在项目中加入拦截器与过滤器,实现权限框架,Spring-Security的使用
拦截器、过滤器与权限框架
在项目中加入拦截器与过滤器,实现权限框架,Spring-Security的使用
1.拦截器、过滤器
1.1新建包interceptor,并在包下新建类LoginInterceptor
- LoginInterceptor.java
package com.zhongruan.interceptor;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
/*定义拦截器类*/
public class LoginInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
//在拦截点执行前拦截,如果返回true,则不执行拦截点后的操作
//获取session
HttpSession session = request.getSession();
//获取访问路径
String uri = request.getRequestURI();
//indexOf - 求出字符串内路径出现的下标
if(session.getAttribute("userInfo") !=null ){
//登录成功,不拦截
return true;
}else{
//拦截成功,非法操作返回登录页面
response.sendRedirect(request.getContextPath() + "/user/doLogin.do");
return false;
}
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
//在处理过程中,执行拦截
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
//执行完毕之后,返回前拦截
}
}
1.2新建包filter,并在包下新建类LoginFilter
- LoginFilter.java
package com.zhongruan.filter;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
public class LoginFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
//过滤器出生
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
//区别:
//1.强转
HttpServletRequest request = (HttpServletRequest)servletRequest;
HttpServletResponse response = (HttpServletResponse)servletResponse;
//2.获取session
HttpSession session = request.getSession();
if(session.getAttribute("userInfo")==null && request.getRequestURI().indexOf("/user/doLogin.do")==-1){
//没有登陆
response.sendRedirect(request.getContextPath() + "/user/doLogin.do");
}else{
//已经登录 ,继续请求下一步操作
filterChain.doFilter(request,response);
}
}
@Override
public void destroy() {
//过滤器死亡
}
}
1.3spring-MVC配置拦截器
- spring-mvc.xml
<mvc:interceptors>
<mvc:interceptor>
<!--1.拦截所有的请求-->
<mvc:mapping path="/**"/>
<!--2.exclude-mapping:是一种拦截,可以放行或者对某个请求不拦截,-->
<mvc:exclude-mapping path="/user/doLogin.do"/>
<!--3.告诉我们要用哪个拦截器-->
<bean class = "com.zhongruan.interceptor.LoginInterceptor"></bean>
</mvc:interceptor>
</mvc:interceptors>
1.4web.xml配置过滤器
- web.xml
<filter>
<filter-name>SessionFilter</filter-name>
<filter-class>com.zhongruan.filter.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>SessionFilter</filter-name>
<url-pattern>/pages/*</url-pattern>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
2.Spring-Security的使用
在包dao下新建类RoleDao
- RoleDao.java
package com.zhongruan.dao;
import com.zhongruan.bean.Role;
import java.util.List;
public interface RoleDao {
// 在role表中根据userId查询出当前的的用户
List<Role> findRoleByUserId(int userId);
}
在包bean下新建类Role
- Role
package com.zhongruan.bean;
/**
* Role - 角色的实体
*/
public class Role {
private int id;
private String roleName;
private String roleDesc;
public int getId() {
return id;
}
public void setId(int id) {
this.id = id;
}
public String getRoleName() {
return roleName;
}
public void setRoleName(String roleName) {
this.roleName = roleName;
}
public String getRoleDesc() {
return roleDesc;
}
public void setRoleDesc(String roleDesc) {
this.roleDesc = roleDesc;
}
@Override
public String toString() {
return "Role{" +
"id=" + id +
", roleName='" + roleName + '\'' +
", roleDesc='" + roleDesc + '\'' +
'}';
}
}
包mapper下新建RoleMapper
- RoleMapper
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<mapper namespace="com.zhongruan.dao.RoleDao" >
<select id="findRoleByUserId" parameterType="java.lang.Integer" resultType="com.zhongruan.bean.Role">
select * from tb_Role where id in(select roleId from tb_user_role where userId=#{userId})
</select>
</mapper>
- web.xml
<!-- 配置 Spring-security;添加过滤器拦截所有请求 -->
<!-- 过滤器产生的时间/开始工作的时间: 进入Tomcat之后,但是在进servlet之前 -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>