1、首先,添加WebConfigurer.java 配置类
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@Configuration
public class WebConfigurer implements WebMvcConfigurer {
@Autowired
private LoginInterceptor loginInterceptor;//注入拦截器
// 这个方法是用来配置静态资源的,比如html,js,css,等等
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
//registry.addResourceHandler().addResourceLocations();
}
// 这个方法用来注册拦截器,我们自己写好的拦截器需要通过这里添加注册才能生效
@Override
public void addInterceptors(InterceptorRegistry registry) {
// addPathPatterns("/**") 表示拦截所有的请求,
// excludePathPatterns("/login", "/register") 表示除了登陆与注册之外,因为登陆注册不需要登陆也可以访问
registry.addInterceptor(loginInterceptor).addPathPatterns("/**").excludePathPatterns("/admin/toLogin",
"/admin/login",
"/**/*.html",
"/**/*.css",
"/**/*.js",
"/**/*.jpg",
"/**/*.png",
"/**/*.less",
"/**/*.scss",
"/**/*.otf",
"/**/*.eot",
"/**/*.svg",
"/**/*.ico",
"/**/*.woff",
"/**/*.woff2",
"/**/*.gif",
"/**/*.ttf");
//super.addInterceptors(registry); //较新Spring Boot的版本中这里可以直接去掉,否则会报错
}
}
其次,写登录拦截器类
import org.springframework.lang.Nullable;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
//登录拦截器
@Component
public class LoginInterceptor implements HandlerInterceptor {
//这个方法是在访问接口之前执行的,我们只需要在这里写验证登陆状态的业务逻辑,就可以在用户调用指定接口之前验证登陆状态了
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
//每一个项目对于登陆的实现逻辑都有所区别,我这里使用最简单的Session提取Admin来验证登陆。
HttpSession session = request.getSession();
//这里的Admin是登陆时放入session的
;
//如果session中没有user,表示没登陆
if (session.getAttribute("account") == null){
//这个方法返回false表示忽略当前请求,如果一个用户调用了需要登陆才能使用的接口,如果他没有登陆这里会直接忽略掉
//当然你可以利用response给用户返回一些提示信息,告诉他没登陆
request.setAttribute("msg","无权限请先登录");
// 获取request返回页面到登录页
System.out.println("admin::"+session.getAttribute("account")+"没有获取到seesion值!");
//request.getRequestDispatcher("/admin/toLogin").forward(request,response);
return false;
}else {
return true; //如果session里有user,表示该用户已经登陆,放行,用户即可继续调用自己需要的接口
}
}
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, @Nullable ModelAndView modelAndView) throws Exception {
Object admin = request.getSession().getAttribute("account");
System.out.println("postHandle----"+ admin +" ::: "+ request.getRequestURL());
}
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, @Nullable Exception ex) throws Exception {
Object admin = request.getSession().getAttribute("account");
System.out.println("afterCompletion----"+ admin +" ::: "+ request.getRequestURL());
}
}
最后,注意要在登录方法Controller类中加入session
@PostMapping("login")
public String login(String account, String password, Model model,HttpServletRequest request) {
//将用户信息存入到session
System.out.println("登录的账户和密码:account::" + account + "password::" + password);
HttpSession session = request.getSession();
session.setAttribute("account", account);
System.out.println("account:::" + session.getAttribute("account"));
Admin admin = adminService.login(account, password);
if (admin == null) {
//登录不成功
model.addAttribute("msg", "账号或密码错误");
System.out.println("登录不成功画面。。。。。。。。。");
return "login";
}
return "index";
}
然后,根据你的项目导入相应的包,基本就完成了
参考链接:https://blog.csdn.net/qq_30745307/article/details/80974407