1、首先写一个登录权限控制的类LoginInterceptor
package cn.orz.utlis;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import cn.orz.bean.Msg;
import com.alibaba.fastjson.JSONArray;
import com.alibaba.fastjson.JSONObject;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import java.io.PrintWriter;
public class LoginInterceptor implements HandlerInterceptor {
@Override
public void afterCompletion(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, Exception arg3)
throws Exception {
// 执行完毕,返回前拦截
}
@Override
public void postHandle(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, ModelAndView arg3)
throws Exception {
// 在处理过程中,执行拦截
}
@Override
@ResponseBody
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object arg2) throws Exception {
// 在拦截点执行前拦截,如果返回true则不执行拦截点后的操作(拦截成功)
// 返回false则不执行拦截
HttpSession session = request.getSession();
String url = request.getRequestURI(); // 获取登录的uri,这个是不进行拦截的
//if(session.getAttribute("_CURRENT_USER")!=null || url.indexOf("home.action")!=-1 || url.indexOf("login.action")!=-1) {
if(session.getAttribute("user")!=null) {
// 登录成功不拦截
return true;
}else {
// 拦截后进入登录页面
response.sendRedirect(request.getContextPath()+"/User/login.html");
// System.out.println("-------------拦截-------");
response.setCharacterEncoding("UTF-8");
response.setContentType("application/json; charset=utf-8");
PrintWriter out = null ;
try{
// JSONObject result = new JSONObject();
Msg msg = Msg.fail().Add("error","你还没登录呢");
// result.put("",msg);
Object obj = JSONArray.toJSON(msg);
String json = obj.toString();
out = response.getWriter();
out.append(json);
return false;
// return true;
}
catch (Exception e){
e.printStackTrace();
response.sendError(500);
return false;
// return true;
}
// return false;
}
}
}
2、在SpringMvc.xml配置权限信息
<mvc:interceptors>
<mvc:interceptor>
<!-- 拦截所有mvc控制器 -->
<mvc:mapping path="/**"/>
<!-- mvc:exclude-mapping是另外一种拦截,它可以在你后来的测试中对某个页面进行不拦截,这样就不用在
LoginInterceptor的preHandler方法里面获取不拦截的请求uri地址了(优选) -->
<!--用户跳转页面请求不拦截,例如跳转注册,忘记密码-->
<mvc:exclude-mapping path="/User/**" />
<!--静态资源不拦截-->
<mvc:exclude-mapping path="/static/**" />
<mvc:exclude-mapping path="/assets/**" />
<!---登录,注册,忘记密码的前端页面不拦截-->
<mvc:exclude-mapping path="/WEB-INF/templates/User/**" />
<bean class="cn.orz.utlis.LoginInterceptor"></bean>
</mvc:interceptor>
</mvc:interceptors>
这样就能控制,在还没登录之前,登录,注册页面不拦截,然后没登录对其他请求拦截的效果。
拦截处理的这一句代码意思是拦截后直接回到登录页,如果非网页端,如Android或者其他可以把这一句注释掉,直接返回json数据回去。
response.sendRedirect(request.getContextPath()+"/User/login.html");
如果需要直接直接返回json数据回去。
写一个Msg类
package cn.orz.bean;
import java.util.HashMap;
import java.util.Map;
public class Msg {
//状态码 10001 成功 10002失败
private int code;
private String msg;
private Map<String,Object> extend=new HashMap<String,Object>();
/**
* 返回成功
* @return
*/
public static Msg Success (){
Msg result = new Msg();
result.setCode(10001);
result.setMsg("成功");
return result;
}
/***
* 返回失败
* @return
*/
public static Msg fail (){
Msg result = new Msg();
result.setCode(10002);
result.setMsg("失败");
return result;
}
public Msg Add(String key, Object value){
this.getExtend().put(key,value);
return this;
}
public int getCode() {
return code;
}
public void setCode(int code) {
this.code = code;
}
public String getMsg() {
return msg;
}
public void setMsg(String msg) {
this.msg = msg;
}
public Map<String, Object> getExtend() {
return extend;
}
public void setExtend(Map<String, Object> extend) {
this.extend = extend;
}
@Override
public String toString() {
return "Msg{" +
"code=" + code +
", msg='" + msg + '\'' +
", extend=" + extend +
'}';
}
}
需要添加Alibaba相关的JSON依赖,在maven上添加
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>fastjson</artifactId>
<version>1.2.59</version>
</dependency>
这样就可以了。