如何通过SpringMVC实现自定义权限控制的长尾?

2026-04-16 16:224阅读0评论SEO基础
  • 内容介绍
  • 文章标签
  • 相关推荐

本文共计1163个文字,预计阅读时间需要5分钟。

如何通过SpringMVC实现自定义权限控制的长尾?

自定义角色权限限制注解

如何通过SpringMVC实现自定义权限控制的长尾?

javapackage com.creditease.hardess.core.annotation;

import java.lang.annotation.ElementType;import java.lang.annotation.Retention;import java.lang.annotation.RetentionPolicy;import java.lang.annotation.Target;

/** * 用于定义角色权限限制的注解 */@Retention(RetentionPolicy.RUNTIME)@Target(ElementType.METHOD)public @interface RoleLimit { // 注解属性,可以根据需要添加}

自定义角色权限注解

package com.creditease.hardess.core.annotation; import java.lang.annotation.ElementType; import java.lang.annotation.Retention; import java.lang.annotation.RetentionPolicy; import java.lang.annotation.Target; /* Java中提供了四种元注解,专门负责注解其他的注解,分别如下 @Retention元注解,表示需要在什么级别保存该注释信息(生命周期)。可选的RetentionPoicy参数包括: RetentionPolicy.SOURCE: 停留在java源文件,编译器被丢掉 RetentionPolicy.CLASS:停留在class文件中,但会被VM丢弃(默认) RetentionPolicy.RUNTIME:内存中的字节码,VM将在运行时也保留注解,因此可以通过反射机制读取注解的信息 @Target元注解,默认值为任何元素,表示该注解用于什么地方。可用的ElementType参数包括 ElementType.CONSTRUCTOR: 构造器声明 ElementType.FIELD: 成员变量、对象、属性(包括enum实例) ElementType.LOCAL_VARIABLE: 局部变量声明 ElementType.METHOD: 方法声明 ElementType.PACKAGE: 包声明 ElementType.PARAMETER: 参数声明 ElementType.TYPE: 类、接口(包括注解类型)或enum声明 @Documented将注解包含在JavaDoc中 @Inheried允许子类继承父类中的注解 */ /** * 角色注解 * @author Peter * @time 2017-10-26 * @version 1.0 */ @Retention(RetentionPolicy.RUNTIME) @Target(ElementType.METHOD) public @interface RequireRoles { // 注解属性 String[] roles(); } 自定义权限码

package com.creditease.hardess.core.consts; /** * 角色 * @author Peter * */ public class RoleConsts { /** * 平台管理员 */ public static final String MANAGER="P-001"; /** * 控股企发部 */ public static final String SINOAGRI="P-002"; /** * 采购商 */ public static final String BUYER="B-001"; /** * 供应商 */ public static final String SELLER="B-002"; } 拦截器代码

package com.b2b.console.interceptor; import java.io.PrintWriter; import java.util.HashMap; import java.util.List; import java.util.Map; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang3.StringUtils; import org.apache.log4j.Logger; import org.springframework.web.method.HandlerMethod; import org.springframework.web.servlet.HandlerInterceptor; import org.springframework.web.servlet.ModelAndView; import com.alibaba.fastjson.JSON; import com.b2b.console.controller.AbstractController; import com.creditease.hardess.core.annotation.RequireRoles; import com.creditease.hardess.core.entity.ana.Role; import com.creditease.hardess.core.entity.ana.User; import com.creditease.hardess.core.entity.ana.UserLoginSession; /** * * @author Peter * */ public class SessionCheckInterceptor extends AbstractController implements HandlerInterceptor { private static Logger logger = Logger.getLogger(SessionCheckInterceptor.class); @Override public boolean preHandle(HttpServletRequest req, HttpServletResponse res, Object handler) throws Exception { UserLoginSession userLoginSession = getUserLoginSession(req); System.err.println("--------------------------"+req.getRequestURI()+"---------------------------"); if (userLoginSession==null || "".equals(userLoginSession.getUserInfo().getUserId()) || "".equals(userLoginSession.getUserInfo().getUserName())) { logger.info("Interceptor中返回false"); //res.sendRedirect(req.getContextPath()+LOGIN_URL); PrintWriter out = res.getWriter(); out.println(""); return false; }else{ //处理角色权限 HandlerMethod method = (HandlerMethod)handler; RequireRoles requireRole = method.getMethodAnnotation(RequireRoles.class); if(requireRole != null) { User user = userLoginSession.getUserInfo(); List roleList = user.getRoleList(); if(!this.hasRole(requireRole.roles(), roleList)) { Map result = new HashMap (); result.put("success",false); result.put("message", "部分信息您无权限,请联系管理员"); res.getWriter().write(JSON.toJSONString(result)); // 无权限 //res.sendRedirect(req.getContextPath()+"/portal/login.html"); return false; } } String USER_ID =String.valueOf(userLoginSession.getUserInfo().getUserId()); logger.info("Interceptor中获取USER_ID: " + USER_ID); } logger.info("Interceptor中返回true"); return true; } @Override public void postHandle(HttpServletRequest req, HttpServletResponse res, Object arg2, ModelAndView arg3) throws Exception { } @Override public void afterCompletion(HttpServletRequest req, HttpServletResponse res, Object arg2, Exception arg3) throws Exception { } /** * 判断是否有角色权限 * @param methodRole 方法上拥有的权限 * @param userRoleList 用户拥有的权限 * @return */ private boolean hasRole (String[] methodRole, List userRoleList) { if(userRoleList == null || methodRole == null) { return false; } for(String role : methodRole) { if(StringUtils.isBlank(role)) { continue; } for(Role roleObj : userRoleList) { if(roleObj == null) { continue; } if(role.equals(roleObj.getRoleCode())) { return true; } } } return false; } } 示例代码

package com.b2b.console.controller; import java.math.BigDecimal; import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; import javax.annotation.Resource; import javax.servlet.http.HttpServletRequest; import org.apache.commons.lang3.StringUtils; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.ResponseBody; import com.creditease.hardess.core.annotation.RequireRoles; import com.creditease.hardess.core.consts.RoleConsts; import com.creditease.hardess.core.consts.UserConsts; import com.creditease.hardess.core.criteria.order.OrderCriteria; import com.creditease.hardess.core.criteria.order.PayDetailCtriteria; import com.creditease.hardess.core.entity.ana.User; import com.creditease.hardess.core.entity.ana.UserLoginSession; import com.creditease.hardess.core.entity.order.Order; import com.creditease.hardess.core.entity.order.PayDetail; import com.creditease.hardess.core.service.enterprise.EnterpriseService; import com.creditease.hardess.core.service.order.MailDetailService; import com.creditease.hardess.core.service.order.MailService; import com.creditease.hardess.core.service.order.OrderService; import com.creditease.hardess.core.service.order.PayService; import com.creditease.hardess.core.service.order.PurchaseDetailService; import com.creditease.hardess.core.service.order.PurchaseService; import com.creditease.hardess.core.service.qfbproject.ProjectService; import com.creditease.hardess.core.vo.order.MailVO; import com.creditease.hardess.core.vo.order.OrderVO; /** * 采购订单控制器 * * @author Peter * */ @Controller @RequestMapping("/buyOrders") public class BuyOrderController extends AbstractController { @Resource private OrderService orderService; @Resource private PurchaseService purchaseService; @Resource private PurchaseDetailService purchaseDetailService; @Resource private EnterpriseService enterpriseService; @Resource private MailService mailService; @Resource private MailDetailService mailDetailService; @Resource private ProjectService projectService; @Resource private PayService payService; /** * 订单列表 * * @param req * @param criteria主要参数 * startTime、endTime、orderStatus、payStatus * @return */ @RequireRoles(roles= {RoleConsts.BUYER,RoleConsts.SINOAGRI}) @RequestMapping("/purchaseOrderList.ajax") @ResponseBody public Map purchaseOrderList(HttpServletRequest req, OrderCriteria criteria) { Map result = new HashMap (2); List list = new ArrayList (); try { UserLoginSession loginuser = super.getUserLoginSession(req); User user = loginuser.getUserInfo(); criteria.setSellOrBuy("sell"); criteria.setPurchaseEnterpriseId(user.getEnterpriseId()); int total = orderService.queryCount(criteria); if (total > 0) { list = orderService.pagePurchaseOrderList(criteria); } result.put("total", total); result.put("rows", list); } catch (Exception e) { e.printStackTrace(); result.put("total", 0); result.put("rows", list); } return result; } }

标签:SpringMVC实现自定义权限控制

相关推荐

101209如何通过LVGL库入门教程轻松掌握嵌入式GUI开发技能?101218SpringBoot动手实操,如何改写为长尾词?101221CAP:多重注意力机制,有趣的细粒度分类方案,在AAAI 2021中,有哪些长尾词策略被巧妙运用?101222如何将LabView中的MQTT协议应用改写为高效长尾词?101230如何通过SEO攻略一网打尽,实现网游优化效果最大化?101232如何通过阿里云RDS for SQL Server性能洞察有效优化数据库负载?101236Bluecmsv1.6代码审计中,有哪些细节点需要注意以防范潜在的安全风险?101242如何将Vue2自定义插件编写方法转化为长尾词?101243如何通过Hadoop MapReduce统计用户在基站的长尾停留时间分布?101247如何将字符串的常用方法改写成长尾词?101248POJ3669流星雨BFS预处理如何改写为长尾词?101251Python函数如何实现长尾词查询?101252MySql update操作会锁定哪些数据范围,导致数据更新时可能影响哪些记录?101262LVGL库入门教程中,如何处理颜色和图像?101273如何通过Spring Initializr动手实操创建一个SpringBoot项目?101276深圳SEO优化哪家强?专业首选是哪家?

本文共计1163个文字,预计阅读时间需要5分钟。

如何通过SpringMVC实现自定义权限控制的长尾?

自定义角色权限限制注解

如何通过SpringMVC实现自定义权限控制的长尾?

javapackage com.creditease.hardess.core.annotation;

import java.lang.annotation.ElementType;import java.lang.annotation.Retention;import java.lang.annotation.RetentionPolicy;import java.lang.annotation.Target;

/** * 用于定义角色权限限制的注解 */@Retention(RetentionPolicy.RUNTIME)@Target(ElementType.METHOD)public @interface RoleLimit { // 注解属性,可以根据需要添加}

自定义角色权限注解

package com.creditease.hardess.core.annotation; import java.lang.annotation.ElementType; import java.lang.annotation.Retention; import java.lang.annotation.RetentionPolicy; import java.lang.annotation.Target; /* Java中提供了四种元注解,专门负责注解其他的注解,分别如下 @Retention元注解,表示需要在什么级别保存该注释信息(生命周期)。可选的RetentionPoicy参数包括: RetentionPolicy.SOURCE: 停留在java源文件,编译器被丢掉 RetentionPolicy.CLASS:停留在class文件中,但会被VM丢弃(默认) RetentionPolicy.RUNTIME:内存中的字节码,VM将在运行时也保留注解,因此可以通过反射机制读取注解的信息 @Target元注解,默认值为任何元素,表示该注解用于什么地方。可用的ElementType参数包括 ElementType.CONSTRUCTOR: 构造器声明 ElementType.FIELD: 成员变量、对象、属性(包括enum实例) ElementType.LOCAL_VARIABLE: 局部变量声明 ElementType.METHOD: 方法声明 ElementType.PACKAGE: 包声明 ElementType.PARAMETER: 参数声明 ElementType.TYPE: 类、接口(包括注解类型)或enum声明 @Documented将注解包含在JavaDoc中 @Inheried允许子类继承父类中的注解 */ /** * 角色注解 * @author Peter * @time 2017-10-26 * @version 1.0 */ @Retention(RetentionPolicy.RUNTIME) @Target(ElementType.METHOD) public @interface RequireRoles { // 注解属性 String[] roles(); } 自定义权限码

package com.creditease.hardess.core.consts; /** * 角色 * @author Peter * */ public class RoleConsts { /** * 平台管理员 */ public static final String MANAGER="P-001"; /** * 控股企发部 */ public static final String SINOAGRI="P-002"; /** * 采购商 */ public static final String BUYER="B-001"; /** * 供应商 */ public static final String SELLER="B-002"; } 拦截器代码

package com.b2b.console.interceptor; import java.io.PrintWriter; import java.util.HashMap; import java.util.List; import java.util.Map; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang3.StringUtils; import org.apache.log4j.Logger; import org.springframework.web.method.HandlerMethod; import org.springframework.web.servlet.HandlerInterceptor; import org.springframework.web.servlet.ModelAndView; import com.alibaba.fastjson.JSON; import com.b2b.console.controller.AbstractController; import com.creditease.hardess.core.annotation.RequireRoles; import com.creditease.hardess.core.entity.ana.Role; import com.creditease.hardess.core.entity.ana.User; import com.creditease.hardess.core.entity.ana.UserLoginSession; /** * * @author Peter * */ public class SessionCheckInterceptor extends AbstractController implements HandlerInterceptor { private static Logger logger = Logger.getLogger(SessionCheckInterceptor.class); @Override public boolean preHandle(HttpServletRequest req, HttpServletResponse res, Object handler) throws Exception { UserLoginSession userLoginSession = getUserLoginSession(req); System.err.println("--------------------------"+req.getRequestURI()+"---------------------------"); if (userLoginSession==null || "".equals(userLoginSession.getUserInfo().getUserId()) || "".equals(userLoginSession.getUserInfo().getUserName())) { logger.info("Interceptor中返回false"); //res.sendRedirect(req.getContextPath()+LOGIN_URL); PrintWriter out = res.getWriter(); out.println(""); return false; }else{ //处理角色权限 HandlerMethod method = (HandlerMethod)handler; RequireRoles requireRole = method.getMethodAnnotation(RequireRoles.class); if(requireRole != null) { User user = userLoginSession.getUserInfo(); List roleList = user.getRoleList(); if(!this.hasRole(requireRole.roles(), roleList)) { Map result = new HashMap (); result.put("success",false); result.put("message", "部分信息您无权限,请联系管理员"); res.getWriter().write(JSON.toJSONString(result)); // 无权限 //res.sendRedirect(req.getContextPath()+"/portal/login.html"); return false; } } String USER_ID =String.valueOf(userLoginSession.getUserInfo().getUserId()); logger.info("Interceptor中获取USER_ID: " + USER_ID); } logger.info("Interceptor中返回true"); return true; } @Override public void postHandle(HttpServletRequest req, HttpServletResponse res, Object arg2, ModelAndView arg3) throws Exception { } @Override public void afterCompletion(HttpServletRequest req, HttpServletResponse res, Object arg2, Exception arg3) throws Exception { } /** * 判断是否有角色权限 * @param methodRole 方法上拥有的权限 * @param userRoleList 用户拥有的权限 * @return */ private boolean hasRole (String[] methodRole, List userRoleList) { if(userRoleList == null || methodRole == null) { return false; } for(String role : methodRole) { if(StringUtils.isBlank(role)) { continue; } for(Role roleObj : userRoleList) { if(roleObj == null) { continue; } if(role.equals(roleObj.getRoleCode())) { return true; } } } return false; } } 示例代码

package com.b2b.console.controller; import java.math.BigDecimal; import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; import javax.annotation.Resource; import javax.servlet.http.HttpServletRequest; import org.apache.commons.lang3.StringUtils; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.ResponseBody; import com.creditease.hardess.core.annotation.RequireRoles; import com.creditease.hardess.core.consts.RoleConsts; import com.creditease.hardess.core.consts.UserConsts; import com.creditease.hardess.core.criteria.order.OrderCriteria; import com.creditease.hardess.core.criteria.order.PayDetailCtriteria; import com.creditease.hardess.core.entity.ana.User; import com.creditease.hardess.core.entity.ana.UserLoginSession; import com.creditease.hardess.core.entity.order.Order; import com.creditease.hardess.core.entity.order.PayDetail; import com.creditease.hardess.core.service.enterprise.EnterpriseService; import com.creditease.hardess.core.service.order.MailDetailService; import com.creditease.hardess.core.service.order.MailService; import com.creditease.hardess.core.service.order.OrderService; import com.creditease.hardess.core.service.order.PayService; import com.creditease.hardess.core.service.order.PurchaseDetailService; import com.creditease.hardess.core.service.order.PurchaseService; import com.creditease.hardess.core.service.qfbproject.ProjectService; import com.creditease.hardess.core.vo.order.MailVO; import com.creditease.hardess.core.vo.order.OrderVO; /** * 采购订单控制器 * * @author Peter * */ @Controller @RequestMapping("/buyOrders") public class BuyOrderController extends AbstractController { @Resource private OrderService orderService; @Resource private PurchaseService purchaseService; @Resource private PurchaseDetailService purchaseDetailService; @Resource private EnterpriseService enterpriseService; @Resource private MailService mailService; @Resource private MailDetailService mailDetailService; @Resource private ProjectService projectService; @Resource private PayService payService; /** * 订单列表 * * @param req * @param criteria主要参数 * startTime、endTime、orderStatus、payStatus * @return */ @RequireRoles(roles= {RoleConsts.BUYER,RoleConsts.SINOAGRI}) @RequestMapping("/purchaseOrderList.ajax") @ResponseBody public Map purchaseOrderList(HttpServletRequest req, OrderCriteria criteria) { Map result = new HashMap (2); List list = new ArrayList (); try { UserLoginSession loginuser = super.getUserLoginSession(req); User user = loginuser.getUserInfo(); criteria.setSellOrBuy("sell"); criteria.setPurchaseEnterpriseId(user.getEnterpriseId()); int total = orderService.queryCount(criteria); if (total > 0) { list = orderService.pagePurchaseOrderList(criteria); } result.put("total", total); result.put("rows", list); } catch (Exception e) { e.printStackTrace(); result.put("total", 0); result.put("rows", list); } return result; } }