收单系统
用户验证是用filter来判断session中是否有该用户信息
HttpSession session = request.getSession();
BaseUserInfo userInfo = (BaseUserInfo) session.getAttribute(Constants.BaseUserInfo);
if (userInfo == null) {
HttpServletResponse response = (HttpServletResponse)rep;
HttpServletRequest request2 = (HttpServletRequest)req;
response.sendRedirect(request2.getContextPath());
}else{
chain.doFilter(req, rep);
}
权限验证是用自定义标签来做的
public class CheckTag extends TagSupport {
private static final long serialVersionUID = 1L;
private String funCode;
public int doStartTag() throws JspException {
if (FunctionCheck.check(funCode, pageContext.getSession())) {
return EVAL_PAGE;
} else {
return (SKIP_BODY);
}
}
public String getFunCode() {
return funCode;
}
public void setFunCode(String funCode) {
this.funCode = funCode;
<%@ taglib uri="/WEB-INF/tld/checkTag.tld" prefix="c" %>
<c:check funCode="2000030402">
<DIV class="btn">
<DIV class="btn_left"></DIV>
<DIV class="btn_bar"><A href="BIM/2000030004!newPage.action">新增</A></DIV>
<DIV class="btn_right"></DIV>
</DIV>
</c:check>
Innovation项目中用spring security来处理
spring security 复杂度高,但是和spring MVC集成比较好,可以用aop代理机制, 采用annotation方式。
在Controller的方法加上 annotationi来控制
@PreAuthorize("hasAnyRole('MEMBER','ADMIN','SUPERVISOR')")