SpringMVC如何通过拦截器实现系统登录验证
目标:用户在未登录的时候点击"首页"无法进入首页(main.jsp),而是自动跳转到登录页面(login.jsp),用户在main.jsp点击注销,进入登录页面。
拦截器是SpringMVC独有的功能,其实现原理是AOP思想,在不改变既有功能代码的前体现,实现拦截器功能。
实现方式:实现 HandlerInterceptor即可
一、相关页面(请忽略页面效果)
index.jsp
login.jsp
main.jsp
二、搭建SpringMVC框架
1、配置web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd"
version="4.0">
<!--注册 dispatcherServlet-->
<servlet>
<servlet-name>dispatcherServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<!--绑定Spring配置文件
-->
<param-value>classpath:applicationContext.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcherServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!--解决中文乱码问题-->
<filter>
<filter-name>characterEncodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>utf-8</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>characterEncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!--设置session超时时间:15分钟-->
<session-config>
<session-timeout>15</session-timeout>
</session-config>
</web-app>
2、创建Spring配置文件:applicationContext.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
https://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context
https://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/mvc
https://www.springframework.org/schema/mvc/spring-mvc.xsd">
<context:component-scan base-package="com.wangjw.controller"/>
<!--静态资源过滤-->
<mvc:default-servlet-handler/>
<!--JSON乱码问题处理-->
<mvc:annotation-driven>
<mvc:message-converters register-defaults="true">
<bean class="org.springframework.http.converter.StringHttpMessageConverter">
<constructor-arg value="UTF-8"/>
</bean>
<bean class="org.springframework.http.converter.json.MappingJackson2HttpMessageConverter">
<property name="objectMapper">
<bean class="org.springframework.http.converter.json.Jackson2ObjectMapperFactoryBean">
<property name="failOnEmptyBeans" value="false"/>
</bean>
</property>
</bean>
</mvc:message-converters>
</mvc:annotation-driven>
<!--配置视图解析器-->
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver" id="internalResourceViewResolver">
<property name="prefix" value="/WEB-INF/jsp/"/>
<property name="suffix" value=".jsp"/>
</bean>
</beans>
3、创建Controller类
package com.wangjw.controller;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import javax.servlet.http.HttpSession;
@Controller
@RequestMapping("/user")
public class LoginController {
@RequestMapping("/main")
public String main() {
return "main";
}
@RequestMapping("/goLogin")
public String goLogin() {
return "login";
}
@RequestMapping("/login")
public String login(HttpSession session, String username, String password, Model model) {
//登录成功后把用户信息存在session中,后面拦截器可以通过有无session来判断是否登录
session.setAttribute("userLoginInfo", username);
model.addAttribute("username", username);
return "main";
}
/*注销*/
@RequestMapping("/goOut")
public String goOut(HttpSession session) {
// session.invalidate(); 推荐使用removeAttribute,减轻服务器压力
session.removeAttribute("userLoginInfo");
return "login";
}
}
4.创建拦截器
创建拦截器,实现HandlerInterceptor接口,重写preHandle方法。
方法返回true时代表放行请求,方法返回false时,拦截请求。
package com.wangjw.config;
import org.springframework.web.servlet.HandlerInterceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class LoginInterCeptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
HttpSession session = request.getSession();
//登录页面放行
if(request.getRequestURI().contains("goLogin")){
return true;
}
if (request.getRequestURI().contains("login")){
return true;
}
//已经登录的 放行
if (session.getAttribute("userLoginInfo")!=null) {
return true;
}
//不符合以上情况时,重定向到登录页面login.jsp
request.getRequestDispatcher("/WEB-INF/jsp/login.jsp").forward(request,response);
return false;
}
}
5、在Spring中注册拦截器
<!--拦截器配置-->
<mvc:interceptors>
<mvc:interceptor>
<!--拦截/user请求下的所有请求-->
<mvc:mapping path="/user/**"/>
<bean class="com.wangjw.config.LoginInterCeptor"/>
</mvc:interceptor>
</mvc:interceptors>
三、扩展HandlerInterceptor
该接口存在三个方法:
- preHandle 方法通常用于配置拦截器
- postHandle、afterCompletion:这两个方法通常用于记录日志等功能
public class MyInterCeptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
System.out.println("=========处理前=========");
return true;//return true 执行下一个拦截器 false 不执行下一个拦截器
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
System.out.println("============处理后==========");
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
System.out.println("===========清理=============");
}
}