本文主要是拦截未登录的用户访问系统其它页面,并自动跳转回登录页
以下是controller层:
登录页用的是“/”接口:
@GetMapping(value = "/")
public String login(){
return "login";//登录页面
}
定义了一个login接口
@RequestMapping(value = "/login",method = RequestMethod.POST)
public String hello(String username, String password, HttpServletRequest request) {
HttpSession session=request.getSession();
Assert.notNull(username, "账号不能为空!");
Assert.notNull(password, "密码不能为空!");
User user=new User();
user.setUsername(username);
user.setPassword(password);
// redisDao.set(username,"1");
session.setAttribute("user",user);
return "index";
}
接下来是创建拦截器:
逻辑是判断session中是否存在浏览器中的Jsession值
public class LoginInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
System.out.println("==========登录状态拦截");
HttpSession session = request.getSession();
System.out.println("sessionId为:" + session.getId());
// 获取用户信息,如果没有用户信息直接返回提示信息
Object userInfo = session.getAttribute("user");
if (userInfo == null) {
System.out.println("没有登录");
// response.getWriter().write("Please Login In");
String url = "/";
response.sendRedirect(url);
return false;
} else {
System.out.println("已经登录过啦,用户信息为:" + session.getAttribute("user"));
}
return true;
}
实现拦截器:
@Configuration
public class LoginConfig implements WebMvcConfigurer {
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(new LoginInterceptor())
//拦截所以url,但是忽略“/login”和“/”
.addPathPatterns("/**")
.excludePathPatterns("/login")
.excludePathPatterns("/");
}
}
运行项目,接下来访问一个测试接口-localhost:9090/test:
后端拦截记录如下,前端自动跳转到登录页,成功:
==========登录状态拦截
sessionId为:D237D4073EFB549C395DD75708412BA7
没有登录