实现方法:在dwr每个方法调用前拦截验证权限
AjaxFilterChain chain) throws Exception
{
WebContext ctx =
WebContextFactory.get();
HttpServletRequest request =
ctx.getHttpServletRequest();
HttpSession session =
request.getSession();
String flag =(String)
session.getAttribute("flag");
if(null == flag){
System.out.println("session验证失败");
return
"session_error";
}
String methodName=method.getName();
System.out.println("拦截目标方法:"+methodName);
if(!CheckLimit(methodName)){
System.out.println("权限验证失败");
return
"limit_error";
}
<allow>
<create
javascript="TermManager" creator="spring"
scope="application">
<param name="beanName"
value="TermManager"></param>
</create>
<filter
class="net.gkyh.util.DWRFilter"></filter>
</allow>
1.实现拦截器(需dwr2.0以上版本)
package net.gkyh.util;
import java.lang.reflect.Method;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.directwebremoting.AjaxFilter;
import org.directwebremoting.AjaxFilterChain;
import org.directwebremoting.WebContext;
import org.directwebremoting.WebContextFactory;
public class DWRFilter implements AjaxFilter{
public Object doFilter(Object object, Method method, Object[]
arr,
//获取session
//拦截调用方法
Object obj=chain.doFilter(object, method, arr);
System.out.println("目标方法"+method.getName()+"执行结束");
return obj;
}
}
2.修改dwr.xml,添加红色部分
<?xml
version="1.0" encoding="UTF-8"?>
<!DOCTYPE dwr PUBLIC
"-//GetAhead Limited//DTD Direct Web Remoting
1.0//EN"
"http://www.getahead.ltd.uk/dwr/dwr10.dtd">
<dwr>
</dwr>
3.调用TermManager中的方法时会先执行DWRFilter拦截器