git-svn-id: https://192.168.57.71/svn/jsgkj@580 931142cf-59ea-a443-aa0e-51397b428577

gkaqv2/trunk/modules/web/src/main/java/com/xt/js/gkaq/web/ctl/LoginCtl.java

@@ -1,6 +1,7 @@
 package com.xt.js.gkaq.web.ctl;
 
 import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.authz.annotation.RequiresRoles;
 import org.apache.shiro.subject.Subject;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -20,4 +21,15 @@ public class LoginCtl extends BaseCtl {
 	public String index() {
 		return "sys/index";
 	}
+
+	/**
+	 * ²âÊÔȨÏÞ-ûÓнÇɫʱ
+	 * 
+	 * @return
+	 */
+	@RequiresRoles("noRole")
+	@RequestMapping(value = "/perm")
+	public String noperm() {
+		return "sys/index";
+	}
 }

gkaqv2/trunk/modules/web/src/main/java/com/xt/js/gkaq/web/shiro/GkaqAuthorizingRealm.java

@@ -1,5 +1,7 @@
 package com.xt.js.gkaq.web.shiro;
 
+import java.util.List;
+
 import org.apache.shiro.SecurityUtils;
 import org.apache.shiro.authc.AuthenticationException;
 import org.apache.shiro.authc.AuthenticationInfo;
@@ -15,8 +17,11 @@ import org.apache.shiro.subject.PrincipalCollection;
 import org.apache.shiro.subject.SimplePrincipalCollection;
 import org.springframework.beans.factory.annotation.Autowired;
 
+import com.xt.js.gkaq.frame.model.RoleModel;
 import com.xt.js.gkaq.frame.model.UserModel;
+import com.xt.js.gkaq.frame.service.RoleService;
 import com.xt.js.gkaq.frame.service.UserService;
+import com.xt.js.gkaq.frame.system.FrameConsts;
 
 /**
  * 安全Realm
@@ -27,6 +32,8 @@ import com.xt.js.gkaq.frame.service.UserService;
 public class GkaqAuthorizingRealm extends AuthorizingRealm {
 	@Autowired
 	private UserService userService;
+	@Autowired
+	private RoleService roleService;
 
 	/**
 	 * 清除所有用户授权信息缓存.
@@ -74,16 +81,16 @@ public class GkaqAuthorizingRealm extends AuthorizingRealm {
 		UserModel user = userService.findById(loginUser.getId());
 		if (user != null) {
 			SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
-			// List<Role> roles = user.getRoles();
-			// for (Role role : roles) {
-			// info.addRole(role.getCode());
-			// }
+			List<RoleModel> roles = roleService.findByUserId(user.getId());
+			for (RoleModel role : roles) {
+				info.addRole(role.getCode());
+			}
 			// List<String> perms =
 			// securityMgr.getUserService().findUserPermission(user.getId());
 			// for (String p : perms) {
 			// info.addStringPermission(SystemParam.getAppName() + ":" + p);
 			// }
-			// s.setAttribute(CoreConstants.SESSION_KEY_AUTH, info);
+			s.setAttribute(FrameConsts.SESSION_KEY_AUTH, info);
 			return info;
 		}
 		return null;

gkaqv2/trunk/modules/web/src/main/java/com/xt/js/gkaq/web/system/ExceptionResolver.java

@@ -0,0 +1,104 @@
+package com.xt.js.gkaq.web.system;
+
+import java.io.IOException;
+import java.text.SimpleDateFormat;
+import java.util.Properties;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.web.multipart.MaxUploadSizeExceededException;
+import org.springframework.web.servlet.ModelAndView;
+import org.springframework.web.servlet.handler.SimpleMappingExceptionResolver;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.yuanxd.tools.utils.DateTime;
+import com.yuanxd.tools.utils.WebJsonResult;
+
+/**
+ * 
+ * <p>
+ * {@link org.springframework.web.servlet.handler.SimpleMappingExceptionResolver} implementation that allows for mapping
+ * exception class names to view names, either for a set of given handlers or for all handlers in the DispatcherServlet.
+ * </p>
+ * 
+ */
+public class ExceptionResolver extends SimpleMappingExceptionResolver {
+
+    @Override
+    public ModelAndView resolveException(HttpServletRequest request, HttpServletResponse response, Object handler,
+            Exception ex) {
+        // TODO Auto-generated method stub
+        return super.resolveException(request, response, handler, ex);
+    }
+
+    @Override
+    protected ModelAndView doResolveException(HttpServletRequest request, HttpServletResponse response, Object handler,
+            Exception ex) {
+        if (null != ex) {
+            ex.printStackTrace();
+        }
+        if(ex instanceof MaxUploadSizeExceededException ){
+            WebJsonResult res = new WebJsonResult();
+            res.setSuccess(false);
+            res.setMessage("附件太大!");
+            ObjectMapper mapper = new ObjectMapper();
+            mapper.setDateFormat(new SimpleDateFormat(DateTime.DATE_FORMAT_DATETIME));
+            try {
+                response.setCharacterEncoding("utf-8");
+                response.setContentType("text/html;charset=utf-8");
+                response.getWriter().write(mapper.writeValueAsString(res));
+            }
+            catch (IOException e) {
+                e.printStackTrace();
+            }
+            return new ModelAndView();
+        }
+        // Expose ModelAndView for chosen error view.  
+        String viewName = determineViewName(ex, request);
+        if (viewName != null) {//JSP格式返回  
+            if (!(isAjaxRequest(request))) {//如果不是异步请求  
+                // Apply HTTP status code for error views, if specified.  
+                // Only apply it if we're processing a top-level request.  
+//                Integer statusCode = determineStatusCode(request, viewName);
+//                if (statusCode != null) {
+//                    applyStatusCodeIfPossible(request, response, statusCode);
+//                    return getModelAndView(viewName, ex, request);
+//                }
+                return getModelAndView(viewName, ex, request);
+            }
+            else {//JSON格式返回  
+                WebJsonResult res = new WebJsonResult();
+                res.setSuccess(false);
+                res.setMessage(ex.getMessage());
+                ObjectMapper mapper = new ObjectMapper();
+                mapper.setDateFormat(new SimpleDateFormat(DateTime.DATE_FORMAT_DATETIME));
+                try {
+                    response.getWriter().write(mapper.writeValueAsString(res));
+                }
+                catch (IOException e) {
+                    e.printStackTrace();
+                }
+                return new ModelAndView();
+            }
+        }
+        else {
+            return null;
+        }
+    }
+
+    public void setExceptionMappings(Properties mappings) {
+        super.setExceptionMappings(mappings);
+    }
+    /**
+     * 判断是否为ajax请求
+     * 
+     * @param request
+     * @return
+     */
+    public static boolean isAjaxRequest(HttpServletRequest request) {
+        return request.getHeader("accept").indexOf("application/json") > -1
+                || (request.getHeader("X-Requested-With") != null && request.getHeader("X-Requested-With").indexOf(
+                        "XMLHttpRequest") > -1);
+    }
+}

gkaqv2/trunk/modules/web/src/main/resources/spring/mvc.xml

@@ -1,18 +1,26 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xmlns:context="http://www.springframework.org/schema/context" xmlns:mvc="http://www.springframework.org/schema/mvc"
-    xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
+	xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:aop="http://www.springframework.org/schema/aop"
+	xmlns:tx="http://www.springframework.org/schema/tx"
+	xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd
         http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
-        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd">
+        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+        http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd 
+		http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.1.xsd">
 
-    <!-- 自动扫描且只扫描@Controller -->
-    <context:component-scan base-package="com.xt.js.gkaq.web.ctl" use-default-filters="false">
-        <context:include-filter type="annotation" expression="org.springframework.stereotype.Controller" />
-    </context:component-scan>
+	<!-- Enable annotation configuration -->
+	<context:annotation-config />
+	<!-- 自动扫描且只扫描@Controller -->
+	<context:component-scan base-package="com.xt.js.gkaq.web.ctl"
+		use-default-filters="false">
+		<context:include-filter type="annotation"
+			expression="org.springframework.stereotype.Controller" />
+	</context:component-scan>
 
-    <mvc:annotation-driven >
-    	<mvc:message-converters>
-    		<!-- 避免IE执行AJAX时,返回JSON出现下载文件 -->
+	<mvc:annotation-driven>
+		<mvc:message-converters>
+			<!-- 避免IE执行AJAX时,返回JSON出现下载文件 -->
 			<bean id="mappingJacksonHttpMessageConverter"
 				class="org.springframework.http.converter.json.MappingJackson2HttpMessageConverter">
 				<property name="supportedMediaTypes">
@@ -21,21 +29,36 @@
 					</list>
 				</property>
 			</bean>
-    	</mvc:message-converters>
-    </mvc:annotation-driven>
+		</mvc:message-converters>
+	</mvc:annotation-driven>
 
-    <mvc:view-controller path="/" view-name="redirect:/index" />
+	<mvc:view-controller path="/" view-name="redirect:/index" />
 
-    <mvc:resources mapping="/static/**" location="/static/" />
+	<mvc:resources mapping="/static/**" location="/static/" />
 
-    <mvc:default-servlet-handler />
-
-    <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
-        <property name="prefix" value="/WEB-INF/view/" />
-        <property name="suffix" value=".jsp" />
-    </bean>
-    <!-- AOP式方法级权限检查 -->
-    <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" >
-        <property name="proxyTargetClass" value="true" />
+	<mvc:default-servlet-handler />
+	<!-- 保证实现了Shiro内部lifecycle函数的bean执行 -->
+	<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />
+	<bean
+		class="org.springframework.web.servlet.view.InternalResourceViewResolver">
+		<property name="prefix" value="/WEB-INF/view/" />
+		<property name="suffix" value=".jsp" />
+	</bean>
+	<!-- AOP式方法级权限检查 -->
+	<bean
+		class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator">
+		<property name="proxyTargetClass" value="true" />
+	</bean>
+	<bean
+		class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
+		<property name="securityManager" ref="securityManager" />
+	</bean>
+	<bean class="com.xt.js.gkaq.web.system.ExceptionResolver">
+        <property name="exceptionMappings">
+            <props>
+                <prop key="org.apache.shiro.authz.UnauthorizedException">error/403</prop>
+                <prop key="java.lang.Exception">error/error</prop>
+            </props>
+        </property>
     </bean>
 </beans>

gkaqv2/trunk/modules/web/src/main/resources/spring/spring-shiro.xml

@@ -32,8 +32,7 @@
 		class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
 		<property name="hashAlgorithmName" value="SHA-256" />
 	</bean>
-	<bean id="gkaqFormAuthenticationFilter"
-		class="com.xt.js.gkaq.frame.system.GkaqFormAuthenticationFilter"></bean>
+	<bean id="gkaqFormAuthenticationFilter" class="com.xt.js.gkaq.frame.system.GkaqFormAuthenticationFilter"></bean>
 	<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
 		<property name="securityManager" ref="securityManager" />
 		<property name="loginUrl" value="/login" />

gkaqv2/trunk/modules/web/src/main/webapp/WEB-INF/view/error/403.jsp

@@ -0,0 +1,39 @@
+<%@page contentType="text/html;charset=UTF-8" isErrorPage="true"%>
+<%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
+<c:set var="ctx" value="${pageContext.request.contextPath}" />
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<title>404-页面无法访问</title>
+<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
+<meta http-equiv="Cache-Control" content="no-store" />
+<meta http-equiv="Pragma" content="no-cache" />
+<meta http-equiv="Expires" content="0" />
+<link rel="stylesheet" type="text/css" href="${ctx}/static/xt/css/style.css"/>
+</head>
+<%
+    response.setStatus(200);
+%>
+<script type="text/javascript">
+    function toMain() {
+        window.top.location = "${ctx}/main";
+    }
+</script>
+<style type="text/css">
+</style>
+<body BGCOLOR=#CFE1FF>
+    <div style="top: 50%; position: absolute; left: 50%; margin: -123px 0 0 -225px;">
+        <IMG SRC="${ctx}/static/xt/images/error/403.png" ALT="">
+    </div>
+    <div style="top: 50%; position: absolute; left: 50%; margin: -123px 0 0 -45px;">
+        <span style="font-family: ''微软雅黑'';">您没有此功能的操作权限！</span>
+    </div>
+    <div class="btn_left_2" style="top: 50%; position: absolute; left: 50%; margin: 20px 0 0 -90px;" >
+        <input type="button"  value="返回首页" onclick="toMain()" class="btn_blue"/>
+    </div>
+    <div class="btn_left_2" style="top: 50%; position: absolute; left: 50%; margin: 20px 0 0 40px;" >
+        <input type="button"  value="刷新"  onclick="refresh()" class="btn_blue"/>
+    </div>
+       
+</body>
+</html>

gkaqv2/trunk/modules/web/src/main/webapp/WEB-INF/view/error/404.jsp

@@ -0,0 +1,39 @@
+<%@page contentType="text/html;charset=UTF-8" isErrorPage="true"%>
+<%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
+<c:set var="ctx" value="${pageContext.request.contextPath}" />
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<title>404-页面无法访问</title>
+<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
+<meta http-equiv="Cache-Control" content="no-store" />
+<meta http-equiv="Pragma" content="no-cache" />
+<meta http-equiv="Expires" content="0" />
+<link rel="stylesheet" type="text/css" href="${ctx}/static/xt/css/style.css"/>
+</head>
+<%
+    response.setStatus(200);
+%>
+<script type="text/javascript">
+    function toMain() {
+        window.top.location = "${ctx}/main";
+    }
+</script>
+<style type="text/css">
+</style>
+<body BGCOLOR=#CFE1FF>
+    <div style="top: 50%; position: absolute; left: 50%; margin: -123px 0 0 -225px;">
+        <IMG SRC="${ctx}/static/xt/images/error/404.png" ALT="">
+    </div>
+    <div style="top: 50%; position: absolute; left: 50%; margin: -123px 0 0 -45px;">
+        <span style="font-family: ''微软雅黑'';">您访问的页面不存在！</span>
+    </div>
+    <div class="btn_left_2" style="top: 50%; position: absolute; left: 50%; margin: 20px 0 0 -90px;" >
+        <input type="button"  value="返回首页" onclick="toMain()" class="btn_blue"/>
+    </div>
+    <div class="btn_left_2" style="top: 50%; position: absolute; left: 50%; margin: 20px 0 0 40px;" >
+        <input type="button"  value="刷新"  onclick="refresh()" class="btn_blue"/>
+    </div>
+       
+</body>
+</html>

gkaqv2/trunk/modules/web/src/main/webapp/WEB-INF/view/error/500.jsp

@@ -0,0 +1,39 @@
+<%@page contentType="text/html;charset=UTF-8" isErrorPage="true"%>
+<%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
+<c:set var="ctx" value="${pageContext.request.contextPath}" />
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<title>404-页面无法访问</title>
+<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
+<meta http-equiv="Cache-Control" content="no-store" />
+<meta http-equiv="Pragma" content="no-cache" />
+<meta http-equiv="Expires" content="0" />
+<link rel="stylesheet" type="text/css" href="${ctx}/static/xt/css/style.css"/>
+</head>
+<%
+    response.setStatus(200);
+%>
+<script type="text/javascript">
+    function toMain() {
+        window.top.location = "${ctx}/main";
+    }
+</script>
+<style type="text/css">
+</style>
+<body BGCOLOR=#CFE1FF>
+    <div style="top: 50%; position: absolute; left: 50%; margin: -123px 0 0 -225px;">
+        <IMG SRC="${ctx}/static/xt/images/error/500.png" ALT="">
+    </div>
+    <div style="top: 50%; position: absolute; left: 50%; margin: -123px 0 0 -45px;">
+        <span style="font-family: ''微软雅黑'';">服务器异常！</span>
+    </div>
+    <div class="btn_left_2" style="top: 50%; position: absolute; left: 50%; margin: 20px 0 0 -90px;" >
+        <input type="button"  value="返回首页" onclick="toMain()" class="btn_blue"/>
+    </div>
+    <div class="btn_left_2" style="top: 50%; position: absolute; left: 50%; margin: 20px 0 0 40px;" >
+        <input type="button"  value="刷新"  onclick="refresh()" class="btn_blue"/>
+    </div>
+       
+</body>
+</html>

gkaqv2/trunk/modules/web/src/main/webapp/WEB-INF/view/error/error.jsp

@@ -0,0 +1,38 @@
+<%@page contentType="text/html;charset=UTF-8" isErrorPage="true"%>
+<%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
+<%@page import="org.slf4j.Logger,org.slf4j.LoggerFactory"%>
+<%@page import="java.io.*"%>
+<c:set var="ctx" value="${pageContext.request.contextPath}" />
+<%
+	response.setStatus(200);
+	Throwable ex = null;
+	if (exception != null)
+		ex = exception;
+	if (request.getAttribute("javax.servlet.error.exception") != null)
+		ex = (Throwable) request.getAttribute("javax.servlet.error.exception");
+
+	//记录日志
+	Logger logger = LoggerFactory.getLogger("500.jsp");
+	logger.error(ex.getMessage(), ex);
+%>
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<title>系统内部错误</title>
+<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
+<meta http-equiv="Cache-Control" content="no-store" />
+<meta http-equiv="Pragma" content="no-cache" />
+<meta http-equiv="Expires" content="0" />
+</head>
+
+<body>
+	<div style="overflow: auto">
+		<h2>500 - 系统发生内部错误</h2>
+		<br />
+		<div>错误详细信息：</div>
+		<div class="alert-error">
+			<%=ex.getMessage()%><br />
+		</div>
+	</div>
+</body>
+</html>