Spring-mvc

Spring MVC与权限管理整合技术

最新推荐文章于 2024-05-12 07:30:00 发布

原创最新推荐文章于 2024-05-12 07:30:00 发布 · 608 阅读

CC 4.0 BY-SA版权

<beans:import resource="classpath:spring/root-webmvc.xml"/>

   <beans:bean id="jspViewResolver" class="com.ccesun.framework.core.spring.RequestHistoryJspViewResolver" >
        <beans:property name="prefix" value="/WEB-INF/views/" />
        <beans:property name="suffix" value=".jsp" />
    </beans:bean>

   <context:component-scan base-package="
           com.ccesun.society.web.controller
           ,com.ccesun.society.admin.web.controller
           ,com.ccesun.society.security.web.controller
           ,com.ccesun.society.resource.web.controller
           ,com.ccesun.society.flow.web.controller
           ,com.ccesun.society.work.web.controller
           ,com.ccesun.society.kh.web.controller
           ,com.ccesun.society.share.web.controller
           ,com.ccesun.society.stat.web.controller
           ,com.ccesun.society.zdrq.web.controller
           ,com.ccesun.society.spec.web.controller
           ,com.ccesun.society.zhihzx.web.controller
           ,com.ccesun.society.flow.rpc
           ,com.ccesun.society.esungis.web.controller
           ,com.ccesun.society.hprose.server.web.controller
           ,com.ccesun.society.demand.web.controller
           " />

   <interceptors>
       
       <beans:bean class="com.ccesun.society.admin.web.controller.SecurityInterceptorImpl">
           <beans:property name="loginUrl" value="/login" />
           <beans:property name="noPermUrl" value="/login" />
           <beans:property name="excludesPath">
               <beans:list>
                   
                   <beans:value type="java.lang.String">/main</beans:value>
                   <beans:value type="java.lang.String">/hproseJhpt/rpc</beans:value>
                   <beans:value type="java.lang.String">/login</beans:value>
                   <beans:value type="java.lang.String">/logout</beans:value>
                   <beans:value type="java.lang.String">/plugin</beans:value>
                   <beans:value type="java.lang.String">/esungis/gisdevtest</beans:value>
               </beans:list>
           </beans:property>
       </beans:bean>
   </interceptors>

</beans:beans>

public class SecurityInterceptorImpl extends SecurityInterceptor {
   private List<String> excludesPath;

   private String loginUrl = "/login";

   private String noPermUrl = "/noPermUrl";

   @Override
   public boolean preHandle(HttpServletRequest request,
           HttpServletResponse response, Object handler) throws Exception {

       if (!(handler instanceof HandlerMethod)) {
           return true;
       }

       SecurityToken token = SecurityTokenHolder.getSecurityToken();

       boolean userLogin = token != null;
       String contextPath = request.getContextPath();
       String path = request.getRequestURI();
       path = path.substring(contextPath.length());

       if (excludesPath != null && containInList(excludesPath, path)) {
           return true;
       }

       // 用户未登录
       if (!userLogin) {
           response.sendRedirect(contextPath + loginUrl);
           return false;
       }

       // 用户已登录
       if (!path.equals("/admin"))
           return true;

       response.sendRedirect(contextPath + noPermUrl);
       return false;

   }

   public List<String> getExcludesPath() {
       return excludesPath;
   }

   public void setExcludesPath(List<String> excludesPath) {
       this.excludesPath = excludesPath;
   }

   public String getLoginUrl() {
       return loginUrl;
   }

   public void setLoginUrl(String loginUrl) {
       this.loginUrl = loginUrl;
   }

   public String getNoPermUrl() {
       return noPermUrl;
   }

   public void setNoPermUrl(String noPermUrl) {
       this.noPermUrl = noPermUrl;
   }

}