进阶SpringBoot之员工管理系统（4）登录功能和拦截器

m0_58838332

于 2024-08-14 19:53:28 发布

阅读量171

点赞数 2

文章标签： spring boot 后端 java

本文链接：https://blog.csdn.net/m0_58838332/article/details/141197460

版权

index.html：

<!DOCTYPE html>
<html lang="en-US" xmlns:th="http://www.thymeleaf.org">
	<head>
		<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
		<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
		<meta name="description" content="">
		<meta name="author" content="">
		<title>Signin Template for Bootstrap</title>
		<!-- Bootstrap core CSS -->
		<link th:href="@{/css/bootstrap.min.css}" rel="stylesheet">
		<!-- Custom styles for this template -->
		<link th:href="@{/css/signin.css}" rel="stylesheet">
	</head>

	<body class="text-center">
		<form class="form-signin" th:action="@{/user/login}">
			<img class="mb-4" th:src="@{/img/bootstrap-solid.svg}" alt="" width="72" height="72">
			<h1 class="h3 mb-3 font-weight-normal" th:text="#{login.tip}">Please sign in</h1>

			<!-- 如果msg的值为空，则不显示消息 -->
			<p style="color: red" th:text="${msg}" th:if="${not #strings.isEmpty(msg)}"></p>
			
			<input type="text" name="username" class="form-control" th:placeholder="#{login.username}" required="" autofocus="">
			<input type="password" name="password" class="form-control" th:placeholder="#{login.password}" required="">
			<div class="checkbox mb-3">
				<label>
          <input type="checkbox" value="remember-me"> [[#{login.remember}]]
        </label>
			</div>
			<button class="btn btn-lg btn-primary btn-block" type="submit">
				[[#{login.btn}]]
			</button>
			<p class="mt-5 mb-3 text-muted">© 2024-2025</p>
			<a class="btn btn-sm" th:href="@{/index.html(l='zh_CN')}">中文</a>
			<a class="btn btn-sm" th:href="@{/index.html(l='en_US')}">English</a>
		</form>
	</body>
</html>

LoginController.java：

设置用户名和密码不准确出现提示信息

redirect 发起重定向请求

package com.demo.web.controller;

import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;

@Controller
public class LoginController {
    @RequestMapping("/user/login")
    public String login(@RequestParam("username") String username, @RequestParam("password") String password, Model model){

        //具体业务
        if(!StringUtils.isEmpty(username) && "demo".equals(password)){
            return "redirect:/main.html"; //redirect重定向到登录成功页面
        }else {
            model.addAttribute("msg","用户名或密码错误");
            return "index";
        }
    }
}

MyMvcConfig.java：

registry.addViewController("/main.html").setViewName("dashboard");

main.html（没有这个页面）映射到 dashboard.html（登录成功页面）

package com.demo.web.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.LocaleResolver;
import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

@Configuration
public class MyMvcConfig implements WebMvcConfigurer {

    @Override
    public void addViewControllers(ViewControllerRegistry registry) {
        registry.addViewController("/").setViewName("index");
        registry.addViewController("/index.html").setViewName("index");
        registry.addViewController("/main.html").setViewName("dashboard");
    }

    //自定义的国际化组件生效
    @Bean
    public LocaleResolver localeResolver(){
        return new MyLocaleResolver();
    }
}

启动，输入错误信息，点击登录，提示用户名或密码错误

但同时，设置了 main.html 映射，地址栏后缀输入 main.html 同样进入后台，所以需要登录拦截

登录拦截器：

实现 HandlerInterceptor 接口

按 ctrl + o 重写方法

request.getSession() 获取用户 session

若未登录，request.getRequestDispatcher("/index.html").forward(request,response); 转发回登录页

package com.demo.web.config;

import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;

//HandlerInterceptor拦截器
public class LoginHandlerInterceptor implements HandlerInterceptor {
    @Override
    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
        HandlerInterceptor.super.postHandle(request, response, handler, modelAndView);
    }

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        //return HandlerInterceptor.super.preHandle(request, response, handler);

        //登录成功后，应该有用户的session
        Object loginUser = request.getSession().getAttribute("loginUser");

        if(loginUser==null){ //没有登录
            request.setAttribute("msg","没有权限，请先登录！");
            request.getRequestDispatcher("/index.html").forward(request,response);
            return false;
        }else {
            return true;
        }
    }

    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
        HandlerInterceptor.super.afterCompletion(request, response, handler, ex);
    }
}

LoginController.java：

添加 HttpSession session

session.setAttribute("loginUser",username);

package com.demo.web.controller;

import jakarta.servlet.http.HttpSession;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;

@Controller
public class LoginController {

    @RequestMapping("/user/login")
    public String login(@RequestParam("username") String username,
                        @RequestParam("password") String password,
                        Model model,
                        HttpSession session){

        //具体业务
        if(!StringUtils.isEmpty(username) && "demo".equals(password)){
            session.setAttribute("loginUser",username);
            return "redirect:/main.html"; //redirect重定向到登录成功页面
        }else {
            model.addAttribute("msg","用户名或密码错误");
            return "index";
        }
    }
}

拦截器写好后，配置到 Bean 里面注册

MyMvcConfig.java：

重写 addInterceptors 方法，excludePathPatterns 设置放行的页面和静态资源

package com.demo.web.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.LocaleResolver;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

@Configuration
public class MyMvcConfig implements WebMvcConfigurer {

    @Override
    public void addViewControllers(ViewControllerRegistry registry) {
        registry.addViewController("/").setViewName("index");
        registry.addViewController("/index.html").setViewName("index");
        registry.addViewController("/main.html").setViewName("dashboard");
    }

    //自定义的国际化组件生效
    @Bean
    public LocaleResolver localeResolver(){
        return new MyLocaleResolver();
    }

    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        //WebMvcConfigurer.super.addInterceptors(registry);
        registry.addInterceptor(new LoginHandlerInterceptor())
                .addPathPatterns("/**")
                .excludePathPatterns("/index.html","/","/user/login","/css/*","/js/**","/img/**");
    }
}

这样，就无法跳过登录直接进入后台

m0_58838332

关注

2
点赞
踩
2

收藏

觉得还不错? 一键收藏
0
评论
进阶SpringBoot之员工管理系统（4）登录功能和拦截器

若未登录，request.getRequestDispatcher("/index.html").forward(request,response);但同时，设置了 main.html 映射，地址栏后缀输入 main.html 同样进入后台，所以需要登录拦截。重写 addInterceptors 方法，excludePathPatterns 设置放行的页面和静态资源。main.html（没有这个页面）映射到 dashboard.html（登录成功页面）启动，输入错误信息，点击登录，提示用户名或密码错误。
复制链接

扫一扫