1、自定义权限注解:
import static java.lang.annotation.ElementType.METHOD;
import java.lang.annotation.Documented;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
@Documented
@Retention(RetentionPolicy.RUNTIME)
@Target(METHOD)
public @interface AuthAvalidate {
String value();
}2、在controller方法上使用注解
@AuthAvalidate("admin")
@RequestMapping("/del")
public String del() {
//your code
return "page";
}3、写拦截器校验权限
public class AuthInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
if(handler.getClass().isAssignableFrom(HandlerMethod.class)) {
AuthAvalidate authAvalidate = ((HandlerMethod)handler).getMethodAnnotation(AuthAvalidate.class);
//角色、权限等都可通过这种方式判断
if(authAvalidate == null || user.getRoles().contains(authAvalidate.value())) {
return true;
}else {
response.sendRedirect("/");
return false;
}
}
return false;
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
ModelAndView modelAndView) throws Exception {
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
throws Exception {
}
}4、配置拦截器
版权声明:本文为a1974117511原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。