spring MVC 权限控制拦截

SecurityInterceptor实现spring mvc 框架的结构在访问控制@Controller之前的权限拦截，具体实现方法，增加总权限控制器

public class SecurityInterceptor extends HandlerInterceptorAdapter{

    private static final Logger logger = Logger.getLogger(SecurityInterceptor.class);

    @Resource
    private SessionInfoService sessionInfoService;
    
    private List<String> excludeUrls;// 不需要拦截的资源

    public List<String> getExcludeUrls() {
        return excludeUrls;
    }

    public void setExcludeUrls(List<String> excludeUrls) {
        this.excludeUrls = excludeUrls;
    }

    /**
     * 完成页面的render后调用
     */
    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object object, Exception exception) throws Exception {

    }

    /**
     * 在调用controller具体方法后拦截
     */
    @Override
    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object object, ModelAndView modelAndView) throws Exception {

    }

    /**
     * 在调用controller具体方法前拦截
     */
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object object){
        String requestUri = request.getRequestURI();
        ResponseMap errMap = new ResponseMap();
        String contextPath = request.getContextPath();
        String url = requestUri.substring(contextPath.length());
        logger.debug("check url : " + url);
        String token = request.getParameter("token");
        logger.debug("check token : " + token);

        if (excludeUrls.contains(url)) {// 如果要访问的资源是不需要验证的
            return true;
        }
        try {
            if(token == null || token.trim().equals(""))
            {
                errMap.putError(MessageConstants.getMessage("user.notlogin"));
            }else{
                errMap = sessionInfoService.bePermission(token.trim(), url.trim());
            }
            if(!("0".equals(errMap.get("err"))))
            {
                response.setCharacterEncoding("utf-8");
                response.setContentType("application/json");
                response.getWriter().print(JSONObject.fromObject(errMap));  //返回错误提示信息
                response.getWriter().flush();
                return false;
            }
        } catch (IOException e) {
            logger.debug("preHandle error");
        }finally{
        }
        return true;
    }
}

springMVC 中 对拦截以及不需要拦截的资源的配置

<mvc:interceptors>
        <mvc:interceptor>
            <mvc:mapping path="/**" />
            <bean class="SecurityInterceptor">   //SecurityInterceptor的class路径
                <property name="excludeUrls">
                    <list>
                        <value>/test/test1</value>
                        <value>/test/test2</value>
                    </list>
                </property>
            </bean>
        </mvc:interceptor>
    </mvc:interceptors>