为了防止未登陆情况下访问一些页面,可以用登陆拦截器。
配置好规则,拦截需要拦截的地址进行处理
<mvc:interceptors>
<mvc:interceptor>
<mvc:mapping path="/**"/>
<mvc:exclude-mapping path="/login"/>
<mvc:exclude-mapping path="/index.*"/>
<mvc:exclude-mapping path="/usercontroller/login"/>
<bean class="com.xxx.interceptor.LoginInterceptor"/>
</mvc:interceptor>
</mvc:interceptors>
/** 拦截一切地址
需要配置好例外不然无法访问登陆页面了
package com.therp.interceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
public class LoginInterceptor implements HandlerInterceptor{
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object arg2) throws Exception {
// TODO Auto-generated method stub
String username;
username=(String) request.getSession().getAttribute("username");
if(username!=null)
{
return true;
}
else{
request.getRequestDispatcher("/login").forward(request, response);
return false;
}
}
@Override
public void afterCompletion(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, Exception arg3)
throws Exception {
// TODO Auto-generated method stub
}
@Override
public void postHandle(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, ModelAndView arg3)
throws Exception {
// TODO Auto-generated method stub
}
}
拦截器通过prehandle方法,读取session内的user 数据,如果没有则跳转登录界面,如果有就通过
(需要再登陆controller内设置好session的user数据,登出controller内删除session);
后来发现静态资源又被拦截了,增加了例外后解决
<mvc:exclude-mapping path="/css/*"/>
<mvc:exclude-mapping path="/js/*"/>