降魔篇之springmvc权限控制

package com.oasystem.annotation;
import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;


import com.oasystem.filter.RoleType;
	 
	@Target(ElementType.METHOD)
	@Retention(RetentionPolicy.RUNTIME)
	@Documented
	public @interface FireAuthority {
	    RoleType[] value();
	}



package com.oasystem.interceptor;

import java.io.IOException;
import java.util.List;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.log4j.Logger;
import org.springframework.stereotype.Component;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

import com.oasystem.annotation.FireAuthority;
import com.oasystem.bo.UserBean;
import com.oasystem.constants.Constants;
import com.oasystem.filter.RoleType;
import com.oasystem.push.model.Message;
import com.oasystem.util.JsonUtil;

/**
 *  权限拦截器
 */
@Component
public class RoleInterceptor extends HandlerInterceptorAdapter{
	
	private static Logger log = Logger.getLogger(RoleInterceptor.class);

/*	该方法会在Controller的方法执行前会被调用,可以使用这个方法来中断或者继续执行链的处理,
 * 当返回true时,处理执行链会继续,当返回false时,则不会去执行Controller的方法。
 * (验证用户是否登陆就是使用preHandleAction方法的最好例子)*/
	
	@Override
	public boolean preHandle(HttpServletRequest request, HttpServletResponse response,
			Object handler) throws Exception {
		
		UserBean  user = (UserBean) request.getSession().getAttribute(Constants.ACCOUNT_USER);
		
		if(user == null) {
			return true;
		}
		//  权限验证
		HandlerMethod handlerMethod;
		if(handler instanceof HandlerMethod ){
			handlerMethod = (HandlerMethod) handler;
		} else {
			return true;
		}

		FireAuthority authority =	handlerMethod.getMethodAnnotation(FireAuthority.class);
		
		if(authority == null || authority.value()==null || authority.value().length <=0) {
			return true;
		}

		log.info("user.getRoleCodeList()  : " + JsonUtil.ObjectToString(user.getRoleCodeList()));
		 
		 List<String> roleLIst = user.getRoleCodeList();
		 if(roleLIst == null || roleLIst.size() <=0) {
			 return true;
		 }
		 
		 for(RoleType role: authority.value()){
		//	 log.info("role.getName() : " +  role.getName() );
			 if( roleLIst.contains(role.getName())){
				 log.info(" 通过 。。。  " );
				return true;
			}
		 }
		 return unauthorized(response);
	}	
	
	private boolean unauthorized(HttpServletResponse response) throws IOException {
		
		Message message = new Message();
		message.sysError( " 权限不足,请联系管理员。。。。。 "  );
		message.setStatus(Constants.RESULT_ERROR);

		String str = JsonUtil.ObjectToJson(message);
		log.warn(str);
		response.setContentType("application/json;charset=UTF-8");
		response.getWriter().append(str);
		response.getWriter().flush();
		response.getWriter().close();
		return false;
	}

}




package com.oasystem.filter;
public enum RoleType{
	
	STUDENT("student",1),
	TEACHER("teacher",2),

	
	private String name;
	private int index;
	 
	private RoleType(String name, int index) {
	    this.name = name;
	    this.index = index;
	}
	public String getName() {
	    return name;
	}
	public void setName(String name) {
	    this.name = name;
	}
	public int getIndex() {
	    return index;
	}
	public void setIndex(int index) {
	    this.index = index;
	}
	}


降魔篇之springmvc权限控制,古老的榕树,5-wow.com

郑重声明:本站内容如果来自互联网及其他传播媒体,其版权均属原媒体及文章作者所有。转载目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。