登錄和權限驗證判斷在后臺管理系統中是最常用的功能，這部分代碼是比較固定和獨立的，為了減少對業務代碼入侵性，一般我會考慮使用Filter來實現，下面我就來詳細說一下我的實現思路和代碼：

前臺頁面：

String path = request.getContextPath();

String basePath = request.getScheme() + "://" + request.getServerName() + ":" + request.getServerPort() + path + "/";

%>

會員登錄--藍狐通用后臺管理系統

#line-chart {

height: 300px;

width: 800px;

margin: 0px auto;

margin-top: 1em;

}

.brand {

font-family: georgia, serif;

}

.brand .first {

color: #ccc;

font-style: italic;

}

.brand .second {

color: #fff;

font-weight: bold;

}

藍狐通用后臺管理系統

會員登錄

• ${errorMessage}

用戶名

密碼

登錄頁面很簡單就是一個登錄表單。

后臺Controller：

package com.lanhusoft.controllers;

import com.lanhusoft.dao.mybatis.UserInfoImpl;

import com.lanhusoft.model.Sys_UserInfo;

import com.lanhusoft.model.VAuthenticatedUser;

import com.lanhusoft.model.VSysUserInfo;

import org.hibernate.Session;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.stereotype.Controller;

import org.springframework.web.bind.annotation.RequestMapping;

import org.springframework.web.bind.annotation.RequestMethod;

import org.springframework.web.bind.annotation.ResponseBody;

import org.springframework.web.servlet.ModelAndView;

import javax.servlet.http.HttpSession;

import java.util.List;

import java.util.Map;

import java.util.Objects;

/**

* Created by Administrator on 2016/8/15.

*/

@Controller

@RequestMapping("/account")

public class AccountController {

@Autowired

VAuthenticatedUser currentUser;

@RequestMapping(value="/logon",method = RequestMethod.GET)

public String Logon(){

return "Account/Logon";

}

@RequestMapping(value="/logon",method = RequestMethod.POST)

public ModelAndView LogonHandler(Sys_UserInfo user,HttpSession session){

UserInfoImpl dal=new UserInfoImpl();

ModelAndView mav=new ModelAndView("Account/Logon");

String errorMsg="";

if(user.getLoginName()==null||user.getLoginName()==""||user.getPwd()==null||user.getPwd()==""){

errorMsg = "用戶名或密碼不能為空";

mav.addObject("errorMessage",errorMsg);

return mav;

}

VAuthenticatedUser authUser=dal.getLegalUserByLoginName(user);

if(authUser==null||authUser.getUserInfo()==null) {

errorMsg = "用戶名不存在";

}

else if(authUser.getUserInfo().getEnabled()!=1){

errorMsg = "用戶未啟用";

}

else if(!Objects.equals(authUser.getUserInfo().getPwd(), user.getPwd())){

errorMsg = "密碼錯誤";

}

else {

session.setAttribute("currentUser",authUser);

//currentUser=authUser;

mav.setViewName("redirect:/SysUser/index");

return mav;

}

mav.addObject("errorMessage",errorMsg);

return mav;

}

@RequestMapping(value="/logout",method = RequestMethod.GET)

public String Logout(HttpSession session){

session.removeAttribute("currentUser");

return "Account/Logon";

}

}

登錄成功把把用戶信息和權限菜單存到sessoin中，key為currentUser。

Filter，登錄及權限驗證判斷真實的核心代碼：

package com.lanhusoft.filters;

import com.lanhusoft.model.Sys_Action;

import com.lanhusoft.model.VAuthenticatedUser;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.web.filter.OncePerRequestFilter;

import java.io.IOException;

import java.io.PrintWriter;

import javax.servlet.FilterChain;

import javax.servlet.ServletException;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

/**

* Created by Administrator on 2016/9/3.

*/

public class AuthFilter extends OncePerRequestFilter {

// @Autowired

// VAuthenticatedUser currentUser;

@Override

protected void doFilterInternal(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain filterChain) throws ServletException, IOException {

// 不過濾的uri

String[] notFilter = new String[]{"login.html", "index.html"};

// 請求的uri

String uri = request.getRequestURI();

boolean doFilter = true;

for (String s : notFilter) {

if (uri.indexOf(s) != -1) {

// 如果uri中包含不過濾的uri，則不進行過濾

doFilter = false;

break;

}

}

if (doFilter) {

// 執行過濾

// 從session中獲取登錄者實體

VAuthenticatedUser authUser = (VAuthenticatedUser) request.getSession().getAttribute("currentUser");

response.setContentType("text/html; charset=utf-8");

PrintWriter out = response.getWriter();

if (null == authUser) {

// 如果session中不存在登錄者實體，則彈出框提示重新登錄

// 設置request和response的字符集，防止亂碼

//request.setCharacterEncoding("UTF-8");

//response.setCharacterEncoding("UTF-8");

StringBuilder builder = new StringBuilder();

builder.append("

builder.append("alert('網頁過期，請重新登錄！');");

builder.append("window.top.location.href='"+request.getContextPath()+"/account/logon';");

builder.append("");

out.print(builder.toString());

//response.sendRedirect(request.getContextPath()+"/account/logon");

} else {

// 如果session中存在登錄者實體，則繼續

boolean havePrivi = false;

for (Sys_Action act : authUser.getAuthorizedActions()) {

if (uri.contains(act.getActionHref())) {

havePrivi = true;

break;

}

}

if (havePrivi) {

filterChain.doFilter(request, response);

} else {

out.print("你沒有該頁面的訪問權限");

}

}

} else {

// 如果不執行過濾，則繼續

filterChain.doFilter(request, response);

}

}

}

web.xml加入以下配置：

authFilter

com.lanhusoft.filters.AuthFilter

authFilter

/SysUser/*

authFilter

/SysRole/*

filter-mapping結點中的url-pattern定義了需要驗證的url。你可以根據自己需要添加多個。

總結

以上是生活随笔為你收集整理的java springmvc权限校验_详解Spring MVC使用Filter实现登录及权限验证判断的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。