使用HandlerInterceptor实现简单的授权
实现拦截器接口HandlerInterceptor或者HandlerInterceptorAdapter

package com.qunar.keyvalue.controller;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import javax.servlet.http.HttpSession;import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;import com.qunar.keyvalue.model.User;public class AuthorizeInterceptor extends HandlerInterceptorAdapter{@Overridepublic boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception {boolean handlerOk = super.preHandle(request, response, handler);if(handlerOk){String url = request.getRequestURL().toString();if(url.endsWith("doLogin"))return true;HttpSession session = request.getSession();User user = (User)session.getAttribute("user");if(user == null) {response.sendRedirect("login.jsp");}return true;}return false;}}

配置一下拦截器：

 <bean id="authorizeInterceptor" class="org.springframework.web.servlet.mvc.annotation.DefaultAnnotationHandlerMapping"><property name="interceptors"><list><ref bean="authorizeInterceptor"/></list></property></bean>

BTW：配置中一定要去掉<mvc:annotation-driven />,去掉其默认配置，否则会实例化两个DefaultAnnotationHandlerMapping，并且不使用你配置的那个DefaultAnnotationHandlerMapping 1 楼 zhao0p 2011-03-30 BTW：配置中一定要去掉<mvc:annotation-driven />,去掉其默认配置，否则会实例化两个DefaultAnnotationHandlerMapping，并且不使用你配置的那个 DefaultAnnotationHandlerMapping

这句话对我太有用了，非常感激