主要在于get、post提交时参数的问题
get提交
post提交
后端:
package com.cn.isoubu.website.filter;
import java.io.IOException;
import java.io.PrintWriter;
import java.lang.reflect.Method;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import com.cn.isoubu.website.util.HttpUtils;
import net.sf.json.JSONObject;
public class AuthorityInterceprot implements HandlerInterceptor {
private static final Logger logger = LoggerFactory.getLogger(AuthorityInterceprot.class);
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response,
Object handler) throws Exception {
HandlerMethod methodhandler = (HandlerMethod) handler;
// 方法
Method method = methodhandler.getMethod();
String url = request.getHeader("Origin");
if (!StringUtils.isEmpty(url)) {
response.setHeader("Access-Control-Allow-Origin", url);
response.setHeader("Access-Control-Allow-Credentials", "true");
}
// 获取方法上的 是否 需要校验权限
Authority authority = method.getAnnotation(Authority.class);
if (authority != null && StringUtils.isNotBlank(authority.module())
&& StringUtils.isNotBlank(authority.behavior())) {
// 模块
String module = authority.module();
// 行为
String behavior = authority.behavior();
String token = (String) request.getSession().getAttribute("token");
if (StringUtils.isBlank(token)) {
logger.info("AuthorityInterceprot token is null");
writeToAjaxClient(response, "{\"code\":4004,\"msg\":\"请重新登录\",\"result\":\"\"}");
return false;
}
// 校验是否有此操作权限
JSONObject verifyMsg = HttpUtils.verify(token, module, behavior);
if (verifyMsg == null) {
logger.info("AuthorityInterceprot verifyMsg is null");
writeToAjaxClient(response, "{\"code\":4005,\"msg\":\"接口调用异常\",\"result\":\"\"}");
return false;
} else {
if ((Integer) verifyMsg.get("status") == 0) {// 没有权限
logger.info("AuthorityInterceprot HttpUtils.verify error,msg:{}"
+ verifyMsg.get("msg"));
writeToAjaxClient(response, verifyMsg.toString());
return false;
}
}
}
return true;
}
/**
* 功能描述: <br>
* 〈功能详细描述〉
*
* @param response
* @param jsonObject
* @return
* @throws IOException
* @see [相关类/方法](可选)
* @since [产品/模块版本](可选)
*/
private void writeToAjaxClient(HttpServletResponse response, String jsonObject)
throws IOException {
String contentType = "application/json";
response.setContentType(contentType);
PrintWriter out = response.getWriter();
out.flush();
out.print(jsonObject);
out.flush();
out.close();
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
ModelAndView modelAndView) throws Exception {
// TODO Auto-generated method stub
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response,
Object handler, Exception ex) throws Exception {
// TODO Auto-generated method stub
}
}
后台需要设置:
response.setHeader("Access-Control-Allow-Origin", url);
response.setHeader("Access-Control-Allow-Credentials", "true");