用户登入先经过拦截器验证:
import com.alibaba.fastjson.JSON;
import com.itheima.common.BaseContext;
import com.itheima.common.R;
import lombok.extern.slf4j.Slf4j;
import org.springframework.boot.web.servlet.server.Session;
import org.springframework.util.AntPathMatcher;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@Slf4j
@WebFilter("/*")
public class LoginCheckFilter implements Filter {
@Override
public void destroy() {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws ServletException, IOException {
log.info("LoginCheckFilter:线程id={}",Thread.currentThread().getId());
//0.强转两个对象
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse resp = (HttpServletResponse) response;
//1.获取本次请求的uri
String uri = req.getRequestURI();
//2.判断本次请求是否需要处理
//3.不需要处理:直接放行 /backend/** /front/** /employee/login /employee/logout
//在Spring中 提供的有一个工具类 AntPathMatcher 路径匹配器 可以使用它来直接判断哪些路径不需要处理 如果一旦匹配上 就直接放行
String[] urls = {"/backend/**","/front/**","/employee/login","/employee/logout"}; //声明不需要被过滤拦截的资源
AntPathMatcher pathMatcher = new AntPathMatcher();
for (String url : urls) {
if(pathMatcher.match(url,uri)){
chain.doFilter(req, resp);
return; //跳出方法 代码不再继续向下执行
}
}
//4.需要处理:判断员工是否已经登录【从session中获取保存的员工id】
Object employeeId = req.getSession().getAttribute("employee");
//5.员工id不为null 说明已经登录 直接放行
if(employeeId!=null){
//在放行之前 将登录成功的员工id存入到ThreadLocal中
BaseContext.setCurrentId((Long) employeeId);
chain.doFilter(req, resp);
return; //跳出方法 代码不再继续向下执行
}
//6.员工id为null 说明未登录 响应未登录结果 前端跳转到登录页面 {"code":0,"msg":"NOTLOGIN"}
resp.getWriter().print(JSON.toJSONString(R.error("NOTLOGIN")));
}
@Override
public void init(FilterConfig config) throws ServletException {
}
}
然后启动类上打上注解
@ServletComponentScan