权限验证

收单系统
用户验证是用filter来判断session中是否有该用户信息
HttpSession session = request.getSession();
			BaseUserInfo userInfo = (BaseUserInfo) session.getAttribute(Constants.BaseUserInfo);
			if (userInfo == null) {
				HttpServletResponse response = (HttpServletResponse)rep;
				HttpServletRequest request2 = (HttpServletRequest)req;
				response.sendRedirect(request2.getContextPath());
			}else{
				chain.doFilter(req, rep);
			}


权限验证是用自定义标签来做的
public class CheckTag extends TagSupport {

	private static final long serialVersionUID = 1L;
	private String funCode;

	public int doStartTag() throws JspException {
		if (FunctionCheck.check(funCode, pageContext.getSession())) {
			return EVAL_PAGE;
		} else {
			return (SKIP_BODY);
		}

	}

	public String getFunCode() {
		return funCode;
	}
	public void setFunCode(String funCode) {
		this.funCode = funCode;
	

<%@ taglib uri="/WEB-INF/tld/checkTag.tld"  prefix="c" %>
<c:check funCode="2000030402">
<DIV class="btn">
<DIV class="btn_left"></DIV>
<DIV class="btn_bar"><A  href="BIM/2000030004!newPage.action">新增</A></DIV>
<DIV class="btn_right"></DIV>
</DIV>
</c:check>



Innovation项目中用spring security来处理
spring security 复杂度高,但是和spring MVC集成比较好,可以用aop代理机制, 采用annotation方式。
在Controller的方法加上 annotationi来控制
@PreAuthorize("hasAnyRole('MEMBER','ADMIN','SUPERVISOR')")


你可能感兴趣的:(权限)