Need to develop a button permission control, thinking: Intercept All button paths, and user-owned 3-level button permissions comparison,
All validation is a method to solve, only need to modify the JS parameters, parameter is the button corresponding to the permission code
If there is any problem please remind, thank you!
Xml:
<mvc:interceptors> <Mvc:interceptor> <mvc:mappingPath="/**"/> <BeanID= "Buttoninterceptor"class= "Sls.interceptor.buttonInterceptor"/> </Mvc:interceptor> </mvc:interceptors>
Buttoninterceptor:
Importjava.util.List;ImportJava.util.logging.Logger;Importjavax.servlet.http.HttpServletRequest;ImportJavax.servlet.http.HttpServletResponse;ImportOrg.springframework.web.servlet.ModelAndView;ImportOrg.springframework.web.servlet.handler.HandlerInterceptorAdapter;ImportSls.system.vo.UserInfoVo;/*** Button Permission control intercept *@authorAdministrator **/ Public classButtoninterceptorextendsHandlerinterceptoradapter {Private Static FinalString[] Ignore_uri = {"/download"}; PrivateLogger log = Logger.getlogger ( This. GetClass (). GetName ()); Public BooleanPrehandle (HttpServletRequest request, httpservletresponse response, Object handler)throwsException {BooleanFlag =false; Response.reset (); String URL=Request.getrequesturl (). toString (); String parameter= Request.getparameter ("parameter"); Log.info (">>>:" +URL); Booleanret=false; if(Url.contains ("button") && parameter!=NULL) {Log.info ("Access path contained in button collection is blocked"); Userinfovo Userinfovo= (Userinfovo) request.getsession (). getattribute ("Userinfovo"); String authoritybuttons=Userinfovo.getauthoritybutton (); if(authoritybuttons!=NULL) {string[] Authoritybutton=authoritybuttons.split (","); for(String String:authoritybutton) {//Log.info (string); if(string.equals (parameter)) {Log.info ("Have permission" +parameter); RET=true; } } } if(!ret) {Java.io.PrintWriter out=Response.getwriter (); Out.println (false); Out.flush (); Out.close (); } }Else{ret=true; } returnret; } @Override Public voidPosthandle (HttpServletRequest request, httpservletresponse response, Object handler, Modelandview Modelandview)throwsException {Super. Posthandle (Request, response, Handler, Modelandview); } }
Js:
function Downloadproductinfo () {$.post ("Jurisdiction/button.action?parameter=downloadproductinfo", function (e) {if (E.indexof ("false")!=-1) {Alert ("You do not have permission to manipulate this button")}else{$ ("#searchForm"). attr ("Action", "Basicdata/downloadproductinfo.action"); $ ("# Searchform "). Submit ();}})}
Controller
/** * Button Permissions control public method * @return */@RequestMapping ("button") @ResponseBody the publicly String button () {System.out.println (" Button permissions control public method access successful "); return" ";}
MVC button Permission Control