使用拦截器实现用户登录权限验证
Controller层的设计
@Controller
public class LoginController {
/**
* 跳转登录页
* @return
*/
@RequestMapping(value = "/login",method = RequestMethod.GET)
public String loginPage(){
System.out.println("跳转到login.html页面当中");
return "login";
}
/**
* 用户登录,成功到主页,失败回到登录页
* @param user
* @param model
* @param session
* @return
*/
@RequestMapping(value = "/login",method = RequestMethod.POST)
public String login(User user, Model model, HttpSession session){
if(user.getUsername() !=null && user.getUsername().equals("admin")
&& user.getPassword() !=null && user.getPassword().equals("123456")){
System.out.println("用户登录功能实现");
//将用户添加到session保存
session.setAttribute("user",user);
return "/suc";
}
model.addAttribute("msg","账户或密码错误,请重新登录");
return "login";
}
/**
* 跳转到主页
* @return
*/
@RequestMapping("/index")
public String indexPage(){
System.out.println("跳转到主页");
return "suc";
}
/**
* 用户退出登录
* @param session
* @return
*/
@RequestMapping("/logout")
public String logout(HttpSession session){
session.invalidate();//清除session
System.out.println("用户退出登录");
return "login";
}
}
登录页面
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>登录页面</title>
</head>
<body>
<h1> <font color="red"> <b th:text="${msg}"></b></font></h1>
<form action="/SSMDemo/login" method="post">
账户:<input type="text" name="username"/>
密码:<input type="password" name="password"/>
<input type="submit" value="登录"/>
</form>
</body>
</html>
主页
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<h1>Hello <b th:text="${msg}"></b></h1>
<a href="/SSMDemo/logout" >入门程序</a>
</body>
</html>
拦截器配置
/**
* 登录拦截器
*/
public class LoginInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
//获取请求url
String url = request.getRequestURI();
//非登录请求进行拦截
if (!url.contains("login")){
//非登录请求获取session
if(request.getSession().getAttribute("user") != null){
return true;//说明已经登录,放行
}else { //没有登录,跳转到登录页面
request.setAttribute("msg","您还没登录。请先登录。。。");
request.getRequestDispatcher("/html/login.html").forward(request,response);
}
}else {
return true; //登录请求,放行
}
return true;
}
//省略了postHandle()和afterCompletion()方法
}
在springMV.xml文件当中配置拦截器
<!--配置拦截器-->
<mvc:interceptors>
<mvc:interceptor>
<mvc:mapping path="/**"/> <!--/**表示所有url-->
<bean class="com.qcby.Interceptor.LoginInterceptor"/>
</mvc:interceptor>
</mvc:interceptors>