使用springmvc拦截器和session控制登录和获取登录用户的信息。
1.LoginInterceptor.java 解析session,获取登录用户信息。
public class LoginInterceptor implements HandlerInterceptor {
protected static final Logger logger = Logger.getLogger(LoginInterceptor.class);
private SystemConfig systemConfig;
public void setSystemConfig(SystemConfig systemConfig) {
this.systemConfig = systemConfig;
}
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
Cookie[] cookies = request.getCookies();
if(cookies == null) {
return true;
}
for(Cookie cookie : cookies) {
String key = cookie.getName();
String content = cookie.getValue();
if(key.equalsIgnoreCase(systemConfig.getCookieKey())) {
if(StringUtils.isNotBlank(content)) {
String source = DESUtils.decrypt(content, systemConfig.getCookieSecurityKey());
UserDO user = this.decode(source);
LoginContext context = new LoginContext();
context.setUser(user);
LoginContextHolder.set(context);
}
}
}
return true;
}
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
if(modelAndView != null) {
modelAndView.addObject("loginUser", LoginContextHolder.getLoginUser());
}
}
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
LoginContextHolder.clear();
}
protected UserDO decode(String content) {
if(StringUtils.isBlank(content)) {
return null;
}
JSONObject json = JSONObject.fromObject(content);
UserDO user = new UserDO();
user.setId(json.getInt("id"));
user.setName(json.getString("name"));
return user;
}
}
2,securityInterceptor.java 控制用户登录
public class SecurityInterceptor implements HandlerInterceptor {
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
// TODO Auto-generated method stub
LoginContext context = LoginContextHolder.get();
if(context != null && context.getUser() != null) {
return true;
}
response.sendRedirect("login.jhtml");
return false;
}
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
// TODO Auto-generated method stub
}
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
// TODO Auto-generated method stub
}
}
3.LoginContext.java 存放登录上下文信息。
public class LoginContext {
private UserDO user;
public UserDO getUser() {
return user;
}
public void setUser(UserDO user) {
this.user = user;
}
}
4.LoginContextHolder.java 使用ThreadLocal<LoginContext>存取用户信息。
public class LoginContextHolder {
private static final ThreadLocal<LoginContext> holder = new ThreadLocal<LoginContext>();
public static LoginContext get() {
return holder.get();
}
public static void set(LoginContext context) {
holder.set(context);
}
public static void clear() {
holder.remove();
}
public static UserDO getLoginUser() {
LoginContext context = holder.get();
return context == null ? null : context.getUser();
}
}
5.使用springMvc的拦截器对链接路径进行控制
<mvc:interceptors>
<mvc:interceptor>
<mvc:mapping path="/upload/**" />
<bean class="com.moin.web.interceptor.LoginInterceptor" />
</mvc:interceptor>
<mvc:interceptor>
<mvc:mapping path="/upload/**" />
<bean class="com.moin.web.interceptor.SecurityInterceptor" />
</mvc:interceptor>
</mvc:interceptors>