为了防止用户在不登录的情况下通过并接请求直接访问系统,我们需要通过session和拦截器来防止这样的情况。
拦截器的配置:
为拦截器建立一个包:interceptor,并在包里建立 LoginInterceptor 拦截器类
拦截器需要 implements HandlerInterceptor,并实现 HandlerInterceptor 的方法:
/**
* 登录拦截器
*/
public class LoginInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o) throws Exception {
HttpSession session = httpServletRequest.getSession();
if ( session.getAttribute("LOGIN_USER") != null ){
return true;
}else {
httpServletResponse.sendRedirect( httpServletRequest.getContextPath() + "/gradu/dologin");
return false;
}
System.out.println(">>>MyInterceptor2>>>>>>>在请求处理之前进行调用(Controller方法调用之前)");
returntrue;// 只有返回true才会继续向下执行,返回false取消当前请求
}
@Override
publicvoid postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
ModelAndView modelAndView) throws Exception {
System.out.println(">>>MyInterceptor2>>>>>>>请求处理之后进行调用,但是在视图被渲染之前(Controller方法调用之后)");
}
@Override
publicvoid afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
throws Exception {
System.out.println(">>>MyInterceptor2>>>>>>>在整个请求结束之后被调用,也就是在DispatcherServlet 渲染了对应的视
}
配置spring-mvc文件:
<!--拦截器-->
<mvc:interceptors>
<mvc:interceptor>
<mvc:mapping path="/**" />
<mvc:exclude-mapping path="/gradu/dologin" />
<bean class="com.hwl.interceptor.LoginInterceptor"></bean>
</mvc:interceptor>
</mvc:interceptors>
注意:
<mvc:mapping path="/**"/> 是已经拦截了所有请求,包括登录,
如果后来想不拦截某个页面,就添加:<mvc:exclude-mapping path="/system/login" />
要先配置<mvc:mapping path=""/> ,再配置<mvc:exclude-mapping path=""/>
SpringMVC拦截器的使用场景
https://blog.csdn.net/fd2025/article/details/80564584
拦截器的原理及配置方式
https://www.jianshu.com/p/eda52215b8fe