springmvc权限验证-绝对可靠.docx

精品文档/* (#)AuthorityInterceptor.java * 创建日期：2011-04-19 * Copyright(c)20102011 hitsoftware co.,Ltd */package erceptor;import java.io.IOException;import org.springframework.web.servlet.HandlerInterceptor;import org.springframework.web.servlet.ModelAndView;import javax.servlet.http.*;import java.util.*;import com.hsoft.framework.bean.UserSession;/* * 权限拦截，用于在用户登录与操作过程中的身份权限的验证 * * see UserSession * see HandlerInterceptor * see ModelAndView * * 更新日志： 修改人 版本号 时间 修改内容 芦宁 1.0.0 2011-04-19 添加注释 * author 芦宁 * version 1.0.0 2011-04-19 */public class AuthorityInterceptor implements HandlerInterceptor /* * 处理之前，对用户身份进行验证 * param request HttpServletRequest对象 * param response HttpServletResponse对象 * param handler Object对象 * return 返回一个布尔型数值 */SuppressWarnings(unchecked)public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception try if (handler.getClass().getName().indexOf(LoginCtrl) = 0) return true;UserSession userSession = (UserSession) request.getSession().getAttribute(userSession);if (userSession = null) sendRedirect(request, response);return false;Map map = request.getParameterMap();for (Iterator iter = map.entrySet().iterator(); iter.hasNext();) Map.Entry element = (Map.Entry) iter.next();String s = (String) element.getValue();if (s = null | s.length 1) sendError(request, response);return false; else if (s0.indexOf() != -1) sendError(request, response);return false;List list = (List) request.getSession().getAttribute(visit);/System.out.println(url-);/for (Iterator it = list.iterator(); it.hasNext();) / System.out.println(url+(String)it.next();/if (list = null | list.size() 0) url += method= + request.getParameter(method); else url += request.getQueryString();String tempurl = ;for (Iterator it = list.iterator(); it.hasNext();) tempurl = / + (String) it.next();if (url.indexOf(tempurl) != -1) /System.out.println(url:+url);/System.out.println(url:+temp);/System.out.println(url:+url.indexOf(temp);b = true;break;if (!b) /System.out.println(jcbk the request of + url+ is interrupted);sendError(request, response);return false;return true; catch (Exception e) sendRedirect(request, response);return false;/* * 处理之后，对用户身份进行验证，暂无实现内容 * param request HttpServletRequest对象 * param response HttpServletResponse对象 * param handler Object对象 * param modelAndView ModelAndView对象 */public void postHandle(HttpServletRequest request,HttpServletResponse response, Object handler,ModelAndView modelAndView) throws Exception /* * 完成操作之后，对用户身份进行验证，暂无实现内容 * param request HttpServletRequest对象 * param response HttpServletResponse对象 * param handler Object对象 * param ex Exception对象 */public void afterCompletion(HttpServletRequest request,HttpServletResponse response, Object handler, Exception ex)throws Exception /* * 用户ID在Session中失效时或用户操作出现异常时，导向登出页面 * param request 传递的HttpServletRequest对象 * param response 传递的HttpServletResponse对象 */private void sendRedirect(HttpServletRequest request,HttpServletResponse response) try response.sendRedirect(./logout.jsp); catch (IOException e) e.printStackTrace();/* * 出错时，导向错误页面 * param request 传递的HttpServletRequest对象 * param response 传递的HttpServletResponse对象 */private void sendError(HttpServletRequest request,