servlet 3.0 权限认证
程序员文章站
2024-03-17 22:57:52
...
先搭建servlet 的spring mvc配置文件
将原来的xml配置文件格式的配置类放入config包下原来的applicationContext.xml用
@Configuration
@ComponentScan(basePackages = "com.lqd.security.springmvc",
excludeFilters = {@ComponentScan.Filter(type = FilterType.ANNOTATION,value = Controller.class)})
public class ApplicationConfig {
}
以前的springmvc.xml配置文件用
@Configuration
@EnableWebMvc
@ComponentScan(basePackages = "com.lqd.security.springmvc",
includeFilters = {@ComponentScan.Filter(type = FilterType.ANNOTATION,value =
Controller.class)})
public class WebConfig implements WebMvcConfigurer {
@Autowired
private SimpleAuthenticationInterceptor simpleAuthenticationInterceptor;
//相当于springmvc.xml
@Bean
public InternalResourceViewResolver viewResolver(){
//配置视图解析器
InternalResourceViewResolver viewResolver = new InternalResourceViewResolver();
//前缀
viewResolver.setPrefix("/WEB-INF/view/");
//后缀
viewResolver.setSuffix(".jsp");
/**
* 相当于springmvc.xml中的
* <bean
* class="org.springframework.web.servlet.view.InternalResourceViewResolver">
* <property name="prefix" value="/WEB-INF/jsp/" />
* <property name="suffix" value=".jsp" />
* </bean>
*/
return viewResolver;
}
@Override
public void addViewControllers(ViewControllerRegistry registry) {
// 页面的跳转
registry.addViewController("/").setViewName("login");
}
@Override
public void addInterceptors(InterceptorRegistry registry) {
//配置拦截器
registry.addInterceptor(simpleAuthenticationInterceptor).addPathPatterns("/r/**");
}
}
拦截器放在interceptor包下
@Component
public class SimpleAuthenticationInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
Object object = request.getSession().getAttribute(UserDto.SESSION_USER_KEY);
if(object == null){
writeContent(response,"请登录");
}
UserDto userDto = null;
if(object instanceof UserDto){
userDto = (UserDto) object;
}
//获取权限
String requestURI = request.getRequestURI();
if(userDto.getAuthorities().contains("p1")&&
requestURI.contains("/r/r1")){
return true;
}
if(userDto.getAuthorities().contains("p2")&&
requestURI.contains("/r/r2")){
return true;
}
writeContent(response,"没有权限");
return false;
}
private void writeContent(HttpServletResponse response, String string) throws IOException {
response.setContentType("text/html;charset=utf-8");
PrintWriter writer = response.getWriter();
writer.print(string);
writer.close();
// response.resetBuffer();
}
}
初始化spring容器 但要继承于AbstractAnnotationConfigDispatcherServletInitializer类实现
1、getRootConfigClasses()这个方法是初始spring容器的
2、getServletConfigClasses()这个方法是初始化 Servlet Context
3、getServletMappings()初始化url地址
public class SpringApplicationInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
//spring 容器
@Override
protected Class<?>[] getRootConfigClasses() {
return new Class[]{ApplicationConfig.class};
}
//Servlet Context相当于 springmvc.xml
@Override
protected Class<?>[] getServletConfigClasses() {
return new Class[]{WebConfig.class};
}
//url-mapping
@Override
protected String[] getServletMappings() {
return new String[]{"/"};
}
}
上一篇: 饥饿的小易(牛客网)
下一篇: 面试算法