sping aop实现权限控制(路径控制)

spring aop 的权限的管理是通过对路径的控制来实现的
现在共有两个角色,经理和员工
经理的权限检查的代码
MgrAuthorityInterceptor.java
public class MgrAuthorityInterceptor implements MethodInterceptor
{

public Object invoke(MethodInvocation invocation) throws Throwable
{
HttpServletRequest request = null;
ActionMapping mapping = null;
Object[] args = invocation.getArguments();
//解析目标方法的参数
for (int i = 0 ; i < args.length ; i++ )
{
if (args[i] instanceof HttpServletRequest) request = (HttpServletRequest)args[i];
if (args[i] instanceof ActionMapping) mapping = (ActionMapping)args[i];
}
//从session中得到用户的级别
String level = (String)request.getSession().getAttribute("level");
//如是经理级别则继续,否则,回到登陆页面
if ( level != null && level.equals("mgr") )
{
return invocation.proceed();
}
else
{
return mapping.findForward("login");
}
}
}

--------------------------

员工的权限的实现,

EmpAuthorityInterceptor.java

----------------------

public class EmpAuthorityInterceptor implements MethodInterceptor
{

public Object invoke(MethodInvocation invocation) throws Throwable
{
HttpServletRequest request = null;
ActionMapping mapping = null;
Object[] args = invocation.getArguments();
for (int i = 0 ; i < args.length ; i++ )
{
if (args[i] instanceof HttpServletRequest) request = (HttpServletRequest)args[i];
if (args[i] instanceof ActionMapping) mapping = (ActionMapping)args[i];
}
//从session中得到用户的级别
String level = (String)request.getSession().getAttribute("level");
//如是经理或员工级别则继续,否则,回到登陆页面
if ( level != null && (level.equals("emp") || level.equals("mgr")))
{
return invocation.proceed();
}
else
{
return mapping.findForward("login");
}
}
}

----------------------------

员工,经理权限的实现,在action-servlet.xml中

---------------------





action中的经理的操作




mgrAuthorityInterceptor






员工中的action操作




empAuthorityInterceptor





 

 

 

 

 

 

 

 

你可能感兴趣的:(SSH框架应用)