[Spring MVC]教程――使用拦截器实现权限控制(一)

之前一直都在用mvc的拦截器权限控制，后来上网也研究了一些这方面的知识，下面就直接分享下我对mvc的拦截器的理解，通过项目来分析吧。。。

1、首先准备对应的架包

2、看看项目的架构

3、基本的web.xml文件

  

  
	
   
    shiro
   

	
   
	
    
    
     SpringMVC
     
    
     org.springframework.web.servlet.DispatcherServlet
     
     
     
      contextConfigLocation
      
     
      classpath:mvc.xml
      
     
    
     1
     
   

	
   
	
    
    
     SpringMVC
     
    
     *.htm
     
   
	
	
   

  

3、配置classpath下的mvc.xml文件

  

  
	
    
     
     
      
      
       
        
        
         
         
        
       
       
      
      
      
       
       
       
        /WEB-INF/pages/
        
       
       
       
       
        .jsp
        
       
      
    
   
  

4、接着就要配置拦截器了MemberInterceptor.java

/**
 * 
 */
package com.cat.interceptor;

import java.net.URLEncoder;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.apache.commons.lang.StringUtils;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;

/**
 * @author chenlf
 * 
 *         2014-3-25
 */
public class MemberInterceptor implements HandlerInterceptor {

	public final static String SEESION_MEMBER = "seesion_member";

	/*
	 * (non-Javadoc)
	 * 
	 * @see org.springframework.web.servlet.HandlerInterceptor#afterCompletion(javax.servlet.http.HttpServletRequest,
	 * javax.servlet.http.HttpServletResponse, java.lang.Object, java.lang.Exception)
	 */
	public void afterCompletion(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2,
			Exception arg3) throws Exception {
		// TODO Auto-generated method stub

	}

	/*
	 * (non-Javadoc)
	 * 
	 * @see org.springframework.web.servlet.HandlerInterceptor#postHandle(javax.servlet.http.HttpServletRequest,
	 * javax.servlet.http.HttpServletResponse, java.lang.Object, org.springframework.web.servlet.ModelAndView)
	 */
	public void postHandle(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2,
			ModelAndView arg3) throws Exception {
		// TODO Auto-generated method stub

	}

	/*
	 * (non-Javadoc)
	 * 拦截mvc.xml配置的/member/**路径的请求
	 * @see org.springframework.web.servlet.HandlerInterceptor#preHandle(javax.servlet.http.HttpServletRequest,
	 * javax.servlet.http.HttpServletResponse, java.lang.Object)
	 */
	public boolean preHandle(HttpServletRequest request, HttpServletResponse response,
			Object handler) throws Exception {
		//请求的路径
		String contextPath=request.getContextPath();
		String	url=request.getServletPath().toString();
		HttpSession session = request.getSession();
		String user = (String) session.getAttribute(SEESION_MEMBER);
		//这里可以根据session的用户来判断角色的权限，根据权限来重定向不同的页面，简单起见，这里只是做了一个重定向
		if (StringUtils.isEmpty(user)) {
			//被拦截，重定向到login界面
			response.sendRedirect(contextPath+"/login.htm redirectURL="
					+ URLEncoder.encode(url));
			return false;
		}
		return true;
	}

}

5、LoginController.java文件

/**
 * 
 */
package com.cat.spring.controller;

import java.net.URLDecoder;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

import org.apache.commons.lang.StringUtils;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;