1.需求场景
利用拦截器实现用户登录鉴权
2.项目环境
spring spring mvc mybatis mysql
3.实现方法
package com.jlc.action; import java.util.Enumeration; import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import net.sf.json.JSONObject; import org.apache.commons.lang3.StringUtils; import org.apache.log4j.Logger; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import org.springframework.web.servlet.HandlerInterceptor; import org.springframework.web.servlet.ModelAndView; /***** * * @ClassName: LoginInterceptorAction * @Description: TODO 拦截器 * @author demo * * */ @Service public class LoginInterceptorAction implements HandlerInterceptor { //记录日志对象 Logger log = Logger.getLogger(LoginInterceptorAction.class.getName()); @Autowired private UserRoleService userRoleService; @Override public void afterCompletion(HttpServletRequest request, HttpServletResponse respone, Object obj, Exception e) throws Exception { } @Override public void postHandle(HttpServletRequest request, HttpServletResponse respone, Object obj, ModelAndView view) throws Exception { // TODO Auto-generated method stub } @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object obj) throws Exception { String username = (String) request.getSession().getAttribute("username"); //获取用户拥有的权限列表(getAllRight方法用户登陆后自行实现) List<String> list = getAllRight(username); String callback=request.getParameter("callbackparam"); String url = request.getRequestURI(); String ip=getIpAddr(request); JSONObject jo = new JSONObject(); String param = getAllParameter(request); boolean flag = false; //登录地址不必拦截 if( url.indexOf("login/in")!=-1 flag = true; }else{ if(null == username ||username.equals("")){ jo.put("code", "1002");//会话超时 退出系统 response.getWriter().write(callback+"("+jo.toString()+")"); flag = false; }else if(hasRight(url,list)){ flag = true; }else{ flag = false; jo.put("code", "1003");//没有权限访问 response.getWriter().write(callback+"("+jo.toString()+")"); } } return flag; } /*** *获取访问者IP * ***/ public static String getIpAddr(HttpServletRequest request) { String ip = request.getHeader("X-Real-IP"); if (!StringUtils.isBlank(ip) && !"unknown".equalsIgnoreCase(ip)) { return ip; } ip = request.getHeader("X-Forwarded-For"); if (!StringUtils.isBlank(ip) && !"unknown".equalsIgnoreCase(ip)) { // 多次反向代理后会有多个IP值,第一个为真实IP。 int index = ip.indexOf(','); if (index != -1) { return ip.substring(0, index); } else { return ip; } } else { return request.getRemoteAddr(); } } /** * * @Title: hasRight * @Description: TODO 鉴权 * @param authList * @param url * @return */ public boolean hasRight(String url,List<String> list){ boolean flag=false; if(list.size()>0){ if(list.contains(url)){ flag=true; }else{ flag =false; } }else{ flag = false; } return flag; } /*** * * @Title: getAllParameter * @Description: TODO 返回参数列表 * @param request * @return */ public String getAllParameter(HttpServletRequest request){ String str=""; Enumeration<String> keys = request.getParameterNames(); while(keys.hasMoreElements()) { String k = keys.nextElement(); String v = request.getParameter(k); //System.out.println(k + " = " + request.getParameter(k) ); str+=k+"="+v+","; } return str; } }