/** 세션에 계정정보(LoginVO)가 있는지 여부로 인증 여부를 체크한다. 계정정보(LoginVO)가 없다면, 로그인 페이지로 이동한다. */
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
System.out.println("interceptor>>>>>>>>");
String requestURI = request.getRequestURI(); // 요청 URI
boolean isPermittedURL = false;
LoginVO loginVO = null;
try {
loginVO = (LoginVO) UserDetailHelper.getAuthenticatedUser();
} catch (Exception e) {
e.printStackTrace();
}
System.out.println(loginVO != null);
if (loginVO != null) {
String[] urlarr = requestURI.split("/");
if (urlarr[1].equals("admin") && !loginVO.getBizrole_cd().equals("ADMIN")) {
ModelAndView modelAndView = new ModelAndView("redirect:/com/onlyAdmin.do");
throw new ModelAndViewDefiningException(modelAndView);
}
return true;
} else {
for (Iterator<String> it = this.permittedURL.iterator(); it.hasNext(); ) {
String urlPattern = request.getContextPath() + (String) it.next();
if (Pattern.matches(urlPattern, requestURI)) { // 정규표현식을 이용해서 요청 URI가 허용된 URL에 맞는지 점검함.
isPermittedURL = true;
}
}
if (!isPermittedURL) {
ModelAndView modelAndView = new ModelAndView("redirect:/com/sessionOut.do");
throw new ModelAndViewDefiningException(modelAndView);
} else {
return true;
}
}
}