1.新建控制器“MainController”文件:
package com.github.carter659.spring13; import java.util.HashMap; import java.util.Map; import javax.servlet.http.HttpSession; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.bind.annotation.SessionAttribute; /** * 控制器 博客出处:http://www.cnblogs.com/GoodHelper/ * */ @Controller public class MainController { @GetMapping("/") public String index(@SessionAttribute(WebSecurityConfig.SESSION_KEY) String account, Model model) { model.addAttribute("name", account); return "index"; } @GetMapping("/login") public String login() { return "login"; } @PostMapping("/loginPost") public @ResponseBody Map<String, Object> loginPost(String account, String password, HttpSession session) { Map<String, Object> map = new HashMap<>(); if (!"123456".equals(password)) { map.put("success", false); map.put("message", "密码错误"); return map; } // 设置session session.setAttribute(WebSecurityConfig.SESSION_KEY, account); map.put("success", true); map.put("message", "登录成功"); return map; } @GetMapping("/logout") public String logout(HttpSession session) { // 移除session session.removeAttribute(WebSecurityConfig.SESSION_KEY); return "redirect:/login"; } }
讲解MainController:
这里的四个方法分别是:登录后的页面、登录页面、登录ajax后台方法和注销。
“loginPost”方法判断当密码为“123456”时则设置session
“index”方法用来显示session
“logout”方法用来移除session
2.新建“WebSecurityConfig”类文件:
package com.github.carter659.spring13; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.web.servlet.config.annotation.InterceptorRegistration; import org.springframework.web.servlet.config.annotation.InterceptorRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter; import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; /** * 登录配置 博客出处:http://www.cnblogs.com/GoodHelper/ * */ @Configuration public class WebSecurityConfig extends WebMvcConfigurerAdapter { /** * 登录session key */ public final static String SESSION_KEY = "user"; @Bean public SecurityInterceptor getSecurityInterceptor() { return new SecurityInterceptor(); } public void addInterceptors(InterceptorRegistry registry) { InterceptorRegistration addInterceptor = registry.addInterceptor(getSecurityInterceptor()); // 排除配置 addInterceptor.excludePathPatterns("/error"); addInterceptor.excludePathPatterns("/login**"); // 拦截配置 addInterceptor.addPathPatterns("/**"); } private class SecurityInterceptor extends HandlerInterceptorAdapter { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { HttpSession session = request.getSession(); if (session.getAttribute(SESSION_KEY) != null) return true; // 跳转登录 String url = "/login"; response.sendRedirect(url); return false; } } }
“SecurityInterceptor”类继承“HandlerInterceptorAdapter”,并重新“preHandle”方法,当session为空时,则跳转到登录页面
“WebSecurityConfig”类继承“WebMvcConfigurerAdapter”,重新“addInterceptors”方法,其目的是设置拦截规则,excludePathPatterns为需要排除的规则,addPathPatterns为需要拦截的规则。