SpringMVC的拦截器HandlerInterceptorAdapter对应提供了三个preHandle,postHandle,afterCompletion方法。preHandle在业务处理器处理请求之前被调用,
postHandle在业务处理器处理请求执行完成后,生成视图之前执行,afterCompletion在DispatcherServlet完全处理完请求后被调用,可用于清理资源等 。所以要想实现自己的权限管理逻辑,需要继承HandlerInterceptorAdapter并重写其三个方法。
首先在springmvc.xml中加入自己定义的拦截器我的实现逻辑CommonInterceptor,
-
- <mvc:interceptors>
- <mvc:interceptor>
-
- <mvc:mapping path="/" />
- <mvc:mapping path="/user/**" />
- <mvc:mapping path="/test/**" />
- <bean class="com.alibaba.interceptor.CommonInterceptor"></bean>
- </mvc:interceptor>
-
- </mvc:interceptors>
我的拦截逻辑是“在未登录前,任何访问url都跳转到login页面;登录成功后跳转至先前的url”,具体代码如下:
-
-
-
- package com.alibaba.interceptor;
-
- import javax.servlet.http.HttpServletRequest;
- import javax.servlet.http.HttpServletResponse;
-
- import org.slf4j.Logger;
- import org.slf4j.LoggerFactory;
- import org.springframework.web.servlet.ModelAndView;
- import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
-
- import com.alibaba.util.RequestUtil;
-
-
-
-
-
-
- public class CommonInterceptor extends HandlerInterceptorAdapter{
- private final Logger log = LoggerFactory.getLogger(CommonInterceptor.class);
- public static final String LAST_PAGE = "com.alibaba.lastPage";
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- @Override
- public boolean preHandle(HttpServletRequest request,
- HttpServletResponse response, Object handler) throws Exception {
- if ("GET".equalsIgnoreCase(request.getMethod())) {
- RequestUtil.saveRequest();
- }
- log.info("==============执行顺序: 1、preHandle================");
- String requestUri = request.getRequestURI();
- String contextPath = request.getContextPath();
- String url = requestUri.substring(contextPath.length());
-
- log.info("requestUri:"+requestUri);
- log.info("contextPath:"+contextPath);
- log.info("url:"+url);
-
- String username = (String)request.getSession().getAttribute("user");
- if(username == null){
- log.info("Interceptor:跳转到login页面!");
- request.getRequestDispatcher("/WEB-INF/jsp/login.jsp").forward(request, response);
- return false;
- }else
- return true;
- }
-
-
-
-
-
- @Override
- public void postHandle(HttpServletRequest request,
- HttpServletResponse response, Object handler,
- ModelAndView modelAndView) throws Exception {
- log.info("==============执行顺序: 2、postHandle================");
- if(modelAndView != null){
- modelAndView.addObject("var", "测试postHandle");
- }
- }
-
-
-
-
-
-
- @Override
- public void afterCompletion(HttpServletRequest request,
- HttpServletResponse response, Object handler, Exception ex)
- throws Exception {
- log.info("==============执行顺序: 3、afterCompletion================");
- }
-
- }
注:上述代码里我写了一个RequestUtil,主要实现获取当前Request、Session对象,保存和加密页面,取出等功能。
至此,拦截器已经实现了,效果如图:
我直接访问/test/hello,会被拦截
登录成功后会跳转至/test/hello对应的页面