SpringMVC中的 拦截器(登录拦截案例的实现)

1.首先还是项目结构图



2.web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" id="WebApp_ID" version="3.1">
  <display-name>InterceptorTest</display-name>
  
  <!-- 定义Spring MVC的前端控制器 -->
  <servlet>
    <servlet-name>springmvc</servlet-name>
    <servlet-class>
        org.springframework.web.servlet.DispatcherServlet
    </servlet-class>
    <init-param>
      <param-name>contextConfigLocation</param-name>
      <param-value>classpath:spring/springmvc-config.xml</param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
  </servlet>
  
  <!-- 让Spring MVC的前端控制器拦截所有请求 -->
  <servlet-mapping>
    <servlet-name>springmvc</servlet-name>
    <url-pattern>/</url-pattern>
  </servlet-mapping>
  
  <!-- 编码过滤器 -->
  <filter>
<filter-name>characterEncodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
 </filter>
<filter-mapping>
<filter-name>characterEncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

</web-app>


3.spring的配置文件springmvc-config.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
   xmlns:mybatis="http://mybatis.org/schema/mybatis-spring"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xmlns:p="http://www.springframework.org/schema/p"
   xmlns:mvc="http://www.springframework.org/schema/mvc"
   xmlns:context="http://www.springframework.org/schema/context"
   xmlns:tx="http://www.springframework.org/schema/tx"
   xsi:schemaLocation="http://www.springframework.org/schema/beans
       http://www.springframework.org/schema/beans/spring-beans-4.2.xsd
       http://www.springframework.org/schema/mvc
       http://www.springframework.org/schema/mvc/spring-mvc-4.2.xsd
       http://www.springframework.org/schema/context
       http://www.springframework.org/schema/context/spring-context-4.2.xsd
       http://www.springframework.org/schema/tx
       http://www.springframework.org/schema/tx/spring-tx-4.2.xsd
       http://mybatis.org/schema/mybatis-spring
       http://mybatis.org/schema/mybatis-spring.xsd">


<!-- 自动扫描该包,SpringMVC会将包下用@Controller注解的类注册为Spring的controller -->
<context:component-scan base-package="org.fkit"/>
<!-- 设置默认配置方案 -->
<!-- 该标签会默认装配很多东西,其中有装配了LocalValidatorFactoryBean,因此不需要额外的配置 -->
<mvc:annotation-driven/>

<!-- 视图解析器 -->
<bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<!-- 前缀 -->
<property name="prefix">
<value>/WEB-INF/content/</value>
</property>
<!-- 后缀 -->
<property name="suffix">
<value>.jsp</value>
</property>
</bean>

</beans>


4.两个实体类

User.java 

public class User {
private String loginname;
private String password;

private String username;

        //省略set和get方法

}

Book.java

public class Book {
private Integer id; // id
private String name; // 书名
private String author; // 作者
private Double price; // 价格

private String image;

        //省略set和get方法

}


5.登录页loginForm.jsp

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>登录页面</title>
</head>
<body>
<h3>登录页面</h3>
<form action="login" method="post">
<!-- 提示信息 -->
<font color="red">${requestScope.message }</font>
<table>
<tr>
<td><label>登录名:</label></td>
<td><input type="text" id="loginname" name="loginname"/></td>
</tr>

<tr>
<td><label>密码:</label></td>
<td><input type="password" id="password" name="password"/></td>
</tr>

<tr>
<td colspan="2">
<input type="submit" value="登录" />
</td>
</tr>
</table>
</form>
</body>

</html>


6.登录控制器UserController.java

package org.fkit.controller;
import javax.servlet.http.HttpSession;
import org.fkit.domain.User;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.servlet.ModelAndView;

@Controller
public class UserController {
@RequestMapping("/loginForm")
public String loginForm(){
return "loginForm";
}
/**
*处理login请求 
*/
@RequestMapping("/login")
public ModelAndView login(String loginname,String password,
ModelAndView mv,HttpSession session){
//模拟数据库根据登录名和密码查询用户,判断用户是否登录
if(loginname != null && loginname.equals("lin")
&& password != null && password.equals("000")){
//模拟创建用户
User user = new User();
user.setLoginname(loginname);
user.setPassword(password);
user.setUsername("管理员");

//登录成功,将user对象设置到HttpSession作用域
session.setAttribute("user", user);
//转发到main请求
mv.setViewName("redirect:main");
}else{
//登录失败,设置失败提示信息,并跳转到登录页面
mv.addObject("message", "登录名或密码错误,请重新输入!");
mv.setViewName("loginForm");
}

return mv;
}

}


登录成功后访问的控制器BookController .java

package org.fkit.controller;
import java.util.ArrayList;
import java.util.List;
import org.fkit.domain.Book;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;

@Controller
public class BookController {
/**
*处理main请求 
*/
@RequestMapping("/main")
public String main(Model model){
//模拟从数据库中获取到所有的图书集合
List<Book> book_list = new ArrayList<>();
book_list.add(new Book("java.jpg","疯狂java讲义","李刚 编著",74.2));
book_list.add(new Book("android.jpg","疯狂Android讲义","李刚 编著",60.6));
//将图书集合添加到Model中
model.addAttribute("book_list", book_list);
//跳转到main页面
return "main";
}

}


7.main.jsp

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>全部图书</title>
</head>
<body>
<h3>欢迎【${sessionScope.user.username }】访问</h3>
<br>
<table>
<tr>
<th>封面</th><th>书名</th><th>作者</th><th>价格</th>
</tr>
<c:forEach items="${requestScope.book_list }" var="book">
<tr>
<td><img src="/images/${book.image }" height="60"></td>
<td>${book.name }</td>
<td>${book.author }</td>
<td>${book.price }</td>
</tr>
</c:forEach>

</table>
</body>

</html>



以上代码就是该案例的雏形代码,运行以上代码后,可以避过登录而直接访问main请求并可以获取到数据。

8.下面加入拦截器AuthorizationInterceptor.java

package org.fkit.interceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.fkit.domain.User;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;

/**
 *拦截器必须实现HandlerInterceptor接口 
 **/
public class AuthorizationInterceptor implements HandlerInterceptor{
//不拦截"/loginForm"和"/login"请求
private static final String[] IGNORE_URI = {"/loginForm","/login"};
/**
* 该方法将在整个请求完成之后执行,主要作用是清理资源,
* 该方法也只能在当前Interceptor的preHandle方法的返回值为true时才会执行
* */
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
throws Exception {
System.out.println("AuthorizationInterceptor afterCompletion--> ");
}

/**
* 该方法将在controller的方法调用之后执行,方法中可以对ModelAndView进行操作,
* 该方法也只能在当前Interceptor的preHandle方法的返回值为true时才会执行。
* */
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView mv)
throws Exception {
System.out.println("AuthorizationInterceptor postHandle--> ");
}

/**
* preHandle方法是进行处理器拦截用的,该方法在Controller处理之前进行调用,
* 该方法的返回值为true拦截器才会继续往下执行,该方法的返回值为false的时候整个请求就结束了。
* */
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
System.out.println("AuthorizationInterceptor preHandle--> ");

//flag变量用于判断用户是否登录,默认为false
boolean flag = false;
//获取请求的路径进行判断
String servletPath = request.getServletPath();
//判断请求是否需要拦截
for(String s : IGNORE_URI){
//通过遍历IGNORE_URI数组中的元素,判断请求的路径是否包含IGNORE_URI数组中的值,如若有,则表示不需要进行拦截
if(servletPath.contains(s)) {
flag = true;
break;
}
}

//拦截请求
if(!flag) {
//1.获取session中的用户
User user = (User) request.getSession().getAttribute("user");
//2.判断用户是否已经登录
if(user == null){
//如果用户没有登录,则设置提示信息,跳转到登录页面
System.out.println("AuthorizationInterceptor拦截请求:");
request.setAttribute("message", "请先登录后再访问网站");
request.getRequestDispatcher("loginForm").forward(request, response);
}else{
//如果用户已经登录,则验证通过,放行
System.out.println("AuthorizationInterceptor请求放行:");
flag = true;
}
}

return flag;
}

}


9.在springmvc的配置文件中加入拦截器的配置


<!-- Spring MVC 拦截器定义 -->
<mvc:interceptors>
<mvc:interceptor>
<!-- 拦截所有的请求(/*表示只拦截最根的一层路径,而/**表示拦截根路径及其子路径,范围更广) -->
<mvc:mapping path="/**"/>
<bean class="org.fkit.interceptor.AuthorizationInterceptor" />
</mvc:interceptor>

</mvc:interceptors>


小结:到这里为止已经实现了springmvc的拦截器功能,测试发现如果想要绕过登录而直接访问main请求,则该请求会被拦截, 并将页面重定向到登录页面,ok,拦截器功能已经实现。模块化的代码,以后要是忘了可以直接从这里copy到需求中就可以直接使用了!

阅读更多

没有更多推荐了,返回首页