日期:2014-05-18 浏览次数:20779 次
@Override
public void doFilter(ServletRequest req, ServletResponse rsp,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) rsp;
String uri = request.getRequestURI();
HttpSession session = request.getSession();
Userinfo userInfo = (Userinfo) session.getAttribute("userInfo");
String urls = null;
String urlss[] = null;
boolean rightFlag = false;//是否有权限访问此资源
if(userInfo!=null){
urls = uri.replaceAll(request.getContextPath(), " ");
urlss = urls.split(";");
rightFlag = this.isAuthorized(urlss[0].split("/")[1], request);
}
//1.登录action不过滤 2.已登录有权限不过滤 3.noRight.do不过滤 4.退出不过滤
if((uri.endsWith("login.do")||uri.endsWith("toLogin.do")||uri.endsWith("noRight.do"))||(userInfo!=null)&&rightFlag){
chain.doFilter(request, response);
}else if(userInfo!=null&&!rightFlag){//用户已登录且无权限
response.sendRedirect("noRight.do");
}else {//跳转到登陆页面
session.setAttribute("loginStatus", "您访问的页面需要登陆,请登陆!");
response.sendRedirect("toLogin.do");
}
}
public class Authority extends HandlerInterceptorAdapter {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
HandlerMethod h = (HandlerMethod)handler;
if(h.getMethod().isAnnotationPresent(AuthorityRequired.class)){
//获取请求的url
String url = request.getRequestURL().toString();
HttpSession session = request.getSess