完整的SSM架构+session+HandlerInterceptor
闲来想把SSM框架好好搭建一套 弄清楚具体的原理,以免后忘:
项目截图如下:
一、本项目采用的SSM框架各组件介绍
1. spring-mybatis.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.1.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-3.1.xsd">
<!-- 自动扫描,自动注入,配置数据库 -->
<!-- 自动扫描 -->
<!-- <context:annotation-config/> -->
<context:component-scan base-package="com.wx">
<!-- 将Controller的注解打消掉 -->
<context:exclude-filter type="annotation"
expression="org.springframework.stereotype.Controller"/>
</context:component-scan>
<!-- 加载配置JDBC文件 -->
<context:property-placeholder location="classpath:db.properties" />
<!-- 两种数据源 -->
<!--第一种-->
<!--事实上是因为DriverManagerDataSource建立连接是只要有连接就新建一个connection,根本没有连接池的作用 -->
<!--两种不同的DataSource -->
<!-- 在访问数量大,并发的情况下,毫无疑问是要选择连接池的, 因为有连接池的功能,无论是效率还是在资源利用率上都优于DriverManagerDataSource -->
<!--单纯的DataSource -->
<!--<bean id="pkmDataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName">
<value>${mysql.driver}</value>
${pkm.jdbc.driverClassName}是jdbc.properties文件 中的key
</property>
<property name="url">
<value>${mysql.url}</value>
</property>
<property name="username">
<value>${mysql.username}</value>
</property>
<property name="password">
<value>${mysql.password}</value>
</property>
</bean>-->
<!--第二种有连接池的BasicDataSource -->
<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource"
destroy-method="close" lazy-init="false">
<property name="driverClassName" value="${mysql.driver}" />
<property name="url" value="${mysql.url}" />
<property name="username" value="${mysql.username}" />
<property name="password" value="${mysql.password}" />
<property name="initialSize" value="${mysql.initialSize}" />
<property name="maxActive" value="${mysql.maxActive}" />
<property name="maxWait" value="${mysql.maxWait}" />
<property name="poolPreparedStatements" value="true" />
<!-- testOnBorrow和testOnReturn在生产环境一般是不开启的,主要是性能考虑。
失效连接主要通过testWhileIdle保证,如果获取到了不可用的数据库连接(长时间没有访问数据库),一般由应用处理异常 -->
<property name="testOnBorrow">
<value>true</value>
</property>
<property name="validationQuery">
<value>SELECT 1 FROM DUAL</value>
</property>
</bean>
<!-- 在使用mybatis时 spring使用sqlsessionFactoryBean 来管理mybatis的sqlsessionFactory -->
<bean id="sqlSessionFactory" class="org.mybatis.spring.SqlSessionFactoryBean">
<property name="dataSource" ref="dataSource" />
<!-- 实体类映射文件路径,这里只有一个就写死了,多个可以使用mybatis/*.xml来替代 -->
<property name="mapperLocations" value="classpath*:com/wx/mapping/*.xml" />
</bean>
<!--动态代理实现 不用写dao的实现 -->
<bean id="MapperScannerConfigurer" class="org.mybatis.spring.mapper.MapperScannerConfigurer">
<!-- 这里的basePackage 指定了dao层接口路劲,这里的dao接口不用自己实现 -->
<property name="basePackage" value="com.wx.dao" />
<!-- 如果只有一个数据源的话可以不用指定,但是如果有多个数据源的话必须要指定 -->
<property name="sqlSessionFactoryBeanName" value="sqlSessionFactory" />
<!--直接指定了sqlsessionTemplate名称,这个和上面的其实是一样的 -->
<!-- <property name="sqlSessionTemplateBeanName" value="sqlSession" /> -->
</bean>
<!--事务管理器 -->
<bean id="transactionManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
<property name="dataSource" ref="dataSource" />
</bean>
<!-- 使用全注释事务 -->
<tx:annotation-driven transaction-manager="transactionManager" />
</beans>**
2. db.properties
mysql.driver=com.mysql.jdbc.Driver
mysql.url=jdbc:mysql://127.0.0.1:3306/ssmStu
mysql.username=root
mysql.password=000
#定义初始连接数
mysql.initialSize=0
#定义最大连接数
mysql.maxActive=20
#定义最大空闲
mysql.maxIdle=20
#定义最小空闲
mysql.minIdle=1
#定义最长等待时间
mysql.maxWait=600003 log4j.properties ## (可以在控制台显示sql 县市级别为DEBUG)
#为了方便调试,一般都会使用日志来输出信息,Log4j是Apache的一个开放源代码项目,
#通过使用Log4j,我们可以控制日志信息输送的目的地是控制台、文件、GUI组件,
#甚至是套接口服务器、NT的事件记录器、UNIX Syslog守护进程等;
#们也可以控制每一条日志的输出格式;通过定义每一条日志信息的级别,我们能够更加细致地控制日志的生成过程。
#定义LOG输出级别
log4j.rootLogger=DEBUG,Console,File
#定义日志输出目的地为控制台
log4j.appender.Console=org.apache.log4j.ConsoleAppender
log4j.appender.Console.Target=System.out
#可以灵活地指定日志输出格式,下面一行是指定具体的格式
log4j.appender.Console.layout = org.apache.log4j.PatternLayout
log4j.appender.Console.layout.ConversionPattern=[%c] - %m%n
log4j.logger.com.ibatis=DEBUG
log4j.logger.com.ibatis.common.jdbc.SimpleDataSource=DEBUG
log4j.logger.com.ibatis.common.jdbc.ScriptRunner=DEBUG
log4j.logger.com.ibatis.sqlmap.engine.impl.SqlMapClientDelegate=DEBUG
log4j.logger.java.sql.Connection=DEBUG
log4j.logger.java.sql.Statement=DEBUG
log4j.logger.java.sql.PreparedStatement=DEBUG
#文件大小到达指定尺寸的时候产生一个新的文件
log4j.appender.File = org.apache.log4j.RollingFileAppender
#指定输出目录
log4j.appender.File.File = logs/ssm.log
#定义文件最大大小
log4j.appender.File.MaxFileSize = 10MB
# 输出所以日志,如果换成DEBUG表示输出DEBUG以上级别日志
log4j.appender.File.Threshold = ALL
log4j.appender.File.layout = org.apache.log4j.PatternLayout
log4j.appender.File.layout.ConversionPattern =[%p] [%d{yyyy-MM-dd HH\:mm\:ss}][%c]%m%n 4.POM
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.wx</groupId>
<artifactId>loginFilter</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>war</packaging>
<properties>
<!-- spring版本号 -->
<spring.version>4.0.2.RELEASE</spring.version>
<!-- mybatis版本号 -->
<mybatis.version>3.2.6</mybatis.version>
<!-- log4j日志文件管理包版本 -->
<slf4j.version>1.7.7</slf4j.version>
<log4j.version>1.2.17</log4j.version>
</properties>
<dependencies>
<!-- 导入java ee jar 包 -->
<dependency>
<groupId>javax</groupId>
<artifactId>javaee-api</artifactId>
<version>7.0</version>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.11</version>
<!-- 表示开发的时候引入,发布的时候不会加载此包 -->
<scope>test</scope>
</dependency>
<!-- spring核心包 -->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-oxm</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-tx</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-aop</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context-support</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-test</artifactId>
<version>${spring.version}</version>
</dependency>
<!-- mybatis核心包 -->
<dependency>
<groupId>org.mybatis</groupId>
<artifactId>mybatis</artifactId>
<version>${mybatis.version}</version>
</dependency>
<!-- mybatis/spring包 -->
<dependency>
<groupId>org.mybatis</groupId>
<artifactId>mybatis-spring</artifactId>
<version>1.2.2</version>
</dependency>
<!-- 导入Mysql数据库链接jar包 -->
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>5.1.30</version>
</dependency>
<!-- 导入dbcp的jar包,用来在applicationContext.xml中配置数据库 -->
<dependency>
<groupId>commons-dbcp</groupId>
<artifactId>commons-dbcp</artifactId>
<version>1.2.2</version>
</dependency>
<!-- 日志文件管理包 -->
<!-- log start -->
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>${log4j.version}</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>${slf4j.version}</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
<version>${slf4j.version}</version>
</dependency>
<!-- JSTL标签类 -->
<dependency>
<groupId>jstl</groupId>
<artifactId>jstl</artifactId>
<version>1.2</version>
</dependency>
<!-- https://mvnrepository.com/artifact/taglibs/standard -->
<dependency>
<groupId>taglibs</groupId>
<artifactId>standard</artifactId>
<version>1.1.2</version>
</dependency>
<!-- https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-core -->
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-core</artifactId>
<version>2.8.6</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.module</groupId>
<artifactId>jackson-module-jaxb-annotations</artifactId>
<version>2.8.6</version>
</dependency>
<!-- 上传组件包 -->
<dependency>
<groupId>commons-fileupload</groupId>
<artifactId>commons-fileupload</artifactId>
<version>1.3.1</version>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>2.4</version>
</dependency>
<dependency>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
<version>1.9</version>
</dependency>
<!-- 映入JSON -->
<dependency>
<groupId>org.codehaus.jackson</groupId>
<artifactId>jackson-mapper-asl</artifactId>
<version>1.9.13</version>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-validator</artifactId>
<version>5.2.4.Final</version>
</dependency>
</dependencies>
<build>
<finalName>loginFilter</finalName>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>2.3.2</version>
<configuration>
<source>1.7</source>
<target>1.7</target>
</configuration>
</plugin>
</plugins>
</build>
</project>5.mapping 文件(主要是测试用 这里只是用了最简单的类User)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<!--注意 namespace一定要严格的与dao层接口名相同-->
<mapper namespace="com.wx.dao.UserDao">
<resultMap id="BaseResultMap" type="com.wx.entity.User">
<id column="ID" jdbcType="INTEGER" property="id" />
<result column="USER_NAME" jdbcType="VARCHAR" property="userName" />
<result column="PASSWORD" jdbcType="VARCHAR" property="password" />
<result column="AGE" jdbcType="INTEGER" property="age" />
<result column="LABELCODE" jdbcType="VARCHAR" property="labelcode" />
<result column="REPORTCODE" jdbcType="VARCHAR" property="reportcode" />
</resultMap>
<sql id="Base_Column_List">
ID, USER_NAME, PASSWORD, AGE, LABELCODE, REPORTCODE
</sql>
<select id="selectByslective" parameterType="com.wx.entity.User" resultMap="BaseResultMap">
select
<include refid="Base_Column_List" />
from user
where 1=1
<if test='id != null and id != ""'>
and ID = #{id,jdbcType=INTEGER}
</if>
<if test='userName != null and userName!= ""'>
and USER_NAME = #{userName,jdbcType=VARCHAR}
</if>
<if test='password != null and password!=""'>
and PASSWORD = #{password,jdbcType=VARCHAR}
</if>
</select>
</mapper>6.dao层接口
package com.wx.dao;
import org.springframework.stereotype.Component;
import com.wx.entity.User;
@Component
public interface UserDao {
/**
* 主键查询用户信息
* @param user
* @return
*/
User selectByslective(User user);
}7. service接口
package com.wx.service;
import com.wx.entity.User;
public interface UserService {
/**
* 判断用户名和密码是否正确
* @return
*/
User checkUsernameAndPassword(User user);
}
8.service实现
package com.wx.serviceImpl;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import com.wx.dao.UserDao;
import com.wx.entity.User;
import com.wx.service.UserService;
@Service("userServiceImpl")
public class UserServiceImpl implements UserService {
@Autowired
private UserDao userDao;
public User checkUsernameAndPassword(User user) {
return userDao.selectByslective(user);
}
}
999999、写到这里就可以进行junit单元测试了 当然也可以使用mock测试
package com.wx.junit;
import org.apache.log4j.Logger;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import com.wx.entity.User;
import com.wx.service.UserService;
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration(locations = {"classpath:spring-mybatis.xml"})
public class UserServiceTest {
private static Logger logger = Logger.getLogger(UserServiceTest.class);
@Autowired
private UserService userService ;
@Test
public void test1() {
User user =new User();
user.setPassword("aa");
user.setUserName("aa");
User userRecord = userService.checkUsernameAndPassword(user);
logger.info(userRecord.toString());
}
}
10.web.xml配置
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0">
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring-mybatis.xml</param-value>
</context-param>
<servlet>
<servlet-name>SpringMvc</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring-mvc.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
<async-supported>true</async-supported>
</servlet>
<servlet-mapping>
<servlet-name>SpringMvc</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<filter>
<filter-name>encodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<async-supported>true</async-supported>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>encodingFilter</filter-name>
<url-pattern>/</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
</listener>
<!-- 自定义的session监听器,怎么自定义?写个类实现HttpSessionListener,后边详细介绍 -->
<listener>
<listener-class>com.wx.common.Interceptor.HttpSessionUse</listener-class>
</listener>
<!-- session 维持时间1min -->
<session-config>
<session-timeout>1</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>/index.jsp</welcome-file>
</welcome-file-list>
</web-app>11、spring-mvc.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-4.0.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc-4.0.xsd">
<!-- 自动扫描该包,使SpringMVC认为包下用了@controller注解的类是控制器 -->
<context:component-scan base-package="com.wx">
<!-- 将Service注解给去掉 -->
<context:exclude-filter type="annotation"
expression="org.springframework.stereotype.Service"/>
</context:component-scan>
<!-- 扩充了注解驱动,可以将请求参数绑定到控制参数-->
<mvc:annotation-driven />
<!-- 静态资源处理 css js images -->
<mvc:resources mapping="/js/**" location="js/" />
<!-- mvc拦截器,自定义的 拦截所有的 登录页面不拦截 在类里边定义 -->
<mvc:interceptors>
<mvc:interceptor>
<mvc:mapping path="/**"/>
<bean class="com.wx.common.Interceptor.AuthorizationInterceptor"></bean>
</mvc:interceptor>
</mvc:interceptors>
<!-- 避免IE执行AJAX时,返回JSON出现下载文件 -->
<bean id="mappingJacksonHttpMessageConverter"
class="org.springframework.http.converter.json.MappingJackson2HttpMessageConverter">
<property name="supportedMediaTypes">
<list>
<value>text/html;charset=UTF-8</value>
</list>
</property>
</bean>
<!-- 配置文件上传,如果没有使用文件上传可以不用配置,当然如果不配,那么配置文件中也不必引入上传组件包 -->
<bean id="multipartResolver"
class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
<!-- 默认编码 -->
<property name="defaultEncoding" value="utf-8" />
<!-- 上传文件最大值 -->
<property name="maxUploadSize" value="10485760000"/>
<!-- 内存中的最大值 -->
<property name="maxInMemorySize" value="40960"/>
<!-- 启用是为了推迟文件解析,以便捕获文件大小异常 -->
<property name="resolveLazily" value="true"/>
</bean>
<!-- 配置viewResolver。可以用多个viewResolver。使用order属性排序。
InternalResourceViewResolver 放在最后 -->
<bean
class="org.springframework.web.servlet.view.ContentNegotiatingViewResolver">
<property name="order" value="1"></property>
<property name="mediaTypes">
<map>
<!-- 告诉视图解析器,返回的类型为json格式 -->
<entry key="json" value="application/json" />
<entry key="xml" value="application/xml" />
<entry key="htm" value="text/htm" />
</map>
</property>
<property name="defaultViews">
<list>
<!-- ModelAndView里的数据变成JSON -->
<bean class="org.springframework.web.servlet.view.json.MappingJackson2JsonView" />
</list>
</property>
<property name="ignoreAcceptHeader" value="true"></property>
</bean>
<!-- 定义跳转的文件的前后缀 ,视图模式配置-->
<bean
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<!-- 这里的配置我的理解是自动给后面action的方法return的字符串加上前缀和后缀,变成一个 可用的url地址 -->
<property name="prefix" value="/WEB-INF/jsp/" />
<property name="suffix" value=".jsp" />
</bean>
</beans>12.controller层代码介绍
package com.wx.controller;
import java.util.ArrayList;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.servlet.ModelAndView;
import com.wx.entity.Book;
import com.wx.entity.User;
import com.wx.service.UserService;
@Controller
@RequestMapping("/user")
public class UserController {
Logger logger=Logger.getLogger(UserController.class);
@Autowired
private UserService userService;
// @RequestMapping(value="")
// public String init(HttpServletRequest request,HttpServletResponse response,Model model){
// return "userIndex";
// }
@RequestMapping("/login")
public String login(User user,HttpSession session,Model model){
User userResult=userService.checkUsernameAndPassword(user);
if(userResult!=null){
// 登录成功,将user对象设置到HttpSession作用范围域
session.setAttribute("user", userResult);
// 转发到main请求
// mv.setViewName("index");
model.addAttribute("message", "登录名成功!");
// 模拟数据库获得所有图书集合
List<Book> book_list=new ArrayList<Book>();
book_list.add(new Book("java.jpg","疯狂Java讲义(附光盘)","李刚 编著",74.2));
book_list.add(new Book("ee.jpg","轻量级Java EE企业应用实战","李刚 编著",59.2));
book_list.add(new Book("android.jpg","疯狂Android讲义(附光盘)","李刚 编著",60.6));
book_list.add(new Book("ajax.jpg","疯狂Ajax讲义(附光盘)","李刚 编著",66.6));
// 将图书集合添加到model当中
model.addAttribute("book_list", book_list);
return "index";
}else{
// mv.addObject("message", "登录名或密码错误,请重新输入!");
// mv.setViewName("loginForm");
model.addAttribute("message", "登录名或密码错误,请重新输入!");
return "loginForm";
}
}
}
13.login拦截器(大戏,主要验证的就这玩意儿)
package com.wx.common.Interceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import com.mysql.jdbc.StringUtils;
import com.wx.entity.User;
/*
* 拦截器必须实现HandlerInterceptor接口
*/
public class AuthorizationInterceptor implements HandlerInterceptor {
// 不拦截"/loginForm" 登录页面 和"/login" 登录验证请求
private static String[] IGNORE_URI={"/loginForm","/user/login","/js"};
/*
* preHandle方法是进行处理器拦截用的,该方法将在Controller处理之前进行调用,
* 该方法的返回值为true拦截器才会继续往下执行,该方法的返回值为false的时候整个请求就结束了。
*/
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
System.out.println("AuthorizationInterceptor preHandle --> ");
// flag变量用于判断用户是否登录,默认为false
boolean flag = false;
//获取请求的路径进行判断
String servletPath = request.getServletPath();
for (String string : IGNORE_URI) {
// if("/user/login".equals(string)){
// String userName=request.getParameter("userName");
// String password=request.getParameter("password");
// if(StringUtils.isEmptyOrWhitespaceOnly(userName)||StringUtils.isEmptyOrWhitespaceOnly(password)){
// break;
// }
// }
//若果是去往登陆页面,不拦截
if(servletPath.contains(string)){
flag=true;
break;
}
}
// 拦截请求
if (!flag){
// 1.获取session中的用户
User user = (User) request.getSession().getAttribute("user");
// 2.判断用户是否已经登录
if(user == null){
// 如果用户没有登录,则设置提示信息,跳转到登录页面
System.out.println("AuthorizationInterceptor拦截请求:");
request.setAttribute("message", "请先登录再访问网站");
request.getRequestDispatcher("loginForm").forward(request, response);
}
else{
// 如果用户已经登录,则验证通过,放行
System.out.println("AuthorizationInterceptor放行请求:");
flag = true;
}
}
return flag;
}
/*
* 该方法将在Controller的方法调用之后执行, 方法中可以对ModelAndView进行操作 ,
* 该方法也只能在当前Interceptor的preHandle方法的返回值为true时才会执行。
*/
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
ModelAndView modelAndView) throws Exception {
System.out.println("AuthorizationInterceptor postHandle --> ");
}
/*
* 该方法将在整个请求完成之后执行, 主要作用是用于清理资源的,
* 该方法也只能在当前Interceptor的preHandle方法的返回值为true时才会执行。
*/
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
throws Exception {
System.out.println("AuthorizationInterceptor afterCompletion --> ");
}
}
14.session控制
package com.wx.common.Interceptor;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpSessionEvent;
import javax.servlet.http.HttpSessionListener;
public class HttpSessionUse implements HttpSessionListener{
public void sessionCreated(HttpSessionEvent se) {
// TODO 自动生成的方法存根
}
public void sessionDestroyed(HttpSessionEvent se) {
HttpSession session=se.getSession();
session.removeAttribute("userName");
session.removeAttribute("password");
session.invalidate();
System.out.println(">>>>>>>>>>>>>>>>>>>>>>>session失效>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>");
String userName=(String) session.getAttribute("userName");
}
}
15、页面们
- index,jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>首页</title>
<%@include file="/WEB-INF/jsp/taglib.jsp" %>
<style type="text/css">
table{border-collapse:collapse;border-spacing:0;border-left:1px solid #888;border-top:1px solid #888;background:#efefef;}
th,td{border-right:1px solid #888;border-bottom:1px solid #888;padding:5px 15px;}
th{font-weight:bold;background:#ccc;}
</style>
<script src="${basePath}/js/jquery-1.11.0.min.js" type="text/javascript"></script>
<script type="text/javascript">
$(document).ajaxComplete(function(event, xhr, settings) {
if(xhr.getResponseHeader("sessionstatus")=="timeOut"){
if(xhr.getResponseHeader("loginPath")){
alert("会话过期,请重新登陆!");
window.location.replace(xhr.getResponseHeader("/loginFilter/loginForm"));
}else{
alert("请求超时请重新登陆 !");
}
}
});
</script>
</head>
<body>
<!-- 提示信息 -->
<font color="red">${requestScope.message }</font>
<h3>欢迎[${sessionScope.user.userName }]访问</h3>
<p>${basePath}</p>
<br>
<table border="1">
<tr>
<th>ID</th><th>姓名</th><th>密码</th><th>年龄</th>
</tr>
<c:forEach items="${requestScope.book_list }" var="book">
<tr>
<td>${book.image}</td>
<td>${book.name }</td>
<td>${book.author }</td>
<td>${book.price }</td>
</tr>
</c:forEach>
</table>
</body>
</html>
2.loginForm.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>登录页面</title>
</head>
<body>
<h3>登录页面</h3>
<form action="/loginFilter/user/login" method="post">
<!-- 提示信息 -->
<font color="red">${requestScope.message }</font>
<table>
<tr>
<td><label>登录名: </label></td>
<td><input type="text" id="userName" name="userName" ></td>
</tr>
<tr>
<td><label>密码: </label></td>
<td><input type="password" id="password" name="password" ></td>
</tr>
<tr>
<td><input type="submit" value="登录"></td>
</tr>
</table>
</form>
</body>
</html>3.taglib.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<%@taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insert title here</title>
</head>
<body>
<%
String path=request.getContextPath();
int port=request.getServerPort();
String basePath = null;
if(port==80){
basePath = request.getScheme()+"://"+request.getServerName()+path;
}else{
basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path;
}
request.setAttribute("basePath", basePath);
// System.out.println(basePath);
// System.out.println(path);
%>
</body>
</html>16.别忘记引入jquery-1.11.0.min.js在spring-mvc.xml中已经拦截了
最后,讲解下自己的思考逻辑
首先是普通的ssm架子 什么拦截 session都没有 初步实现
其次加入拦截器 :使用拦截器步骤如下:
- 定义一个类实现HandlerInterceptor
- 在spring-mvc.xml中 定义拦截器:
<mvc:interceptors>
<mvc:interceptor>
<mvc:mapping path="/**"/>
<bean class="com.wx.common.Interceptor.AuthorizationInterceptor"></bean>
</mvc:interceptor>
</mvc:interceptors>最后加入session管控:
- 定义一个类实现HttpSessionListener,在sessionDestroyed方法中session.invalidate();
- 在web.xml中定义这个session监听器 和session失效时长
- 在jsp页面配置session失效就转向登录页面的js,如下下:
<!-- session监听器 -->
<listener>
<listener-class>com.wx.common.Interceptor.HttpSessionUse</listener-class>
</listener>
<!-- session 维持时间1min -->
<session-config>
<session-timeout>1</session-timeout>
</session-config><script src="${basePath}/js/jquery-1.11.0.min.js" type="text/javascript"></script>
<script type="text/javascript">
$(document).ajaxComplete(function(event, xhr, settings) {
if(xhr.getResponseHeader("sessionstatus")=="timeOut"){
if(xhr.getResponseHeader("loginPath")){
alert("会话过期,请重新登陆!");
window.location.replace(xhr.getResponseHeader("/loginFilter/loginForm"));
}else{
alert("请求超时请重新登陆 !");
}
}
});
</script>总体思路:
除了访问静态资源 或者访问登录页面
或者登陆验证url,其他的request均被自定义的AuthorizationInterceptor拦截(检验是否登陆,没登录的都先去登录页面)这是登陆拦截。session验证需要在页面和服务器端双向配置
差不多就这些了,基本上这里的配置文件很全乎,尽量讲解的详细点,还引用了一些别人的代码,嘿嘿,祝君成功!
哦,对了,成果展示:
初始访问:
登陆上去:
把本地时间往后该一天(当然也可以往后改1分钟 我怕电脑时间组件坏掉 ) 即session失效,再次访问index页面:
763
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
