自定义角色权限注解 package com.creditease.hardess.core.annotation;import java.lang.annotation.ElementType;import java.lang.annotation.Retention;import java.lang.annotation.RetentionPolicy;import java.lang.annotation.Target;/* Java中
package com.creditease.hardess.core.annotation;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
/*
Java中提供了四种元注解,专门负责注解其他的注解,分别如下
@Retention元注解,表示需要在什么级别保存该注释信息(生命周期)。可选的RetentionPoicy参数包括:
RetentionPolicy.SOURCE: 停留在java源文件,编译器被丢掉
RetentionPolicy.CLASS:停留在class文件中,但会被VM丢弃(默认)
RetentionPolicy.RUNTIME:内存中的字节码,VM将在运行时也保留注解,因此可以通过反射机制读取注解的信息
@Target元注解,默认值为任何元素,表示该注解用于什么地方。可用的ElementType参数包括
ElementType.CONSTRUCTOR: 构造器声明
ElementType.FIELD: 成员变量、对象、属性(包括enum实例)
ElementType.LOCAL_VARIABLE: 局部变量声明
ElementType.METHOD: 方法声明
ElementType.PACKAGE: 包声明
ElementType.PARAMETER: 参数声明
ElementType.TYPE: 类、接口(包括注解类型)或enum声明
@Documented将注解包含在JavaDoc中
@Inheried允许子类继承父类中的注解
*/
/**
* 角色注解
* @author Peter
* @time 2017-10-26
* @version 1.0
*/
@Retention(RetentionPolicy.RUNTIME)
@Target(ElementType.METHOD)
public @interface RequireRoles {
// 注解属性
String[] roles();
}
自定义权限码
package com.creditease.hardess.core.consts;
/**
* 角色
* @author Peter
*
*/
public class RoleConsts {
/**
* 平台管理员
*/
public static final String MANAGER="P-001";
/**
* 控股企发部
*/
public static final String SINOAGRI="P-002";
/**
* 采购商
*/
public static final String BUYER="B-001";
/**
* 供应商
*/
public static final String SELLER="B-002";
}
拦截器代码
package com.b2b.console.interceptor;
import java.io.PrintWriter;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.apache.log4j.Logger;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import com.alibaba.fastjson.JSON;
import com.b2b.console.controller.AbstractController;
import com.creditease.hardess.core.annotation.RequireRoles;
import com.creditease.hardess.core.entity.ana.Role;
import com.creditease.hardess.core.entity.ana.User;
import com.creditease.hardess.core.entity.ana.UserLoginSession;
/**
*
* @author Peter
*
*/
public class SessionCheckInterceptor extends AbstractController implements HandlerInterceptor {
private static Logger logger = Logger.getLogger(SessionCheckInterceptor.class);
@Override
public boolean preHandle(HttpServletRequest req, HttpServletResponse res, Object handler) throws Exception {
UserLoginSession userLoginSession = getUserLoginSession(req);
System.err.println("--------------------------"+req.getRequestURI()+"---------------------------");
if (userLoginSession==null || "".equals(userLoginSession.getUserInfo().getUserId()) || "".equals(userLoginSession.getUserInfo().getUserName())) {
logger.info("Interceptor中返回false");
//res.sendRedirect(req.getContextPath()+LOGIN_URL);
PrintWriter out = res.getWriter();
out.println("");
return false;
}else{
//处理角色权限
HandlerMethod method = (HandlerMethod)handler;
RequireRoles requireRole = method.getMethodAnnotation(RequireRoles.class);
if(requireRole != null) {
User user = userLoginSession.getUserInfo();
List
roleList = user.getRoleList();
if(!this.hasRole(requireRole.roles(), roleList)) {
Map
result = new HashMap
(); result.put("success",false); result.put("message", "部分信息您无权限,请联系管理员"); res.getWriter().write(JSON.toJSONString(result)); // 无权限 //res.sendRedirect(req.getContextPath()+"/portal/login.html"); return false; } } String USER_ID =String.valueOf(userLoginSession.getUserInfo().getUserId()); logger.info("Interceptor中获取USER_ID: " + USER_ID); } logger.info("Interceptor中返回true"); return true; } @Override public void postHandle(HttpServletRequest req, HttpServletResponse res, Object arg2, ModelAndView arg3) throws Exception { } @Override public void afterCompletion(HttpServletRequest req, HttpServletResponse res, Object arg2, Exception arg3) throws Exception { } /** * 判断是否有角色权限 * @param methodRole 方法上拥有的权限 * @param userRoleList 用户拥有的权限 * @return */ private boolean hasRole (String[] methodRole, List
userRoleList) { if(userRoleList == null || methodRole == null) { return false; } for(String role : methodRole) { if(StringUtils.isBlank(role)) { continue; } for(Role roleObj : userRoleList) { if(roleObj == null) { continue; } if(role.equals(roleObj.getRoleCode())) { return true; } } } return false; } }
示例代码
package com.b2b.console.controller;
import java.math.BigDecimal;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import com.creditease.hardess.core.annotation.RequireRoles;
import com.creditease.hardess.core.consts.RoleConsts;
import com.creditease.hardess.core.consts.UserConsts;
import com.creditease.hardess.core.criteria.order.OrderCriteria;
import com.creditease.hardess.core.criteria.order.PayDetailCtriteria;
import com.creditease.hardess.core.entity.ana.User;
import com.creditease.hardess.core.entity.ana.UserLoginSession;
import com.creditease.hardess.core.entity.order.Order;
import com.creditease.hardess.core.entity.order.PayDetail;
import com.creditease.hardess.core.service.enterprise.EnterpriseService;
import com.creditease.hardess.core.service.order.MailDetailService;
import com.creditease.hardess.core.service.order.MailService;
import com.creditease.hardess.core.service.order.OrderService;
import com.creditease.hardess.core.service.order.PayService;
import com.creditease.hardess.core.service.order.PurchaseDetailService;
import com.creditease.hardess.core.service.order.PurchaseService;
import com.creditease.hardess.core.service.qfbproject.ProjectService;
import com.creditease.hardess.core.vo.order.MailVO;
import com.creditease.hardess.core.vo.order.OrderVO;
/**
* 采购订单控制器
*
* @author Peter
*
*/
@Controller
@RequestMapping("/buyOrders")
public class BuyOrderController extends AbstractController {
@Resource
private OrderService orderService;
@Resource
private PurchaseService purchaseService;
@Resource
private PurchaseDetailService purchaseDetailService;
@Resource
private EnterpriseService enterpriseService;
@Resource
private MailService mailService;
@Resource
private MailDetailService mailDetailService;
@Resource
private ProjectService projectService;
@Resource
private PayService payService;
/**
* 订单列表
*
* @param req
* @param criteria主要参数
* startTime、endTime、orderStatus、payStatus
* @return
*/
@RequireRoles(roles= {RoleConsts.BUYER,RoleConsts.SINOAGRI})
@RequestMapping("/purchaseOrderList.ajax")
@ResponseBody
public Map
purchaseOrderList(HttpServletRequest req, OrderCriteria criteria) {
Map
result = new HashMap
(2); List
list = new ArrayList
(); try { UserLoginSession loginuser = super.getUserLoginSession(req); User user = loginuser.getUserInfo(); criteria.setSellOrBuy("sell"); criteria.setPurchaseEnterpriseId(user.getEnterpriseId()); int total = orderService.queryCount(criteria); if (total > 0) { list = orderService.pagePurchaseOrderList(criteria); } result.put("total", total); result.put("rows", list); } catch (Exception e) { e.printStackTrace(); result.put("total", 0); result.put("rows", list); } return result; } }