javascript
java springmvc权限校验_详解Spring MVC使用Filter实现登录及权限验证判断
登錄和權限驗證判斷在后臺管理系統中是最常用的功能,這部分代碼是比較固定和獨立的,為了減少對業務代碼入侵性,一般我會考慮使用Filter來實現,下面我就來詳細說一下我的實現思路和代碼:
前臺頁面:
String path = request.getContextPath();
String basePath = request.getScheme() + "://" + request.getServerName() + ":" + request.getServerPort() + path + "/";
%>
會員登錄--藍狐通用后臺管理系統#line-chart {
height: 300px;
width: 800px;
margin: 0px auto;
margin-top: 1em;
}
.brand {
font-family: georgia, serif;
}
.brand .first {
color: #ccc;
font-style: italic;
}
.brand .second {
color: #fff;
font-weight: bold;
}
藍狐通用后臺管理系統
會員登錄
- ${errorMessage}
用戶名
密碼
登錄頁面很簡單就是一個登錄表單。
后臺Controller:
package com.lanhusoft.controllers;
import com.lanhusoft.dao.mybatis.UserInfoImpl;
import com.lanhusoft.model.Sys_UserInfo;
import com.lanhusoft.model.VAuthenticatedUser;
import com.lanhusoft.model.VSysUserInfo;
import org.hibernate.Session;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpSession;
import java.util.List;
import java.util.Map;
import java.util.Objects;
/**
* Created by Administrator on 2016/8/15.
*/
@Controller
@RequestMapping("/account")
public class AccountController {
@Autowired
VAuthenticatedUser currentUser;
@RequestMapping(value="/logon",method = RequestMethod.GET)
public String Logon(){
return "Account/Logon";
}
@RequestMapping(value="/logon",method = RequestMethod.POST)
public ModelAndView LogonHandler(Sys_UserInfo user,HttpSession session){
UserInfoImpl dal=new UserInfoImpl();
ModelAndView mav=new ModelAndView("Account/Logon");
String errorMsg="";
if(user.getLoginName()==null||user.getLoginName()==""||user.getPwd()==null||user.getPwd()==""){
errorMsg = "用戶名或密碼不能為空";
mav.addObject("errorMessage",errorMsg);
return mav;
}
VAuthenticatedUser authUser=dal.getLegalUserByLoginName(user);
if(authUser==null||authUser.getUserInfo()==null) {
errorMsg = "用戶名不存在";
}
else if(authUser.getUserInfo().getEnabled()!=1){
errorMsg = "用戶未啟用";
}
else if(!Objects.equals(authUser.getUserInfo().getPwd(), user.getPwd())){
errorMsg = "密碼錯誤";
}
else {
session.setAttribute("currentUser",authUser);
//currentUser=authUser;
mav.setViewName("redirect:/SysUser/index");
return mav;
}
mav.addObject("errorMessage",errorMsg);
return mav;
}
@RequestMapping(value="/logout",method = RequestMethod.GET)
public String Logout(HttpSession session){
session.removeAttribute("currentUser");
return "Account/Logon";
}
}
登錄成功把把用戶信息和權限菜單存到sessoin中,key為currentUser。
Filter,登錄及權限驗證判斷真實的核心代碼:
package com.lanhusoft.filters;
import com.lanhusoft.model.Sys_Action;
import com.lanhusoft.model.VAuthenticatedUser;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.filter.OncePerRequestFilter;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* Created by Administrator on 2016/9/3.
*/
public class AuthFilter extends OncePerRequestFilter {
// @Autowired
// VAuthenticatedUser currentUser;
@Override
protected void doFilterInternal(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain filterChain) throws ServletException, IOException {
// 不過濾的uri
String[] notFilter = new String[]{"login.html", "index.html"};
// 請求的uri
String uri = request.getRequestURI();
boolean doFilter = true;
for (String s : notFilter) {
if (uri.indexOf(s) != -1) {
// 如果uri中包含不過濾的uri,則不進行過濾
doFilter = false;
break;
}
}
if (doFilter) {
// 執行過濾
// 從session中獲取登錄者實體
VAuthenticatedUser authUser = (VAuthenticatedUser) request.getSession().getAttribute("currentUser");
response.setContentType("text/html; charset=utf-8");
PrintWriter out = response.getWriter();
if (null == authUser) {
// 如果session中不存在登錄者實體,則彈出框提示重新登錄
// 設置request和response的字符集,防止亂碼
//request.setCharacterEncoding("UTF-8");
//response.setCharacterEncoding("UTF-8");
StringBuilder builder = new StringBuilder();
builder.append("
builder.append("alert('網頁過期,請重新登錄!');");
builder.append("window.top.location.href='"+request.getContextPath()+"/account/logon';");
builder.append("");
out.print(builder.toString());
//response.sendRedirect(request.getContextPath()+"/account/logon");
} else {
// 如果session中存在登錄者實體,則繼續
boolean havePrivi = false;
for (Sys_Action act : authUser.getAuthorizedActions()) {
if (uri.contains(act.getActionHref())) {
havePrivi = true;
break;
}
}
if (havePrivi) {
filterChain.doFilter(request, response);
} else {
out.print("你沒有該頁面的訪問權限");
}
}
} else {
// 如果不執行過濾,則繼續
filterChain.doFilter(request, response);
}
}
}
web.xml加入以下配置:
authFilter
com.lanhusoft.filters.AuthFilter
authFilter
/SysUser/*
authFilter
/SysRole/*
filter-mapping結點中的url-pattern定義了需要驗證的url。你可以根據自己需要添加多個。
總結
以上是生活随笔為你收集整理的java springmvc权限校验_详解Spring MVC使用Filter实现登录及权限验证判断的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 优化安卓系统的软件(优化安卓系统)
- 下一篇: gradle idea java ssm