Spring框架下实现基于组的用户权限管理

public class User {
　private int id;
　private String name;
　private String password;
　private Set＜String＞ groups = new HashSet＜String＞();
}

＜hibernate-mapping auto-import="true" default-lazy="false"＞
　＜class name="net.ideawu.User" table="User"＞
　＜cache usage="read-write" /＞
　＜id name="id" column="id"＞
　　＜generator class="native"/＞
　＜/id＞
　＜property name="name" column="name"/＞
　＜property name="password" column="password"/＞
　＜set name="groups" table="UserGroup" cascade="save-update" lazy="false"＞
　　＜key column="user" /＞
　　＜element column="`group`" type="string" /＞
　＜/set＞
　＜/class＞
＜/hibernate-mapping＞

import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import org.springframework.web.util.UrlPathHelper;
import org.springframework.util.AntPathMatcher;
import org.springframework.util.PathMatcher;
...
public class AuthorizeInterceptor extends HandlerInterceptorAdapter {
　private UrlPathHelper urlPathHelper = new UrlPathHelper();
　private PathMatcher pathMatcher = new AntPathMatcher();
　private Properties groupMappings;
　/** * Attach URL paths to group. */
　public void setGroupMappings(Properties groupMappings) {
　　this.groupMappings = groupMappings;
　}
　public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
　　String url = urlPathHelper.getLookupPathForRequest(request);
　　String group = lookupGroup(url);
　　// 找出资源所需要的权限, 即组名
　　if(group == null){
　　　// 所请求的资源不需要保护.
　　　return true;
　　}
　　// 假如已经登录, 一个User实例被保存在session中.
　　User loginUser = (User)request.getSession().getAttribute("loginUser");
　　ModelAndView mav = new ModelAndView("system/authorizeError");
　　if(loginUser == null){
　　　mav.addObject("errorMsg", "你还没有登录!");
　　　throw new ModelAndViewDefiningException(mav);
　　}else{
　　　if(!loginUser.getGroups().contains(group)){
共2页: 上一页 1 [2] 下一页