前言
在web项目里,当用户量少时 我们通常用session来判断用户的登陆状态,以此来实现强制登陆
强制登陆概念:
只有当用户用帐号密码登陆后,我们在浏览器上可以访问购物车,订单等页面,否则会自动跳转到登陆页面;
用户登陆
当用户第一次登陆时,我们手动向session里存入一个登陆标识,用来存入用户的状态:
//登陆
@RequestMapping("/login")
public String login(String email, String password, HttpServletRequest request){
User user = userService.selectByEmailPassword(email, password); //调用方法验证登录的email和密码是否正确,验证错误返回user=null
HttpSession session = request.getSession(); //获取session作用域
if(user==null){ //登陆失败 跳转到登陆页面
return "redirect:/user/login_form.jsp";
}else { //登录成功
session.setAttribute("user",user);//将登陆的用户信息传入session作用域
return "forward:/book/showMain.do";
}
}
注销登陆
当用户注销登陆时,移除session作用域中的登陆标识:
//登出
@RequestMapping("/loginOut")
public String loginOut(HttpSession session){
session.removeAttribute("user");//移除作用域中的登陆的user对象
session.invalidate();//销毁session
return "redirect:/user/login_form.jsp";
}
拦截器类(强制登陆功能的关键):
package com.lgy.util;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
//拦截器类
public class MyHandlerInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
HttpSession session = request.getSession(); //获取session作用域
Object user = session.getAttribute("user"); // 获取session中的登陆标识
if(user!=null){ //登陆标识不为空,则证明已经登陆过
return true;
}else { //登陆标识为空。证明未登录,
response.sendRedirect(request.getContextPath()+"/user/login_form.jsp"); //重定向跳转到登陆页面
return false; //返回false,则不能继续下面的方法执行
}
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
}
}
拦截器在springmvc-servlet.xml里的配置:
<!--强制登陆拦截器-->
<mvc:interceptors>
<mvc:interceptor>
<mvc:mapping path="/**"/>
<!--不拦截如下路径:-->
<!-- 不拦截登陆-->
<mvc:exclude-mapping path="/user/login.do"/>
<!--不拦截注册-->
<mvc:exclude-mapping path="/user/regist.do"/>
<!--不拦截验证码Controller-->
<mvc:exclude-mapping path="/manager/validateCode.do"/>
<bean class="com.lgy.util.MyHandlerInterceptor"/>
</mvc:interceptor>
</mvc:interceptors>