com.zcl.blog.domain.po.SessionInfo;
15 
16 /**
17  * 
18  * 登录检测及权限拦截器
19  * 
20  * @author Administrator
21  *
22  */
23 public class SecurityInterceptor implements HandlerInterceptor {
24     
25     private Log log = LogFactory.getLog(getClass());
26     
27     private List<String> ignoreUrls;// 不需要拦截的资源
28     
29     public List<String> getIgnoreUrls() {
30         return ignoreUrls;
31     }
32 
33     public void setIgnoreUrls(List<String> ignoreUrls) {
34         this.ignoreUrls = ignoreUrls;
35     }
36 
37     /**
38      * 调用Controller具体方法前拦截
39      */
40     @Override
41     public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
42         boolean flag = false;
43         String reqUri = request.getRequestURI();
44         String ctxPath = request.getContextPath();
45         String url = reqUri.substring(ctxPath.length());
46         SessionInfo sessionInfo = (SessionInfo) request.getSession().getAttribute(GlobalConstants.SESSSION_INFO);
47         System.out.println("SessionInfo:======" + sessionInfo);
48         log.info("访问URL地址:======" + url);
49         if(url.indexOf("/admin/login") > -1 || ignoreUrls.contains(url)) {// 不需要验证的访问资源
50             flag = true;
51         } else {
52             if ((sessionInfo == null) || (sessionInfo.getId() == null)) {// 如果没有登录或超时
53                 flag = false;
54                 response.sendRedirect("/admin/login");
55             } else {
56                 return true;
57             }
58         }
59         return flag;
60     }
61 
62     
63     /**
64      * 调用Controller具体方法后拦截
65      */
66     @Override
67     public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
68     }
69 
70     /**
71      * 页面完成后调用该方法
72      */
73     @Override
74     public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
75     }
76 
77 }
SecurityInterceptor.java

2.我们在Spring配置文件中添加如下代码

spring-config.xml

 1 <!-- 拦截器配置 -->
 2     <mvc:interceptors>
 3         <mvc:interceptor>
 4             <mvc:mapping path="/**"/>
 5             <bean class="com.zcl.blog.framework.interceptors.SecurityInterceptor">
 6                 <property name="ignoreUrls">
 7                     <list>
 8                         <value>/admin/adminlogin</value>
 9                         <value>/admin/logout</value>
10                         <value>/error</value>
11                         <value>/success</value>
12                     </list>
13                 </property>
14             </bean>
15         </mvc:interceptor>
16     </mvc:interceptors>
spring-config.xml

3.由于这个拦截器会拦截所有静态资源,我们在web.xml配置某些静态资源不经过Spring。

web.xml

 1 <!-- 以下后缀名的文件不经过Spring -->
 2     <servlet-mapping>
 3         <servlet-name>default</servlet-name>
 4         <url-pattern>*.css</url-pattern>
 5     </servlet-mapping>
 6     <servlet-mapping>
 7         <servlet-name>default</servlet-name>
 8         <url-pattern>*.js</url-pattern>
 9     </servlet-mapping>
10     <servlet-mapping>
11         <servlet-name>default</servlet-name>
12         <url-pattern>*.ico</url-pattern>
13     </servlet-mapping>
14     <servlet-mapping>
15         <servlet-name>default</servlet-name>
16         <url-pattern>*.html</url-pattern>
17     </servlet-mapping>
18     <servlet-mapping>
19         <servlet-name>default</servlet-name>
20         <url-pattern>*.jpg</url-pattern>
21     </servlet-mapping>
22     <servlet-mapping>
23         <servlet-name>default</servlet-name>
24         <url-pattern>*.png</url-pattern>
25     </servlet-mapping>
26     <servlet-mapping>
27         <servlet-name>default</servlet-name>
28         <url-pattern>*.jpeg</url-pattern>
29     </servlet-mapping>
30     <servlet-mapping>
31         <servlet-name>default</servlet-name>
32         <url-pattern>*.woff2</url-pattern>
33     </servlet-mapping>
34     <servlet-mapping>
35         <servlet-name>default</servlet-name>
36         <url-pattern>*.woff</url-pattern>
37     </servlet-mapping>
38     <servlet-mapping>
39         <servlet-name>default</servlet-name>
40         <url-pattern>*.ttf</url-pattern>
41     </servlet-mapping>
42     <servlet-mapping>
43         <servlet-name>default</servlet-name>
44         <url-pattern>*.eot</url-pattern>
45     </servlet-mapping>
46     <servlet-mapping>
47         <servlet-name>default</servlet-name>
48         <url-pattern>*.map</url-pattern>
49     </servlet-mapping>
web.xml
posted @ 2017-07-17 21:24  鄒成立  阅读(358)  评论(0编辑  收藏  举报