登录功能完善
- 问题分析
+ 登录功能已经实现,但是存在一个问题:用户如果不登录,直接访问系统首页,照样可以正常访问。
+ 这种设计不合理,我们希望看到效果应该是,只有登录成功后才可以访问系统中的页面,如果没有登录则跳转到登录页面。
+ 那么怎么具体实现呢?
+ 使用过滤器或者拦截器,在过滤器或拦截器中判断用户是否已经完成登录,如果没有跳转到登录页面。 - 实现步骤:
+ 创建自定义过滤器LoginCheckFilter
@WebFilter(filterName = "LoginCheckFilter",urlPatterns = "/*")
@Slf4j
public class LoginCheckFilter implements Filter {
public static final AntPathMatcher PATH_MATCHER = new AntPathMatcher();
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest)servletRequest;
HttpServletResponse response = (HttpServletResponse)servletResponse;
String requestURI = request.getRequestURI();
log.info("拦截到的请求:{}",requestURI);
String[] urls = new String[]{
"/employee/login",
"/employee/logout",
"/backend/**",
"/front/**"
};
boolean check = check(urls, requestURI);
if (check) {
log.info("本次请求{}不需要处理",requestURI);
filterChain.doFilter(request,response);
return;
}
if(request.getSession().getAttribute("employee")!=null){
log.info("用户已登录,用户id为:{}",request.getSession().getAttribute("employee"));
filterChain.doFilter(request,response);
return;
}
log.info("用户未登录");
response.getWriter().write(JSON.toJSONString(R.error("NOTLOGIN")));
return;
}
public boolean check(String[]urls,String requestURI){
for (String url : urls) {
boolean match = PATH_MATCHER.match(url, requestURI);
if (match) {
return true;
}
}
return false;
}
}
+ 在启动类上加入注解@ServletComponentScan
@ServletComponentScan
public class ReggieApplication {
public static void main(String[] args) {
SpringApplication.run(ReggieApplication.class,args);
log.info("项目启动成功。。。");
}
}