登陆方法
package ey.org.web.controller;
import java.util.List;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import ey.orgclient.pub.FuncH;
import ey.orgclient.pub.OrgH;
import ey.orgclient.pub.RoleH;
import ey.orgclient.pub.UserH;
import ey.orgclient.pub.model.OrgRole;
import ey.orgclient.pub.model.OrgUser;
/**
* @Title: LoginController.java
* @Package com.ydsn.web.controller
* @Description: 登陆controller控制业务层
* @author yzp
* @date 2014-5-15 下午3:59:43
* @version V1.0
*/
@Controller
@RequestMapping("/login")
public class LoginController {
@Resource
private UserH userH;
@Resource
private OrgH orgH;
@Resource
private RoleH roleH;
@Resource
private FuncH funcH;
@RequestMapping("/login")
/**
* 密码正确 且 是超级管理员
* @Title: login
* @author yzp
* @date 2014-9-16 上午11:43:33
* @param request
* @return String
* @throws
* @Description: TODO(这里用一句话描述这个方法的作用)
*/
public String login(HttpServletRequest request){
//System.out.println(System.getProperty("java.class.path"));//系统的classpaht路径
String loginId = request.getParameter("j_username");
String password = request.getParameter("j_password");
OrgUser orgUser = userH.findByLonginId(loginId);
boolean isAdmin = false;
if(orgUser==null){
request.setAttribute("msg", "1");
return "/login";
}
// 只有admin角色的用户可以登录
List<OrgRole> roleList = roleH.findByUserid(orgUser.getId());
for(OrgRole org:roleList){
if("admin".equals(org.getId())){
isAdmin =true;
}
}
if(orgUser!=null && orgUser.getPassword().equals(password) && isAdmin){
HttpSession session=request.getSession();
session.setAttribute("user", orgUser);
return "redirect:/index.jsp";
}else{
request.setAttribute("msg", "1");
return "/login";
}
}
@RequestMapping("/loginout")
public String loginout(HttpServletRequest request){
HttpSession session=request.getSession();
session.removeAttribute("user");
return "/login";
}
}
禁止非登陆情况访问过滤器
package ey.org.web.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;
public class UserRightFilter implements Filter {
/**
* 单点登录
* @param request
* @param response
* @param chain
* @throws IOException
* @throws ServletException
*/
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
HttpSession session = req.getSession();
WebApplicationContext webApplicationContext = WebApplicationContextUtils
.getWebApplicationContext(session.getServletContext());
Object u = session.getAttribute("user");
String requestUrl = req.getRequestURI();
if (requestUrl.endsWith("/login.jsp")||requestUrl.endsWith("/login.do")) {
chain.doFilter(request, response);
} else if (requestUrl.endsWith(".css")
|| requestUrl.endsWith(".js")
|| requestUrl.endsWith(".jpg")
|| requestUrl.endsWith(".JPG")
|| requestUrl.endsWith(".jpeg")
|| requestUrl.endsWith(".JPEG")
|| requestUrl.endsWith(".bmp")
|| requestUrl.endsWith(".BMP")
|| requestUrl.endsWith(".gif")
|| requestUrl.endsWith(".GIF")
|| requestUrl.endsWith(".png")
|| requestUrl.endsWith(".PNG")
|| requestUrl.endsWith(".avi")
|| requestUrl.endsWith(".AVI")
|| requestUrl.endsWith(".wmv")
|| requestUrl.endsWith(".WMV")
|| requestUrl.endsWith(".wma")
|| requestUrl.endsWith(".WMA")
|| requestUrl.endsWith(".mpeg")
|| requestUrl.endsWith(".MPEG")
|| requestUrl.endsWith(".rm") || requestUrl.endsWith(".RM")
|| requestUrl.endsWith(".ram")
|| requestUrl.endsWith(".RAM")
|| requestUrl.endsWith(".swf")
|| requestUrl.endsWith(".SWF")) {// 若是图片、视频、css、javascript,则不做过滤
chain.doFilter(request, response);
} else if( u!=null){
chain.doFilter(request, response);
}else{
res.sendRedirect(req.getContextPath() + "/login.jsp");
}
}
public void init(FilterConfig filterConfig) throws ServletException {
}
public void destroy() {
}
}
web.xml配置
<!-- 登录 -->
<filter>
<filter-name>userRightFilter</filter-name>
<filter-class>ey.org.web.filter.UserRightFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>userRightFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>