降魔篇之springmvc許可權控制

package com.oasystem.annotation;
import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;


import com.oasystem.filter.RoleType;
	 
	@Target(ElementType.METHOD)
	@Retention(RetentionPolicy.RUNTIME)
	@Documented
	public @interface FireAuthority {
	    RoleType[] value();
	}

package com.oasystem.interceptor;

import java.io.IOException;
import java.util.List;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.log4j.Logger;
import org.springframework.stereotype.Component;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

import com.oasystem.annotation.FireAuthority;
import com.oasystem.bo.UserBean;
import com.oasystem.constants.Constants;
import com.oasystem.filter.RoleType;
import com.oasystem.push.model.Message;
import com.oasystem.util.JsonUtil;

/**
 *  許可權攔截器
 */
@Component
public class RoleInterceptor extends HandlerInterceptorAdapter{
	
	private static Logger log = Logger.getLogger(RoleInterceptor.class);

/*	該方法會在Controller的方法執行前會被呼叫，可以使用這個方法來中斷或者繼續執行鏈的處理，
 * 當返回true時，處理執行鏈會繼續，當返回false時，則不會去執行Controller的方法。
 * （驗證使用者是否登陸就是使用preHandleAction方法的最好例子）*/
	
	@Override
	public boolean preHandle(HttpServletRequest request, HttpServletResponse response,
			Object handler) throws Exception {
		
		UserBean  user = (UserBean) request.getSession().getAttribute(Constants.ACCOUNT_USER);
		
		if(user == null) {
			return true;
		}
		//  許可權驗證
		HandlerMethod handlerMethod;
		if(handler instanceof HandlerMethod ){
			handlerMethod = (HandlerMethod) handler;
		} else {
			return true;
		}

		FireAuthority authority =	handlerMethod.getMethodAnnotation(FireAuthority.class);
		
		if(authority == null || authority.value()==null || authority.value().length <=0) {
			return true;
		}

		log.info("user.getRoleCodeList()  : " + JsonUtil.ObjectToString(user.getRoleCodeList()));
		 
		 List<String> roleLIst = user.getRoleCodeList();
		 if(roleLIst == null || roleLIst.size() <=0) {
			 return true;
		 }
		 
		 for(RoleType role: authority.value()){
		//	 log.info("role.getName() : " +  role.getName() );
			 if( roleLIst.contains(role.getName())){
				 log.info(" 通過 。。。  " );
				return true;
			}
		 }
		 return unauthorized(response);
	}	
	
	private boolean unauthorized(HttpServletResponse response) throws IOException {
		
		Message message = new Message();
		message.sysError( " 許可權不足，請聯絡管理員。。。。。 "  );
		message.setStatus(Constants.RESULT_ERROR);

		String str = JsonUtil.ObjectToJson(message);
		log.warn(str);
		response.setContentType("application/json;charset=UTF-8");
		response.getWriter().append(str);
		response.getWriter().flush();
		response.getWriter().close();
		return false;
	}

}

package com.oasystem.filter;
public enum RoleType{
	
	STUDENT("student",1),
	TEACHER("teacher",2),

	
	private String name;
	private int index;
	 
	private RoleType(String name, int index) {
	    this.name = name;
	    this.index = index;
	}
	public String getName() {
	    return name;
	}
	public void setName(String name) {
	    this.name = name;
	}
	public int getIndex() {
	    return index;
	}
	public void setIndex(int index) {
	    this.index = index;
	}
	}