本文基于springMVC框架,以自定义拦截器为例。
SpringMVC的拦截器HandlerInterceptorAdapter对应提供了三个preHandle,postHandle,afterCompletion方法。
preHandle在业务处理器处理请求之前被调用,
postHandle在业务处理器处理请求执行完成后,生成视图之前执行,
afterCompletion在DispatcherServlet完全处理完请求后被调用,可用于清理资源等 。所以要想实现自己的权限管理逻辑,需要继承HandlerInterceptorAdapter并重写其三个方法。
- springmvc.xml中配置
<!-- 拦截所有springmvc的url! -->
<mvc:interceptors>
<bean class="com.interceptor.SessionInterceptor"></bean>
</mvc:interceptors>
2 ,SessionInterceptor.java代码,我这里全部贴了。
package com.interceptor;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import com.entity.User;
public class SessionInterceptor extends HandlerInterceptorAdapter {
private static final Map<Integer, User> userMap = new HashMap<Integer, User>();
@Override
public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception {
//注册,不拦截
if(request.getRequestURL().toString().endsWith("register.do")){
return true;
}
//不是登录请求,判断是否已经登录 if(!request.getRequestURL().toString().endsWith("login.do")){
User user = (User) request.getSession().getAttribute("user");
if(user!=null){
Integer userId = user.getUserid();
User mapUser = userMap.get(userId);
if((request.getSession().getId() != mapUser.getSessionId()) && ( System.currentTimeMillis() - mapUser.getLoginTime() > 5000 ))
{
response.sendRedirect(request.getContextPath()+"/login.jsp");
return false;
}
}else{
response.sendRedirect(request.getContextPath()+"/login.jsp");
return false;
}
}
return true;
}
@Override
public void postHandle(HttpServletRequest request,HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
if(request.getRequestURL().toString().endsWith("login.do"))
{
User user = (User)request.getSession().getAttribute("user");
if(null!=user){
User user1 = new User();
user1.setSessionId(request.getSession().getId());
user1.setLoginTime(System.currentTimeMillis());
userMap.put(user.getUserid(), user1);
}
}
}
}