背景说明
之前自己写了一个Web日志工具,使用Spring MVC+mybatis进行实现。由于我自己一天到晚都要使用,而有时页面会放在那里一段时间,就常会遇到session过期后跳转到登陆界面进行登陆。但是登陆后是转向了一个默认界面,这样我每次都还在多一次点击才能来到目标页面。于是,我必须要解决登陆之后跳转到前一个页面的问题以提高效率。
首先,我使用了SessionFilter对Session进行过滤,在Session过期时就会在这个方法中转向到login界面。
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpSession session = ((HttpServletRequest) request).getSession(); HttpServletResponse rep = (HttpServletResponse) response; HttpServletRequest req = (HttpServletRequest) request; String url = req.getRequestURI(); if (url.contains("user/login") || url.endsWith(".css") || url.endsWith(".js") || url.endsWith(".png") || url.endsWith(".jpg")) { chain.doFilter(request, response); } else if ((session == null || session.getAttribute("user") == null)) { rep.sendRedirect(req.getContextPath() + "/user/login); } else { chain.doFilter(request, response); } }
然后,在LoginController中分GET和POST对用户登陆进行处理。
@RequestMapping(value = "/login", method = RequestMethod.GET) public ModelAndView login() { final ModelAndView m = new ModelAndView("login"); return m; } @RequestMapping(value = "/login", method = RequestMethod.POST) public ModelAndView login(HttpSession session, String userName, String password) { ReturnStatus rs = service.login(userName, MD5Tool.getMD5(password.getBytes())); if (rs.getCode() == 1) { session.setAttribute("user", service.get(userName)); return new ModelAndView("redirect:/task/week"); } else { final ModelAndView m = new ModelAndView("login"); m.addObject("message", "用户名或者密码不正确,请重新输入"); return m; } }
解决方案
我首先想到的就是在filter中转向到login页面时,将登陆成功后要转向的页面fromUrl传过去。假设原始链接是:http://localhost:8084/personal/task/update?id=DTASK1167778733413045&mode=week。
req.getRequestURI()
,获取到的是/personal/task/update,不带query string,不符合req.getRequestURL()
,获取到的是http://localhost:8084/personal/task/update,也不带query string,不符合- 于是我百度了一下,找到一下方法可以获得完整的请求url(http://localhost:8084/personal/task/update?id=DTASK1167778733413045&mode=week),但是遗憾的是POST过来的数据还是无法
-
public static String getUrl(HttpServletRequest req) { String reqUrl = req.getRequestURL().toString(); String queryString = req.getQueryString(); if (queryString != null) { reqUrl += "?" + queryString; } return reqUrl; }
-
- 我试图从request中把POST过来的数据设置到response的Header中,但是在login页面经过SpringMVC后再次分发我又不会(感觉会很麻烦)
-
private void setHeader(HttpServletRequest req, HttpServletResponse rep) { for (Map.Entry<String, String[]> entry : req.getParameterMap().entrySet()) { try { String name = entry.getKey(); String value = new String(req.getParameter(name).getBytes("ISO8859-1"), "UTF8"); rep.setHeader(name, value); } catch (UnsupportedEncodingException ex) { Logger.getLogger(SessionFilter.class.getName()).log(Level.SEVERE, null, ex); } } }
-
- 于是决定,在POST的情况下就不再做POST操作,而是转向到POST之前的界面(这样有丢失数据的危险,暂时先这样吧)
-
from Url = req.getHeader("Referer")
-
最终,思路确定如下:Session过滤时,如果是POST过来的,就取前一个页面的url(第5点中的方法),如果是其他请求方式过来的(主要是GET),就使用当前要转向的url(第3点中的方法)。将url通过GET方式传入到login页面后,POST login时也带到后台,待确认登陆成功后转向到该url。
最终代码
SessionFilter
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpSession session = ((HttpServletRequest) request).getSession(); HttpServletResponse rep = (HttpServletResponse) response; HttpServletRequest req = (HttpServletRequest) request; String url = req.getRequestURI(); if (url.contains("user/login") || url.endsWith(".css") || url.endsWith(".js") || url.endsWith(".png") || url.endsWith(".jpg")) { chain.doFilter(request, response); } else if ((session == null || session.getAttribute("user") == null)) { String fromUrl; if ("POST".equalsIgnoreCase(req.getMethod())) { fromUrl = req.getHeader("Referer"); } else { fromUrl = getUrl(req); } rep.sendRedirect(req.getContextPath() + "/user/login?fromUrl=" + URLEncoder.encode(fromUrl, "UTF8")); } else { chain.doFilter(request, response); } } public static String getUrl(HttpServletRequest req) { String reqUrl = req.getRequestURL().toString(); String queryString = req.getQueryString(); if (queryString != null) { reqUrl += "?" + queryString; } return reqUrl; }
LoginController
@RequestMapping(value = "/login", method = RequestMethod.GET) public ModelAndView login(HttpServletRequest request, @RequestParam(defaultValue = "") String fromUrl) { final ModelAndView m = new ModelAndView("login"); m.addObject("fromUrl", fromUrl); return m; } @RequestMapping(value = "/login", method = RequestMethod.POST) public ModelAndView login(HttpSession session, String userName, String password, @RequestParam(defaultValue = "") String fromUrl) { ReturnStatus rs = service.login(userName, MD5Tool.getMD5(password.getBytes())); if (rs.getCode() == 1) { session.setAttribute("user", service.get(userName)); if (fromUrl.equals("")) { return new ModelAndView("redirect:/task/week"); } else { return new ModelAndView("redirect:" + fromUrl); } } else { final ModelAndView m = new ModelAndView("login"); m.addObject("message", "用户名或者密码不正确,请重新输入"); m.addObject("fromUrl", fromUrl); return m; } }
http://www.alanzeng.cn/2016/01/login-redirect/