利用spring mvc 拦截器 鉴权

1.需求场景

利用拦截器实现用户登录鉴权

2.项目环境

spring spring mvc mybatis  mysql

3.实现方法

package com.jlc.action;
 
import java.util.Enumeration;
import java.util.List;
 
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
 
import net.sf.json.JSONObject;
 
import org.apache.commons.lang3.StringUtils;
import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
/*****
 * 
* @ClassName: LoginInterceptorAction 
* @Description: TODO  拦截器
* @author demo
* 
*
 */
@Service
public class LoginInterceptorAction implements HandlerInterceptor {
	//记录日志对象
    Logger log = Logger.getLogger(LoginInterceptorAction.class.getName());
    @Autowired
    private UserRoleService userRoleService;
	@Override
	public void afterCompletion(HttpServletRequest request,
			HttpServletResponse respone, Object obj, Exception e)
			throws Exception {
	}
 
	@Override
	public void postHandle(HttpServletRequest request, HttpServletResponse respone,
			Object obj, ModelAndView view) throws Exception {
		// TODO Auto-generated method stub
	}
 
	@Override
	public boolean preHandle(HttpServletRequest request, HttpServletResponse response,
			 Object obj) throws Exception {
		     String username = (String) request.getSession().getAttribute("username");
			   //获取用户拥有的权限列表(getAllRight方法用户登陆后自行实现)
			   List<String> list = getAllRight(username);
		     String callback=request.getParameter("callbackparam");
		     String url = request.getRequestURI();
		     String ip=getIpAddr(request);
		     JSONObject jo = new JSONObject();
		     String param = getAllParameter(request);
		     boolean flag = false;
             //登录地址不必拦截
		    if(   url.indexOf("login/in")!=-1
		    	 flag = true;
		     }else{
		    	 if(null == username ||username.equals("")){
		    		 jo.put("code", "1002");//会话超时 退出系统
		    		 response.getWriter().write(callback+"("+jo.toString()+")");
		    		 flag = false;
			     }else if(hasRight(url,list)){
			    	 flag = true;
		         }else{
			    	 flag = false;
			    	 jo.put("code", "1003");//没有权限访问
		    		 response.getWriter().write(callback+"("+jo.toString()+")");
			     }
		     }
		     return flag;
	}
	
	
	 /***
	 *获取访问者IP
	 *
	 ***/
    public static String getIpAddr(HttpServletRequest request) {
        String ip = request.getHeader("X-Real-IP");
        if (!StringUtils.isBlank(ip) && !"unknown".equalsIgnoreCase(ip)) {
            return ip;
        }
        ip = request.getHeader("X-Forwarded-For");
        if (!StringUtils.isBlank(ip) && !"unknown".equalsIgnoreCase(ip)) {
        // 多次反向代理后会有多个IP值，第一个为真实IP。
        int index = ip.indexOf(',');
            if (index != -1) {
                return ip.substring(0, index);
            } else {
                return ip;
            }
        } else {
             return request.getRemoteAddr();
        }
    }
    
  
    
    /**
     * 
    * @Title: hasRight 
    * @Description: TODO 鉴权
    * @param authList
    * @param url
    * @return
     */
    public boolean hasRight(String url,List<String> list){
    	 
    	 boolean flag=false;
    	 if(list.size()>0){
         if(list.contains(url)){
        	 flag=true;
         }else{
        	 flag =false;
         }
         }else{
        	 flag = false;
         }
    	return flag;
    }
    
    /***
     * 
    * @Title: getAllParameter 
    * @Description: TODO 返回参数列表
    * @param request
    * @return
     */
    public String getAllParameter(HttpServletRequest request){
    	String str="";
    	Enumeration<String> keys = request.getParameterNames(); 
    	while(keys.hasMoreElements()) { 
    	    String k = keys.nextElement(); 
    	    String v = request.getParameter(k);
    	    //System.out.println(k + " = " + request.getParameter(k) ); 
    	    str+=k+"="+v+",";
    	} 
    	return str;
    }
}