登录权限检查
需求 未登录用户不允许使用前面的aad.do update.do delete.do
可以使用list.do view.do
过滤器、拦截器
使用servle提供的过滤器进行过滤
web.xml配置
<filter>
<filter-name>userCheck</filter-name>
<filter-class>com.tracy.filter.UserLoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>userCheck</filter-name>
<url-pattern>/delete.do</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>userCheck</filter-name>
<url-pattern>/tpUpdate.do</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>userCheck</filter-name>
<url-pattern>/toadd.do</url-pattern>
</filter-mapping>
UserLoginFilter
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
//强制类型转换
HttpServletRequest httpRequest=(HttpServletRequest) request;
HttpServletResponse httpResponse=(HttpServletResponse) response;
Object user= httpRequest.getSession().getAttribute("user");
if(user!=null) {
chain.doFilter(request, response);
}else {
httpResponse.sendRedirect("login.do");
}
}
SpringMVC 拦截器
作用 :可以在原有的SpringMVC处理流程上进行拦截,插入处理逻辑
浏览器 —DispatcherServlet— HandlerMapping — Controller
viewResolver 生成HTML响应界面----浏览器
浏览器客户端---- Tomcat服务器 服务端
HandlerMapping处理 之后 controller处理之后 生成页面响应之后
拦截器3个方法拦截
interceptor
实现HandlerInterceptor接口 重写其方法
preHandle postHandle afterCompletion
public class UserCheckInterceptor implements HandlerInterceptor{
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object obj, Exception arg3)
throws Exception {
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object obj, ModelAndView arg3)
throws Exception {
}
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object obj) throws Exception {
Object user=request.getSession().getAttribute("user");
//处理前进行拦截 因为返回的是boolean类型 如果true放行
if(user!=null)
return true;
else {
response.sendRedirect("Login.do");
return false;//阻止后续组件Controller组件通过
}
}
}
在Spring-mvc.xml配置拦截请求
<mvc:interceptors>
<mvc:interceptor>
<!-- 拦截组件配置 -->
<mvc:mapping path="toadd.do"/>
<mvc:mapping path="toUpdate.do"/>
<mvc:mapping path="delete.do"/>
<!-- 不拦截的组件 -->
<mvc:exclude-mapping path="toList.do"/>
<!-- 拦截指定组件 -->
<bean class="com.tracy.interceptor.UserCheckInterceptor"></bean>
</mvc:interceptor>
</mvc:interceptors>
<拦截组件>批量拦截组件
<mvc:mapping path="*.do">
放过谁哪个组件
<mvc:exclude-mapping path=”“>