スプリングブロックのurlテンプレート
8666 ワード
Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
if (handler instanceof DefaultServletHttpRequestHandler) {
return true;
}
if (logger.isInfoEnabled()) {
System.out.println(handler.getClass().getName() + "==>" + request.getRequestURL());
}
/*String requestType = request.getHeader("X-Requested-With");
String path = request.getContextPath();*/
HttpSession session = request.getSession();
if (!isVisitFrequency(session, response)) {
return false;
}
// session
if (null == SessionUtil.getUser()) {
if (isIgnoreAuthority(request, response)) {
return true;
}
ここの役割は、ajaxによる要求時に、sessionが期限切れ後の応答です. response.setHeader("sessionstatus", "timeout");
response.setStatus(518);
// response.sendError(518, "session timeout.");
response.setCharacterEncoding("utf-8");
response.getWriter().write(" , , !");
response.getWriter().close();
return false;
}
//
if (handler instanceof ResourceHttpRequestHandler) {
if (logger.isInfoEnabled()) {
logger.info("ResourceHttpRequestHandler");
}
return true;
}
//
if (handler instanceof HandlerMethod) {
HandlerMethod handlerMethod = (HandlerMethod) handler;
if (handlerMethod.getBean() instanceof BasicErrorController) {
if (logger.isInfoEnabled()) {
logger.info("**************BasicErrorController **********");
}
return true;
}
// Control
BaseController bc = (BaseController) handlerMethod.getBean();
bc.clearParamMap();
String className = handlerMethod.getBean().getClass().getSimpleName();
String method = handlerMethod.getMethod().getName();
String auth = className + "." + method;
if (logger.isInfoEnabled()) {
if (logger.isInfoEnabled()) {
logger.info(" :" + auth);
}
}
// Controller
if ("XXXXXControl".equalsIgnoreCase(className)) {
return true;
}
if (!SessionUtil.getUser().hasAuth(auth)) { //
response.setHeader("statusText", "Unauthorized");
response.setStatus(401);
//response.sendError(401 , "no auth.");
response.setCharacterEncoding("utf-8");
response.getWriter().write(" , !");
// response.getWriter().write(" !");
response.getWriter().close();
return false;
}
}
return true;
}
//
private boolean isVisitFrequency(HttpSession session, HttpServletResponse response) throws Exception {
Long period_time = 5 * 1000L;
int period_count = 10;
if (session.getAttribute("lastVisitTime") == null) {
session.setAttribute("lastVisitTime", new Long[]{System.currentTimeMillis(), 0L});
return true;
} else {
Long[] data = (Long[]) session.getAttribute("lastVisitTime");
long now = System.currentTimeMillis();
if (data[1] == -1) {
if (now - data[0] > period_time) {
data[0] = now;
data[1] = 0L;
} else {
response.setHeader("statusText", "Unauthorized");
response.setStatus(401);
//response.sendError(401 , "no auth.");
response.setCharacterEncoding("utf-8");
response.getWriter().write(" , " + Math.round(5 - (now - data[0]) / 1000) + " !");
// response.getWriter().write(" !");
response.getWriter().close();
return false;
}
} else {
if (now - data[0] < period_time) {
data[1]++;
} else {
data[0] = now;
data[1] = 0L;
}
if (data[1] > period_count) { // 5
data[1] = -1L;
}
}
}
return true;
}
//
/**
* @param request
* @return
* @throws Exception
*/
private boolean isIgnoreAuthority(HttpServletRequest request, HttpServletResponse response) throws Exception {
String _ignore_authority_key = request.getParameter(SessionUtil.IGNORE_AUTHORITY);
if (StringUtils.isNotBlank(_ignore_authority_key)
/* && _ignore_authority_key.equalsIgnoreCase(SessionUtil.IGNORE_AUTHORITY_KEY)*/) {
String userName = null;
try {
userName = AESUtil.aesDecrypt(_ignore_authority_key, SessionUtil.AES_SECRET_KEY);
} catch (Exception ex) {
//ex.printStackTrace();
System.out.println(" :" + ex.getMessage());
userName = "admin";
}
System.out.println("*********isIgnoreAuthority*********** user = " + userName);
HashMap paramMap = new HashMap();
SysUser loginUser = null;
HttpSession session = request.getSession();
List