- 需求目的
拦截器:在系统未登录情况下拦截所有或部分URL,网上大部分都是在web.xml里进行拦截,会拦截我的所有URL,需求达不到。
- 实现方法
后续有大佬指导完成
web.xml内容
<!-- SpringMVC配置 -->
<servlet>
<servlet-name>dispatcherServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath*:applicationContext.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<!--拦截器 -->
<servlet-mapping>
<servlet-name>dispatcherServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
applicationContext.xml内容
<mvc:default-servlet-handler />
<!-- 拦截器拦截配置 -->
<mvc:interceptors>
<mvc:interceptor>
<!-- 设置拦截所有请求 -->
<mvc:mapping path="/**/*.do"/>
<!-- 设置不拦截静态文件 -->
<mvc:exclude-mapping path="/**/static/**/*.*" />
<bean class="com.zc.controller.interceptor.LoginInterceptor" />
</mvc:interceptor>
</mvc:interceptors>
拦截器逻辑详情
package com.zc.controller.interceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import com.zc.entity.User;
public class LoginInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
//获取请求的RUi:去除http:localhost:8080这部分剩下的
String uri = request.getRequestURI();
//UTL:除了login.jsp是可以公开访问的,其他的URL都进行拦截控制
if (uri.indexOf("/login.do") >= 0) {
return true;
}
//获取session
HttpSession session = request.getSession();
User user = (User) session.getAttribute("USER_SESSION");
//判断session中是否有用户数据,如果有,则返回true,继续向下执行
if (user != null) {
return true;
}
if("pwd".equals(request.getParameter("cqy"))){
response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("P3P", "CP=CAO PSA OUR");
if (request.getHeader("Access-Control-Request-Method") != null && "OPTIONS".equals(request.getMethod())) {
response.addHeader("Access-Control-Allow-Methods", "POST,GET,TRACE,OPTIONS");
response.addHeader("Access-Control-Allow-Headers", "Content-Type,Origin,Accept");
response.addHeader("Access-Control-Max-Age", "120");
}
return true;
}
//不符合条件的给出提示信息,并转发到登录页面
request.setAttribute("msg", "您还没有登录,请先登录!");
request.getRequestDispatcher("/WEB-INF/view/login.jsp").forward(request, response);
return false;
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
ModelAndView modelAndView) throws Exception {
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
throws Exception {
}
}