public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { UserSession userSession = (UserSession) WebUtils.getSessionAttribute(request, "userSession"); if (userSession == null) { String url = request.getServletPath(); String query = request.getQueryString(); ModelAndView modelAndView = new ModelAndView("SignonForm"); if (query != null) { modelAndView.addObject("signonForwardAction", url+"?"+query); } else { modelAndView.addObject("signonForwardAction", url); } throw new ModelAndViewDefiningException(modelAndView); } else { return true; } }
protected Object formBackingObject(HttpServletRequest request) throws ModelAndViewDefiningException { UserSession userSession = (UserSession) request.getSession().getAttribute("userSession"); Cart cart = (Cart) request.getSession().getAttribute("sessionCart"); if (cart != null) { // Re-read account from DB at team's request. Account account = this.petStore.getAccount(userSession.getAccount().getUsername()); OrderForm orderForm = new OrderForm(); orderForm.getOrder().initOrder(account, cart); return orderForm; } else { ModelAndView modelAndView = new ModelAndView("Error"); modelAndView.addObject("message", "An order could not be created because a cart could not be found."); throw new ModelAndViewDefiningException(modelAndView); } }
/** * <p>Check the session for an authenticated admin user. If none, redirect to * the login page.</p> * * @param request The servlet request object. * @param response The servlet response object. * @param handler The request handler processing this request. */ @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { Integer id = (Integer) WebUtils.getSessionAttribute(request, USER_ID_ATTRIBUTE); if (id == null) { String uri = request.getServletPath(); String query = request.getQueryString(); ModelAndView mv = new ModelAndView(new RedirectView("../user/login.iwt")); throw new ModelAndViewDefiningException(mv); } else { User u = mUserManager.getUserById(id); return u.isAdmin(); } }
/** * Check the session for an authenticated user name. If none, redirect to * the login page. * <p> * @param request The servlet request object. * @param response The servlet response object. * @param handler The request handler processing this request. */ public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { Integer id = (Integer) WebUtils.getSessionAttribute(request, USER_ID_ATTRIBUTE); if (id == null) { String uri = request.getServletPath(); String query = request.getQueryString(); ModelAndView mv = new ModelAndView(new RedirectView("../user/login.iwt")); throw new ModelAndViewDefiningException(mv); } else { return true; } }
@ExceptionHandler(ModelAndViewDefiningException.class) public String handleInternalError(Exception ex) { return "redirect:/500"; }
/** * 验证用户是否存在指定的功能权限 * * @param request * @param response * @param handler * @return */ @SuppressWarnings("unchecked") @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { // 获取请求信息 String path = request.getServletPath(); // 取得路径后缀起始位置 int idx = path.lastIndexOf(Const.FILE_NAME_SUFFIX); // 判断该请求信息是否包含后缀,并将后缀统一设置为.html if (idx == -1) { path = path + Const.LOGIC_PATH_SUFFIX; } else { path = path.substring(0, path.lastIndexOf(Const.FILE_NAME_SUFFIX)) + Const.LOGIC_PATH_SUFFIX; } // 判定请求信息是否合法 if (path.matches(Const.NO_INTERCEPTOR_PATH)) { return true; } // 获取登录用户信息 HttpSession session = request.getSession(); User user = (User) session.getAttribute(Const.SESSION_USER); Integer fNo = null; // 获取所有菜单信息 List<Function> functionList = functionService.listAllFunction(); // 循环遍历一级菜单信息 loop: for (Function function : functionList) { String fUrl = function.getF_url(); // 验证一级菜单资源路径 if (isExist(path, fUrl)) { fNo = function.getF_no(); break; } List<Function> subFunctionList = function.getSubFunction(); // 循环遍历二级菜单信息 for (Function subFunction : subFunctionList) { String subFunctionUrl = subFunction.getF_url(); // 验证二级菜单资源路径 if (isExist(path, subFunctionUrl)) { fNo = subFunction.getF_no(); break loop; } List<Function> nextSubFunctionList = subFunction.getSubFunction(); // 循环遍历三级菜单信息 for (Function nextSubFunction : nextSubFunctionList) { String nextSubFunctionUrl = nextSubFunction.getF_url(); // 验证三级菜单资源路径 if (isExist(path, nextSubFunctionUrl)) { fNo = nextSubFunction.getF_no(); break loop; } } } } // System.out.println(path+"===="+fNo); // 判定用户是否拥有资源菜单访问权限 if (fNo != null) { List<String> userRights = (ArrayList<String>) session.getAttribute(Const.SESSION_USER_RIGHTS); // String roleRights = (String) // session.getAttribute(Const.SESSION_ROLE_RIGHTS); if (RightsHelper.testRightsList(userRights, fNo)) { return true; } else { System.out.println("用户:" + user.getU_account() + "试图访问" + path + "被阻止!"); ModelAndView mv = new ModelAndView(); mv.setViewName("common/no_rights"); throw new ModelAndViewDefiningException(mv); } } return super.preHandle(request, response, handler); }
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { UserSession userSession = (UserSession) WebUtils.getSessionAttribute(request, "userSession"); if (userSession == null) { // check if 'remember' cookie logger.info("No user session"); RememberMeCookies rememberMeCookies = new RememberMeCookies(); if (rememberMeCookies.read(request)) { MemberData member = memberService.findMemberById(rememberMeCookies.getMemberId()); if (member != null) { logger.info("Found login cookie for "+ member.getName()); if (member.getPassword().equals(rememberMeCookies.getPassword())) { logger.info("Cookie login successful for "+ member.getName()); // cookie found and matched password // TODO -- this fails because no DB session. I think solution may need // to be making a signon URL? userSession = new UserSession(member); request.getSession().setAttribute("userSession", userSession); request.getSession().setMaxInactiveInterval(3600 * 24 * 7); return true; } } logger.warn("Cookie login unsuccessful, removing cookies"); // cookie didnt authenticate. remove it. rememberMeCookies.clear(response); } String url = request.getServletPath(); String query = request.getQueryString(); ModelAndView modelAndView = new ModelAndView("redirect:/assets/index.html"); // TODO -- facebook // "fb_login_url", Facebook.getLoginRedirectURL()); if (query != null) { url += "?"+query; } // TODO -- remove if not used. //modelAndView.addObject("signonForwardAction", url); logger.debug("Set forward url="+url); request.getSession().setAttribute("forwardUrl", url); throw new ModelAndViewDefiningException(modelAndView); } else { return true; } }
private void throwAuthException(String message) throws ModelAndViewDefiningException { logger.warn(message); throw new ModelAndViewDefiningException(ControllerUtils.createJsonView(false, message)); }
protected Object formBackingObject(HttpServletRequest request) throws ModelAndViewDefiningException { String sid = request.getParameter("sid"); String rid = request.getParameter("rid"); Voter voter = new Voter(); IUser user = getUser(); // System.out.println("member="+member); if (user != null) { voter.setVoterCompany(""); voter.setVoterContact(user.getTitle()); voter.setVoterDepartment(""); voter.setVoterEmail(user.getEmail()); voter.setVoterFax(""); voter.setVoterMobile(""); voter.setVoterName(user.getName()); voter.setVoterTel(""); voter.setVoterUserId(new Long(user.getUserId().intValue())); } else { voter.setVoterName("匿名"); voter.setVoterUserId(new Long(0)); } voter.setVoterSex(""); voter.setVoterProp1(""); voter.setVoterProp2(""); voter.setVoterProp3(""); voter.setVoterProp4(""); voter.setVoterProp5(""); voter.setVoterProp6(""); voter.setVoterProp7(""); voter.setVoterProp8(""); voter.setVoterProp9(""); voter.setVoterProp10(""); // voter.setSurveyRecordId(new Long(rid)); voter.setVoterIpaddress(request.getRemoteAddr()); if (sid != null) { voter.setVoterSurveyId(new Long(sid)); } Long id = new Long(sid); Survey survey = getSurveyManager().getSurveyById(id); List pages = getQuestionManager().getPages(id); int size = pages.size(); String[] views = new String[size+1]; for (int i = 0; i < size; i++) { views[i] = pollViewName; } //若最后一页需要填写用户信息 if(endViewName!=null){ views[views.length-1]=endViewName; } //重新设置页面信息 this.setPages(views); return voter; }
/** * Returns the pathname of the script that should run for a particular * initial HTTP request. * * @param request * the HTTP request that initiates a flow * @return the path of the script. null can be returned to indicate that * this strategy is unable to select a script (i.e. because some * data is missing in the request). The controller will respond to * this by sending back a HTTP 400 "Bad Request" status. * Alternatively, the strategy can throw an instance of Spring's * {@link ModelAndViewDefiningException} to indicate failure. */ public String getScriptPath(HttpServletRequest request) throws ModelAndViewDefiningException;