spring拦截器实现登录鉴权
application配置
<!-- 拦截器拦截未登录用户跳转登录界面 -->
<mvc:interceptors>
<mvc:interceptor>
<!-- 需拦截的地址 -->
<mvc:mapping path="/*.do" />
<mvc:mapping path="/*/*.do" />
<!-- 需排除拦截的地址 -->
<mvc:exclude-mapping path="/login.do" />
<mvc:exclude-mapping path="/checkPwd.do" />
<mvc:exclude-mapping path="/auto.do" />
<mvc:exclude-mapping path="/ssoLogin.do" />
<bean class="com.85.interceptor.SecurityInterceptor" />
</mvc:interceptor>
</mvc:interceptors>
Interceptor 拦截器实现类
public class SecurityInterceptor implements HandlerInterceptor {
private static final String LOGIN_URL = "http://.../login.do";
@Override
public void afterCompletion(HttpServletRequest req, HttpServletResponse res, Object arg2, Exception arg3) throws Exception {
// TODO Auto-generated method stub
System.out.println("[afterCompletion]");
}
@Override
public void postHandle(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, ModelAndView arg3) throws Exception {
// TODO Auto-generated method stub
System.out.println("[postHandle]");
}
@Override
public boolean preHandle(HttpServletRequest req, HttpServletResponse res, Object arg2) throws Exception {
// TODO Auto-generated method stub
System.out.println("[preHandle()] start ...");
HttpSession session = req.getSession(true);
// 从session 里面获取用户名的信息
Object obj = session.getAttribute("userName");
System.out.println("[preHandle()]... session userName " + obj);
// 判断如果没有取到用户信息,就跳转到登陆页面,提示用户进行登陆
if (obj == null || "".equals(obj.toString())) {
System.out.println("Redirect TO LOGIN PAGE....");
String url = getUrl(req);
session.setAttribute("LastURL", url);
res.sendRedirect(LOGIN_URL);
return false;
} else {
return true;
}
}
private String getUrl(HttpServletRequest request) {
String Url = "";
Url = request.getScheme() + "://" + request.getServerName() + ":" + request.getServerPort() + request.getServletPath();
// Url = request.getServletPath();
if (request.getQueryString() != null) {
Url += "?" + request.getQueryString();
}
System.out.println(Url);
return Url;
}
}