SpringBoot-拦截器实现登录权限设置
进行项目练习时,往往有的页面是需要我们登录后才可访问,而项目初期所有页面是都可以访问的,这并不符合我们的要求,因此我们需要拦截器来进行相关权限的判定,符合要求时放行,不符合时返回首页并提示,实现步骤如下:
1. 书写登陆拦截类,实现HandlerInterceptor接口,重写preHandle方法
public class LoginInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
HttpSession session = request.getSession();
String username = (String) session.getAttribute("loginUser");
if (username == null){
request.setAttribute("msg","未拥有权限,请先登录");
request.getRequestDispatcher("/index").forward(request,response);
return false;
}else{
return true;
}
}
}
2. 在使用@Configuration注解的配置类中,重写addInterceptors方法
@Configuration
public class MyWebMvcConfig implements WebMvcConfigurer {
@Bean
public LocaleResolver localeResolver(){
return new MySolver();
}
@Override
// 拦截器
public void addInterceptors(InterceptorRegistry registry) {
// 添加拦截器
registry.addInterceptor(new LoginInterceptor())
.addPathPatterns("/**") //作用:拦截所有请求,
.excludePathPatterns("/user/login","/css/**","/js/**","/img/**","/index","/"); // 作用:拦截时放行这些请求,“/user/login”登录请求,“"/css/**","/js/**","/img/**"” 静态资源请求,“"/index","/"”去往首页请求
}
@Override
public void addViewControllers(ViewControllerRegistry registry) {
// 添加视图跳转路径
registry.addViewController("/index").setViewName("index");
}
}
3. controller层编写,仅仅只是用户名验证,登陆成功时,存放session,登陆失败,显示警告用语,返回首页
@Controller
public class LoginController {
@GetMapping("/index")
public String toIndex(){
return "index";
}
@GetMapping("/dash")
public String toDash(){
return "dashboard";
}
@RequestMapping("/user/login")
public String userLogin(String username,HttpSession session, Model model){
if ("admin".equals(username)){
session.setAttribute("loginUser",username);
return "redirect:/dashboard.html";
}else {
model.addAttribute("msg","用户名有误");
return "/index";
}
}
}
4.前端测试
-
未登录访问
http://localhost:8080/dash
-
用户名错误
-
登陆成功