在web项目中,必不可少的便是对用户Post上来的数据进行合法检验,不合法的话需要另行处理。
在SpringMVC 中定义一个Interceptor是比较非常简单,主要有两种方式:
第一种:实现HandlerInterceptor 接口,或者是继承实现了HandlerInterceptor 接口的类,例如HandlerInterceptorAdapter;
第二种:实现Spring的WebRequestInterceptor接口,或者是继承实现了WebRequestInterceptor的类。
项目中使用的第一种方式:实现HandlerInterceptor接口。
HandlerInterceptor接口主要定义了三个方法:
1. boolean preHandle (HttpServletRequest request, HttpServletResponse response, Object handle)方法:该方法将在请求处理之前进行调用,只有该方法返回true,才会继续执行后续的Interceptor和Controller,当返回值为true 时就会继续调用下一个Interceptor的preHandle 方法,如果已经是最后一个Interceptor的时候就会是调用当前请求的Controller方法
2.void postHandle (HttpServletRequest request, HttpServletResponse response, Object handle, ModelAndView modelAndView)方法:该方法将在请求处理之后,DispatcherServlet进行视图返回渲染之前进行调用,可以在这个方法中对Controller 处理之后的ModelAndView 对象进行操作。
3.void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handle, Exception ex)方法:该方法也是需要当前对应的Interceptor的preHandle方法的返回值为true时才会执行,该方法将在整个请求结束之后,也就是在DispatcherServlet 渲染了对应的视图之后执行。用于进行资源清理。
首先,需要在配置文件xml中进行配置,
<mvc:interceptors>
<mvc:interceptor>
<mvc:mapping path="/*/**"/>
<!-- 定义在mvc:interceptor下面的表示是对特定的请求才进行拦截的 -->
<bean class="com.chinacoal.handler.AdminInterceptor"/>
</mvc:interceptor>
</mvc:interceptors>
package com.chinacoal.handler;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import com.chinacoal.asset.model.Profile;
import com.chinacoal.asset.utils.RequestUtil;
public class AdminInterceptor implements HandlerInterceptor {
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
Profile profile = null;
Object object = request.getSession().getAttribute("user");
if (object instanceof Profile) {
profile = (Profile) object;
return true;
}
HandlerMethod method = (HandlerMethod) handler;
IgnorePermission ssion = method.getMethodAnnotation(IgnorePermission.class);
if (ssion!=null) {
return true;
}else {
response.sendRedirect(RequestUtil.getBasePath(request)+"/home/loginAndreg.do?type=login");
return false;
}
/*
*
*
* String org_id = request.getParameter("org_id");
*
Integer orgid=org_id==null?137813:Integer.parseInt(org_id);
Object sess = request.getSession().getAttribute("user");
if(sess==null){
Organization org = organizationService.findOrgWithChildrens(orgid);
request.getSession().setAttribute("org_id",orgid );
request.getSession().setAttribute("org",org);
}else if(orgid.equals(137813)&&org_id!=null){
Organization org = organizationService.findOrgWithChildrens(orgid);
request.getSession().setAttribute("org_id",orgid );
request.getSession().setAttribute("org",org);
}else if(orgid.equals(134121)){
Organization org = organizationService.findOrgWithChildrens(orgid);
request.getSession().setAttribute("org_id",orgid );
request.getSession().setAttribute("org",org);
}
*/
}
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
ModelAndView modelAndView) throws Exception {
if (null != modelAndView){
modelAndView.addObject("path", RequestUtil.getBasePath(request)+"/resources");
modelAndView.addObject("base", RequestUtil.getBasePath(request));
//个人中心左边菜单栏选中数据
modelAndView.addObject("lm", request.getParameter("lm"));
}
}
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
throws Exception {
}
}
接着,在Controller中加入注解类,对请求实现拦截。
/**
* 登录
* @param request
* @param oid
* @param pwd
* @return
*/
@IgnorePermission //注解类
@RequestMapping("/login")
public String login(HttpServletRequest request,@RequestParam("name")String name,@RequestParam("pwd")String pwd){
if (ValidationUtil.isEmpty(name) || ValidationUtil.isEmpty(pwd)) {
return null;
}
//验证验证码
ModelAndView view = new ModelAndView("/index.jsp");
String password = MD5Util.MD5Encode(pwd);
Profile profile = profileService.findUserByLogin(name,password);
if (profile != null) {
Organization org = organizationService.findOrgWithChildrens(profile.getOrg_id());
request.getSession().setAttribute("user", profile);
request.getSession().setAttribute("org", org);
}else {
view.setViewName("/login.jsp");
view.addObject("errmsg", "账号或密码错误!");
}
return "redirect:/home/index.do";
}