在目标用户查看需要登录才能查看的界面时候,进行拦截并提示用户登录
自定义一个拦截器LoginInterceptor
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
//用户的实体类,session的判断登录,视项目而变
import com.how2java.tmall.pojo.User;
import org.apache.commons.lang.StringUtils;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.subject.Subject;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
public class LoginInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o) throws Exception {
HttpSession session = httpServletRequest.getSession();
//Servlet中getServletContext()实质上可以看做一个对象,其可以使用ServletContext接口中的方法,getContextPath()为其中得到project名称方法。
String contextPath = session.getServletContext().getContextPath();
//定义一个需要需要登录才能访问的拦截路径字符串数组
String[] requireAuthPages = new String[]{
"buy",
"alipay",
"payed",
"cart",
"bought",
"confirmPay",
"orderConfirmed",
"forebuyone",
"forebuy",
"foreaddCart",
"forecart",
"forechangeOrderItem",
"foredeleteOrderItem",
"forecreateOrder",
"forepayed",
"forebought",
"foreconfirmPay",
"foreorderConfirmed",
"foredeleteOrder",
"forereview",
"foredoreview"
};
//获取uri并去除project工程名
String uri = httpServletRequest.getRequestURI();
uri = StringUtils.remove(uri, contextPath);
String page = uri;
//先beginWith判断,再判断用户是否在session中,是否登录了,未登录的话就跳转到登录页
if (beginWith(page, requireAuthPages)) {
User user = (User) session.getAttribute("user");
if (user == null) {
httpServletResponse.sendRedirect("login");
return false;
}
}
return true;
}
//判断是否是以requireAuthPages里的开头的
private boolean beginWith(String page, String[] requireAuthPages) {
boolean result = false;
for (String requiredAuthPage : requireAuthPages) {
if (StringUtils.startsWith(page, requiredAuthPage)) {
result = true;
break;
}
}
return result;
}
@Override
public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception {
}
@Override
public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception {
}
}
配置拦截器注册到spring的bean中
import com.how2java.tmall.interceptor.LoginInterceptor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
@Configuration
class WebMvcConfigurer extends WebMvcConfigurerAdapter{
@Bean
public LoginInterceptor getLoginIntercepter() {
return new LoginInterceptor();
}
@Override
public void addInterceptors(InterceptorRegistry registry){
registry.addInterceptor(getLoginIntercepter()).addPathPatterns("/**");
}
}
这样在用户登录时候通过拦截器对requireAuthPages内的字符串进行匹配判断是否进行登录,如果没有登录,重定向跳转至登录界面
httpServletResponse.sendRedirect("login");
如果已经登录,则可以正常的进行访问
进行访问
自动拦截cart,由于未登录,自动跳转至
通过Controller访问登录界面