|
mav.addObject("errorMsg", "授权失败! 你不在 <b>" group "</b> 组!");
throw new ModelAndViewDefiningException(mav);
} return true;
}
}
/* * 查看
org.springframework.web.servlet.handler.AbstractUrlHandlerMapping.lookupHandler()
* Ant模式的最长子串匹配法.
*/
private String lookupGroup(String url){
String group = groupMappings.getProperty(url);
if (group == null) {
String bestPathMatch = null;
for (Iterator it = this.groupMappings.keySet().iterator();it.hasNext();) {
String registeredPath = (String) it.next();
if (this.pathMatcher.match(registeredPath, url) && (bestPathMatch == null || bestPathMatch.length() <= registeredPath.length())) {
group = this.groupMappings.getProperty(registeredPath);
bestPathMatch = registeredPath;
}
}
}
return group;
}
}
下面我们需要在Spring的应用上下文配置文件中设置:
<bean id="authorizeInterceptor" class="net.ideawu.AuthorizeInterceptor">
<property name="groupMappings">
<value>
<!-- Attach URL paths to group -->
/admin/*=admin
</value>
</property>
</bean>
<bean id="simpleUrlHandlerMapping" class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
<property name="interceptors">
<list>
<ref bean="authorizeInterceptor" /> </list>
</property>
<property name="mappings">
<value>
/index.do=indexController /browse.do=browseController /admin/removeArticle.do=removeArticleController
</value>
</property>
</bean>
注重到"/admin/*=admin", 所以/admin目录下的所有资源只有在admin组的用户才能访问, 这样就不用担心普通访客删除文章了。使用这种方法, 你不需要在removeArticleController中作身份验证和权限治理, 一切都交给AuthorizeInterceptor。
|
| 共2页: 上一页 [1] 2 下一页 |
评论加载中…
