1.拦截器中的代码
@Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { String sessionId = CookieUtil.readLoginToken(request); //获取当前的权限地址 /bg/dicUser/toDicUserList;jsessionid=1F3EA8235E7FD7322DBDD01795F0926C String requestURI = request.getRequestURI(); List<String> str = Splitter.on(";").splitToList(requestURI); String aclUrl = str.get(0); //从redis中获取该用户的权限列表 String allURIByRoleId = RedisPoolUtil.get(sessionId+Const.CURRENT_URIBYROLEID); List<String> list = JsonUtil.string2Obj(allURIByRoleId, new TypeReference<List<String>>() { }); if (list.contains(aclUrl)){ System.err.println("通过,拦截路径" + aclUrl); return true; }else{ System.err.println("没有权限"); //如果request.getHeader("X-Requested-With") 返回的是"XMLHttpRequest"说明就是ajax请求,需要特殊处理 否则直接重定向就可以了 if("XMLHttpRequest".equals(request.getHeader("X-Requested-With"))){ //告诉ajax我是重定向 response.setHeader("REDIRECT", "REDIRECT"); //告诉ajax我重定向的路径 response.setHeader("CONTENTPATH", "/jump/no_permission"); response.setStatus(HttpServletResponse.SC_FORBIDDEN); }else{ response.sendRedirect("/jump/no_permission"); } return false; } }
2.ajax请求 加入 complete 处理
layer.confirm('真的删除行么', function (index) {
$.ajax({
url: '/bg/dicRole/del',
type: 'post',
dataType: 'json',
data: {roleId: data.roleId},
success: function (data) {
if (data.code == "200") {
layer.msg(data.msg, {icon: 1, time: 500}, function () {
window.location.reload();
});
} else {
layer.msg(data.msg, {icon: 2, time: 1000});
}
},
complete : function(xhr, status) {
//拦截器拦截没有权限跳转
// 通过xhr取得响应头
var REDIRECT = xhr.getResponseHeader("REDIRECT");
//如果响应头中包含 REDIRECT 则说明是拦截器返回的
if (REDIRECT == "REDIRECT")
{
document.location.href = xhr.getResponseHeader("CONTEXTPATH");
}
}
})
});
