案例一
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
version="3.1">
<!--
springmvc的核心servlet
第一种:[servlet-name]-servlet.xml ,比如:springmvc-servlet.xml
第二种是:改变命名空间 namespace
必须配置文件在放入在web-inf目录下。
第三种是通过:contextConfigLocation
-->
<servlet>
<servlet-name>springmvc</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>namespace</param-name>
<param-value>imoocmvc</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>springmvc</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
</web-app>
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc-4.3.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd">
<!-- 配置自定义扫描包 -->
<context:component-scan base-package="com.imooc.web"></context:component-scan>
<!-- 拦截器的注册 -->
<mvc:interceptors>
<mvc:interceptor>
<mvc:mapping path="/user/**"/>
<bean class="com.imooc.core.LogInterceptor"></bean>
</mvc:interceptor>
<mvc:interceptor>
<!--<mvc:mapping path="/user/search"/>
<mvc:mapping path="/user/updatepwd"/>
<mvc:mapping path="/user/updateheaderPic"/>-->
<!--<mvc:mapping path="/user/*"></mvc:mapping>-->
<mvc:mapping path="/user/**"></mvc:mapping>
<!--exclude-mapping在所有拦截中进行排除,一般在通配符会有意义。-->
<mvc:exclude-mapping path="/user/updatepwd"></mvc:exclude-mapping>
<mvc:exclude-mapping path="/user/updatebackground/*"></mvc:exclude-mapping>
<bean class="com.imooc.core.LoginInterceptor"></bean>
</mvc:interceptor>
</mvc:interceptors>
<!-- 映射物理路径 -->
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/WEB-INF/pages/"></property>
<property name="suffix" value=".jsp"></property>
</bean>
</beans>
Ps1:Spring配置文件,如果没有用到该标签,则该标签在头文件中是变成灰色的。
Ps2:
user/* 子集
user/** 所有集
Ps3:多个拦截器配置按照顺序依次拦截(递归执行顺序)。
package com.imooc.bean;
public class User {
private String account;
private String password;
// 省略 getter setter
}
package com.imooc.web;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
@Controller
public class IndexController {
@RequestMapping("/index")
public String index(){
return "index";
}
}
package com.imooc.web;
import com.imooc.bean.User;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import javax.servlet.http.HttpSession;
@Controller
public class LoginController {
@RequestMapping("/login")
public String login(){
return "login";
}
@RequestMapping("/logined")
public String logined(@RequestParam("account")String account,
@RequestParam("password")String password,
HttpSession session){
if(account.equals("xuke") && password.equals("123456")) {
User user = new User();
user.setAccount(account);
user.setPassword(password);
session.setAttribute("session_user",user);
return "redirect:user/search";
}else{
return "redirect:login";
}
}
}
package com.imooc.web;
import com.imooc.bean.User;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import javax.servlet.http.HttpSession;
@Controller
@RequestMapping("/user")
public class UserController {
//查询用户
@RequestMapping("/search")
public String search(HttpSession session){
System.out.println("2:----keketip====---search---");
return "user/search";
}
//修改密码
@RequestMapping("/updatepwd")
public String updatepwd(HttpSession session){
System.out.println("2:keketip====---updatepwd---");
return "user/updatepwd";
}
//修改头像
@RequestMapping("/updateheaderPic")
public String updateheaderPic(HttpSession session){
System.out.println("2:keketip====---updateheaderPic");
return "user/updateheaderPic";
}
//修改背景图片
@RequestMapping("/updatebackground/{id}")
public String updatebackground(HttpSession session){
System.out.println("2:keketip====---updatebackground");
return "user/test";
}
}
拦截器
package com.imooc.core;
import com.imooc.bean.User;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class LoginInterceptor implements HandlerInterceptor {
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
User user = (User)request.getSession().getAttribute("session_user");
if(user==null) {
System.out.println("LOGIN-1:keketip--preHandle===>");
response.sendRedirect(request.getContextPath()+"/login");
return false;
}
return true; // 是否会终止所有的请求
}
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
System.out.println("LOGIN-3:-----keketip--login==postHandle===>");
}
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
System.out.println("LOGIN-4:--->keketip=--afterCompletion===>");
}
}
package com.imooc.core;
import com.imooc.bean.User;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class LogInterceptor implements HandlerInterceptor {
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
System.out.println("LOG------>1:-----keketip====preHandle===>");
System.out.println("keketip====当前执行的类是:"+handler.getClass());
return true; // 是否会终止所有的请求
}
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
System.out.println("LOG------>3:-----keketip====postHandle===>");
}
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
System.out.println("LOG------>4:--->keketip====afterCompletion===>");
}
}
Ps:如果preHandle返回为false,则业务方法、postHandle、afterCompletion都不会再执行了。
案例二
package com.mmall.controller.common.interceptor;
import com.google.common.collect.Maps;
import com.mmall.common.Const;
import com.mmall.common.ServerResponse;
import com.mmall.pojo.User;
import com.mmall.util.CookieUtil;
import com.mmall.util.JsonUtil;
import com.mmall.util.RedisShardedPoolUtil;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang.StringUtils;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.PrintWriter;
import java.util.Arrays;
import java.util.Iterator;
import java.util.Map;
@Slf4j
public class AuthorityInterceptor implements HandlerInterceptor{
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
log.info("preHandle");
// 请求中Controller中的方法名
HandlerMethod handlerMethod = (HandlerMethod)handler;
// 解析HandlerMethod
String methodName = handlerMethod.getMethod().getName();
String className = handlerMethod.getBean().getClass().getSimpleName();
// 解析参数,具体的参数key以及value是什么,我们打印日志
StringBuffer requestParamBuffer = new StringBuffer();
Map paramMap = request.getParameterMap();
Iterator it = paramMap.entrySet().iterator();
while (it.hasNext()){
Map.Entry entry = (Map.Entry)it.next();
String mapKey = (String)entry.getKey();
String mapValue = StringUtils.EMPTY;
// request这个参数的map,里面的value返回的是一个String[]
Object obj = entry.getValue();
if(obj instanceof String[]){
String[] strs = (String[])obj;
mapValue = Arrays.toString(strs);
}
requestParamBuffer.append(mapKey).append("=").append(mapValue);
}
if(StringUtils.equals(className,"UserManageController") && StringUtils.equals(methodName,"login")){
log.info("权限拦截器拦截到请求,className:{},methodName:{}",className,methodName);
// 如果是拦截到登录请求,不打印参数,因为参数里面有密码,全部会打印到日志中,防止日志泄露
return true;
}
log.info("权限拦截器拦截到请求,className:{},methodName:{},param:{}",className,methodName,requestParamBuffer.toString());
User user = null;
String loginToken = CookieUtil.readLoginToken(request);
if(StringUtils.isNotEmpty(loginToken)){
String userJsonStr = RedisShardedPoolUtil.get(loginToken);
user = JsonUtil.string2Obj(userJsonStr,User.class);
}
if(user == null || (user.getRole().intValue() != Const.Role.ROLE_ADMIN)){
// 返回false.即不会调用controller里的方法
response.reset(); // geelynote 这里要添加reset,否则报异常 getWriter() has already been called for this response.
response.setCharacterEncoding("UTF-8"); // geelynote 这里要设置编码,否则会乱码
response.setContentType("application/json;charset=UTF-8"); // geelynote 这里要设置返回值的类型,因为全部是json接口。
PrintWriter out = response.getWriter();
// 上传由于富文本的控件要求,要特殊处理返回值,这里面区分是否登录以及是否有权限
if(user == null){
if(StringUtils.equals(className,"ProductManageController") && StringUtils.equals(methodName,"richtextImgUpload")){
Map resultMap = Maps.newHashMap();
resultMap.put("success",false);
resultMap.put("msg","请登录管理员");
out.print(JsonUtil.obj2String(resultMap));
}else{
out.print(JsonUtil.obj2String(ServerResponse.createByErrorMessage("拦截器拦截,用户未登录")));
}
}else{
if(StringUtils.equals(className,"ProductManageController") && StringUtils.equals(methodName,"richtextImgUpload")){
Map resultMap = Maps.newHashMap();
resultMap.put("success",false);
resultMap.put("msg","无权限操作");
out.print(JsonUtil.obj2String(resultMap));
}else{
out.print(JsonUtil.obj2String(ServerResponse.createByErrorMessage("拦截器拦截,用户无权限操作")));
}
}
out.flush();
out.close(); // geelynote 这里要关闭
return false;
}
return true;
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
log.info("postHandle");
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
log.info("afterCompletion");
}
}
<mvc:interceptors>
<!-- 定义在这里的,所有的都会拦截-->
<mvc:interceptor>
<!--manage/a.do /manage/*-->
<!--manage/b.do /manage/*-->
<!--manage/product/save.do /manage/**-->
<!--manage/order/detail.do /manage/**-->
<mvc:mapping path="/manage/**"/>
<!--<mvc:exclude-mapping path="/manage/user/login.do"/>-->
<bean class="com.mmall.controller.common.interceptor.AuthorityInterceptor" />
</mvc:interceptor>
</mvc:interceptors>