springMVC+velocity做許可權控制 控制到按鈕!
阿新 • • 發佈:2018-12-25
1.spring攔截器配置
<mvc:interceptors> <mvc:interceptor> <mvc:mapping path="/privileges/*"/> <mvc:mapping path="/system/*"/> <mvc:mapping path="/business/*"/> <!--<mvc:exclude-mapping path="/checkCAticket/**"/>--> <!--<mvc:exclude-mapping path="/bcookie/**"/>--> <!--<mvc:exclude-mapping path="/quickLg/quickLogin.action"/>--> <bean class="com.zm.mall.web.interceptor.CacheInterceptor"></bean> </mvc:interceptor> </mvc:interceptors>
2.攔截器攔截
public class CacheInterceptor implements HandlerInterceptor { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { response.setContentType("text/html;charset=UTF-8"); request.setCharacterEncoding("UTF-8"); String uri = request.getRequestURI(); // String url = request.getRequestURL().toString(); UserResult user=(UserResult)request.getSession().getAttribute("userResult"); //登入方法 不攔截 if (uri.endsWith("/toLogin.action")||uri.endsWith("/login.action")||uri.endsWith("/MenuList.action")) { // "/user_loginUI", "/user_login" // 如果是去登入,就放行 return true; }else{ if (user != null) { //有許可權 放行 if(user.hasPrivilegeByUri(uri,request)){ return true; }else { request.getRequestDispatcher("/WEB-INF/vm/system/noPrivilege.vm").forward(request, response); return false; } }else{ request.getRequestDispatcher("/WEB-INF/vm/system/login.vm").forward(request, response); return false; } } }
3.判斷有沒有許可權的方法
public boolean hasPrivilegeByUri(String url,HttpServletRequest request){ //管理員放行 if(isAdmin()){ return true; } //迴圈許可權的list 遍歷匹配 for(Role role :roles){ for(Privileges privileges :role.getPrivileges()){ if(privileges.getUrl()!=null){//防空指標 if(privileges.getUrl().equals(url)) { return true; } } } } return false; }
4.根據許可權控制按鈕顯示或者隱藏,重寫<a>標籤 通過重寫velocity標籤實現
4.1 velocity.properties配置檔案加入自定義標籤的路徑
userdirective=com.zm.mall.taglib.VelocityTaglib4.2 自定義標籤,通過頁面載入之前觸發,將頁面中的自定義標籤的屬性 寫入到a標籤中package com.zm.mall.taglib;
/**
* Created by Administrator on 2016/12/21.
*/
import com.zm.mall.client.result.system.UserResult;
import org.apache.velocity.context.InternalContextAdapter;
import org.apache.velocity.exception.MethodInvocationException;
import org.apache.velocity.exception.ParseErrorException;
import org.apache.velocity.exception.ResourceNotFoundException;
import org.apache.velocity.runtime.directive.Directive;
import org.apache.velocity.runtime.parser.node.Node;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.io.Writer;
/**
* @author
* @create 2016-12-21 14:13
*/
public class VelocityTaglib extends Directive{
public String getName() {
return "vela";
}
public int getType() {
return LINE;
}
public boolean render(InternalContextAdapter context, Writer writer,Node node) throws IOException, ResourceNotFoundException, ParseErrorException, MethodInvocationException {
String href = null;
String name = null;
String id = null;
String clazz = null;
if(node.jjtGetChild(0) != null){
href = String.valueOf(node.jjtGetChild(0).value(context));
}
if(node.jjtGetChild(1) != null){
name = String.valueOf(node.jjtGetChild(1).value(context));
}
if(node.jjtGetChild(2) != null){
id = String.valueOf(node.jjtGetChild(2).value(context));
}
if(node.jjtGetChild(3) != null){
clazz = String.valueOf(node.jjtGetChild(3).value(context));
}
HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
UserResult user=(UserResult)request.getSession().getAttribute("userResult");
int pos = href.indexOf("?");
String subhref="";
if (pos > -1) {
subhref = href.substring(0, pos);
}else{
subhref =href;
}
if (user.hasPrivilegeByUri(subhref,request)) {
writer.write("<a href='"+href+"' id='"+id+"' class='"+clazz+"' >"+name+"</a>");
return true;
} else {
return false;
}
}
}
5.大致這些了,想到再補