一、權限碼
/** * @Title: AuthCode.java * @Package cn.com.kamfu.auth * @Description: TODO(用一句話描述該文件做什么) * @author: liandy * @date: 2019年7月15日 下午10:07:45 * @version V1.0 */ package cn.com.kamfu.auth; /** * @ClassName: AuthCode * @Description:TODO(這里用一句話描述這個類的作用) * @author: liandy * @date: 2019年7月15日 下午10:07:45 * */ public enum AuthCode { index("1", "001", "首頁"), userAdd("2", "002", "新增用戶", "新增用戶"), userDelete("3", "003", "刪除用戶", "刪除用戶"), userEdit("4", "004", "修改用戶", "修改用戶"), userQuery("5", "005", "查詢用戶", "查詢用戶"); private String authId; private String authCode; private String authName; private String authDesc; private AuthCode(String authId, String authCode, String authName) { this.authId = authId; this.authCode = authCode; this.authName = authName; } private AuthCode(String authId, String authCode, String authName, String authDesc) { this.authId = authId; this.authCode = authCode; this.authName = authName; this.authDesc = authDesc; } public String getAuthId() { return authId; } public void setAuthId(String authId) { this.authId = authId; } public String getAuthCode() { return authCode; } public void setAuthCode(String authCode) { this.authCode = authCode; } public String getAuthName() { return authName; } public void setAuthName(String authName) { this.authName = authName; } public String getAuthDesc() { return authDesc; } public void setAuthDesc(String authDesc) { this.authDesc = authDesc; } }
二、權限校驗標識
/** * @Title: AuthValidate.java * @Package cn.com.kamfu.auth * @Description: TODO(用一句話描述該文件做什么) * @author: liandy * @date: 2019年7月15日 下午10:07:08 * @version V1.0 */ package cn.com.kamfu.auth; import java.lang.annotation.ElementType; import java.lang.annotation.Retention; import java.lang.annotation.RetentionPolicy; import java.lang.annotation.Target; /** * @ClassName: AuthValidate * @Description:權限校驗標識 * @author: liandy * @date: 2019年7月15日 下午10:07:08 * */ @Target({ ElementType.METHOD, ElementType.TYPE }) @Retention(RetentionPolicy.RUNTIME) public @interface AuthValidate { AuthCode value() ; }
三、業務異常類
/** * @Title: BusinessException.java * @Package cn.com.kamfu.exception * @Description: TODO(用一句話描述該文件做什么) * @author: liandy * @date: 2019年7月15日 下午10:16:50 * @version V1.0 */ package cn.com.kamfu.exception; /** * * 項目名稱:--- * 模塊名稱:接入層 * 功能描述:異常類 * 創建人: mao2080@sina.com * 創建時間:2017年5月9日 下午8:22:21 * 修改人: mao2080@sina.com * 修改時間:2017年5月9日 下午8:22:21 */ public class BusinessException extends Exception{ public BusinessException() { } public BusinessException(String message) { super(message); } }
四、攔截器
/** * @Title: UserLoginInterceptor.java * @Package cn.com.kamfu.interceptor * @Description: TODO(用一句話描述該文件做什么) * @author: liandy * @date: 2019年7月15日 下午10:13:50 * @version V1.0 */ package cn.com.kamfu.interceptor; import java.io.IOException; import java.io.PrintWriter; import java.util.ArrayList; import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import org.springframework.context.support.StaticApplicationContext; import org.springframework.web.method.HandlerMethod; import org.springframework.web.servlet.HandlerInterceptor; import org.springframework.web.servlet.ModelAndView; import cn.com.kamfu.auth.AuthCode; import cn.com.kamfu.auth.AuthValidate; import cn.com.kamfu.exception.BusinessException; import cn.com.kamfu.model.User; import cn.com.kamfu.util.JsonUtil; /** * * 項目名稱:--- * 模塊名稱:接入層 * 功能描述:用戶訪問攔截器(利用SpringMVC自定義攔截器實現) * 創建人: mao2080@sina.com * 創建時間:2017年4月25日 下午8:53:49 * 修改人: mao2080@sina.com * 修改時間:2017年4月25日 下午8:53:49 */ public class UserAccessInterceptor implements HandlerInterceptor { /** * * 描述:構造函數 * @author mao2080@sina.com * @created 2017年4月28日 下午5:20:34 * @since * @param accessService */ public UserAccessInterceptor() { } /** * * 描述:執行方法前 * @author mao2080@sina.com * @created 2017年4月25日 下午9:01:44 * @since * @param request HttpServletRequest * @param response HttpServletResponse * @param handler handler * @return * @throws Exception */ @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { try { //校驗登錄 this.userLoginValidate(request,response); //校驗權限 this.userAuthValidate(request, handler); } catch (Exception e) { e.printStackTrace(); printMessage(response,e.getMessage()); return false; } return true; } /** * * 描述:輸出到前端 * @author mao2080@sina.com * @created 2017年4月28日 上午11:00:25 * @since * @param response 響應 * @param res 對象 * @throws Exception */ public static void printMessage(HttpServletResponse response, Object res) throws Exception{ PrintWriter writer = null; response.setCharacterEncoding("UTF-8"); response.setContentType("text/html; charset=utf-8"); try { writer = response.getWriter(); writer.print(res.toString()); } catch (Exception e) { e.printStackTrace(); } finally { if (writer != null){ writer.close(); } } } @Override public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception { } @Override public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception { } /** * * 描述:用戶登錄校驗 * @author mao2080@sina.com * @created 2017年5月9日 下午8:27:25 * @since * @param request * @throws BusinessException * @throws IOException */ private void userLoginValidate(HttpServletRequest request,HttpServletResponse response) throws BusinessException, IOException { //校驗代碼 HttpSession session = request.getSession(); String token =(String) session.getAttribute("token"); if(null==token) { return; } } /** * * 描述:用戶權限校驗 * @author mao2080@sina.com * @created 2017年5月4日 下午8:34:09 * @since * @param request HttpServletRequest * @param handler * @return * @throws BusinessException */ private void userAuthValidate(HttpServletRequest request, Object handler) throws BusinessException { if(handler instanceof HandlerMethod) { AuthValidate validate = ((HandlerMethod) handler).getMethodAnnotation(AuthValidate.class); if(validate == null){ return;//默認權限開放 } String authId = validate.value().getAuthId(); List<String> auths = new ArrayList<String>();//模擬從緩存或者從數據庫中查詢出對應用戶的權限 auths.add("1"); auths.add("5"); if(!auths.contains(authId)){ throw new BusinessException("權限不足"); } } } }
五、配置攔截規則
package cn.com.kamfu.interceptor; import org.springframework.context.annotation.Configuration; import org.springframework.web.servlet.config.annotation.InterceptorRegistration; import org.springframework.web.servlet.config.annotation.InterceptorRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter; @Configuration public class WebMvcConfiguration extends WebMvcConfigurerAdapter { @Override public void addInterceptors(InterceptorRegistry registry) { // addPathPatterns 用於添加攔截規則 // excludePathPatterns 用戶排除攔截 // 映射為 user 的控制器下的所有映射 // registry.addInterceptor(new UserAccssInterceptor()).addPathPatterns("/user"); } }
六、配置攔截器
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:aop="http://www.springframework.org/schema/aop" xmlns:tx="http://www.springframework.org/schema/tx" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.0.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.0.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-4.2.xsd"> <!-- 注解掃描包 --> <context:component-scan base-package="cn.com.kamfu" /> <!-- 開啟注解 --> <mvc:annotation-driven /> <!-- 配置靜態資源,直接映射到對應的文件夾,不被DispatcherServlet處理 --> <mvc:resources mapping="/images/**" location="/WEB-INF/images/" /> <mvc:resources mapping="/script/**" location="/WEB-INF/script/" /> <mvc:resources mapping="/css/**" location="/WEB-INF/css/" /> <mvc:resources mapping="/html/**" location="/WEB-INF/html/" /> <!-- 定義跳轉的文件的前后綴 ,視圖模式配置--> <bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver"> <!-- 這里的配置我的理解是自動給后面action的方法return的字符串加上前綴和后綴,變成一個 可用的url地址 --> <property name="prefix" value="/WEB-INF/jsp" /> <property name="suffix" value=".jsp" /> </bean> <!--配置攔截器, 多個攔截器,順序執行 --> <mvc:interceptors> <bean class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor" /> <mvc:interceptor> <!-- 匹配的是url路徑, 如果不配置或/**,將攔截所有的Controller --> <mvc:mapping path="/**" /> <bean class="cn.com.kamfu.interceptor.UserAccessInterceptor"></bean> </mvc:interceptor> <!-- 當設置多個攔截器時,先按順序調用preHandle方法,然后逆序調用每個攔截器的postHandle和afterCompletion方法 --> </mvc:interceptors> </beans>
七、攔截器的使用
/** * @Title: UserController.java * @Package cn.com.kamfu.controller * @Description: TODO(用一句話描述該文件做什么) * @author: liandy * @date: 2019年7月12日 上午2:53:59 * @version V1.0 */ package cn.com.kamfu.controller; import java.io.FileOutputStream; import java.io.IOException; import java.io.PrintWriter; import java.text.SimpleDateFormat; import java.util.ArrayList; import java.util.Date; import java.util.HashMap; import java.util.List; import java.util.Map; import javax.servlet.http.HttpServletRequest; import org.apache.log4j.Logger; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.multipart.MultipartFile; import org.springframework.web.multipart.MultipartHttpServletRequest; import cn.com.kamfu.auth.AuthCode; import cn.com.kamfu.auth.AuthValidate; import cn.com.kamfu.model.User; import cn.com.kamfu.service.UserService; @Controller @RequestMapping("/user") public class UserController { @Autowired private UserService userService; protected Logger log = Logger.getLogger(UserController.class); @RequestMapping("/login") public String login(){ return "/user/login"; } @RequestMapping("checkUser") public String checkUser(String name,String password,HttpServletRequest request){ request.getSession().setAttribute("token","token123"); return "redirect:/user/index"; } @AuthValidate(AuthCode.index) @RequestMapping("/index") public String index(){ return "/user/index"; } //match automatically @RequestMapping("/list") @AuthValidate(AuthCode.userQuery) public String list(HttpServletRequest request){ // List<User> listUser = userService.findAllUser(); // request.setAttribute("listUser",listUser); // log.debug("服務器啟動了,log4j開始工作了"); // log.error("服務器啟動了,log4j開始工作了"); return "/user/list"; } @RequestMapping(value="/pagedList",method=RequestMethod.POST,produces ={"application/json;charset=UTF-8"}) @ResponseBody public Map<String, Object> pagedList(HttpServletRequest request) throws IOException{ String currentPage=request.getParameter("page"); String pageSize=request.getParameter("rows"); List<User> fList=new ArrayList<User>(); User user=new User(); user.setId(1); user.setUsername("username"); user.setPassword("password"); fList.add(user);fList.add(user);fList.add(user);fList.add(user);fList.add(user);fList.add(user);fList.add(user);fList.add(user);fList.add(user);fList.add(user); Map<String, Object> map=new HashMap<String,Object>(); map.put("total", 21); map.put("rows", fList); return map; } //boxing automatically @RequestMapping("/add") public String add(User user){ System.out.println(user.toString()); return "/user/add"; } //pass the parameters to front-end @RequestMapping("/showUser") public String showUser(Map<String,Object> map){ User p =new User(); map.put("p", p); p.setUsername("jack"); return "show"; } //pass the parameters to front-end using ajax @RequestMapping("/getUser") public void getPerson(String name,PrintWriter pw){ pw.write("hello,"+name); } //redirect @RequestMapping("/redirect") public String redirect(){ return "redirect:hello"; } @RequestMapping("/file") public String file(){ return "/file"; } //文件上傳 @RequestMapping(value="/upload",method=RequestMethod.POST) public String upload(HttpServletRequest req) throws Exception{ MultipartHttpServletRequest mreq = (MultipartHttpServletRequest)req; MultipartFile file = mreq.getFile("file"); String fileName = file.getOriginalFilename(); SimpleDateFormat sdf = new SimpleDateFormat("yyyyMMddHHmmss"); FileOutputStream fos = new FileOutputStream(req.getSession().getServletContext().getRealPath("/")+ "upload/"+sdf.format(new Date())+fileName.substring(fileName.lastIndexOf('.'))); fos.write(file.getBytes()); fos.flush(); fos.close(); return "success"; } }