简单介绍拦截器的用途
preHandle
调用时间:Controller方法处理之前
执行顺序:链式Intercepter情况下,Intercepter按照声明的顺序一个接一个执行
若返回false,则中断执行,注意:不会进入afterCompletion
postHandle
调用前提:preHandle返回true
调用时间:Controller方法处理完之后,DispatcherServlet进行视图的渲染之前,也就是说在这个方法中你可以对ModelAndView进行操作
执行顺序:链式Intercepter情况下,Intercepter按照声明的顺序倒着执行。
备注:postHandle虽然post打头,但post、get方法都能处理
afterCompletion
调用前提:preHandle返回true
调用时间:DispatcherServlet进行视图的渲染之后
多用于清理资源
最常用的preHandle场景
验证用户登陆信息,并执行相关操作
package com.gildata.gup.interceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import com.gildata.gup.domain.User;
import com.gildata.gup.domain.UserEncryptReset;
import com.gildata.gup.repository.UserEncryptResetRepository;
@Component // 不可少
public class PasswordStateInterceptor implements HandlerInterceptor { // 必须实现HandlerInterceptor接口
@Autowired
private UserEncryptResetRepository userEncryptResetRepository;//用户密码状态的查询的DAO类
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
// TODO Auto-generated method stub
SecurityContext securityContext = (SecurityContext) request.getSession().getAttribute("SPRING_SECURITY_CONTEXT"); // 获取session中的SecurityContext对象,它包含了用户的信息
User user = (User) securityContext.getAuthentication().getPrincipal();
if ( !user.equals(null) ) { // 说明已经登录了
UserEncryptReset uer = userEncryptResetRepository.findOneByUsername(user.getUsername()); //查询记录用户密码状态的对象
if ((uer != null) && (uer.getPasswordState().equals("1"))) { //uer存在并且用户密码状态为过期状态,才不允许放行
response.sendRedirect("/#/passwordReset"); // 将用户
return false;
}
}
return true;
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
ModelAndView modelAndView) throws Exception {
// TODO Auto-generated method stub
return;
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
throws Exception {
// TODO Auto-generated method stub
}
}
使用拦截器就要对其进行注册需要使用WebMvcConfigurerAdapter 下的addInterceptors方法。 新建一个类WebConfigfilter.java,继承自WebMvcConfigurerAdapter 。
package com.gildata.gup.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
import com.gildata.gup.interceptor.PasswordStateInterceptor;
@Configuration // 配置
public class WebConfigfilter extends WebMvcConfigurerAdapter{
@Autowired
private PasswordStateInterceptor passwordStateInterceptor; // 实例化拦截器
@Override
public void addInterceptors(InterceptorRegistry registry) {
// super.addInterceptors(registry);
// 注册自定义的拦截器passwordStateInterceptor
registry.addInterceptor(passwordStateInterceptor)
.addPathPatterns("/api/*") //匹配要过滤的路径
.excludePathPatterns("/api/changePasswordByUser/*") //匹配不过滤的路径。密码还要修改呢,所以这个路径不能拦截
.excludePathPatterns("/api/passwordStateValid") //密码状态验证也不能拦截
.excludePathPatterns("/api/getManagerVersion");//版本信息同样不能拦截
}
}