48、拦截器-登录检查与静态资源放行

已于 2023-03-28 20:36:37 修改
阅读量158 收藏
点赞数
分类专栏: SpringBoot 2 笔记 文章标签: java 开发语言 spring boot
于 2023-03-28 20:35:38 首次发布
原文链接:https://www.bilibili.com/video/BV19K4y1L7MT
版权

HandlerInterceptor

  1. 编写一个拦截器实现HandlerInterceptor接口

  2. 拦截器注册到容器中(实现WebMvcConfigureraddInterceptors()

  3. 指定拦截规则(注意,如果是拦截所有,静态资源也会被拦截】

1、编写一个实现HandlerInterceptor接口的拦截器:

先看看HandleInterceptor接口

/**
 * Workflow interface that allows for customized handler execution chains.
 * Applications can register any number of existing or custom interceptors
 * for certain groups of handlers, to add common preprocessing behavior
 * without needing to modify each handler implementation.
 *
 * <p>A HandlerInterceptor gets called before the appropriate HandlerAdapter
 * triggers the execution of the handler itself. This mechanism can be used
 * for a large field of preprocessing aspects, e.g. for authorization checks,
 * or common handler behavior like locale or theme changes. Its main purpose
 * is to allow for factoring out repetitive handler code.
 *
 * <p>In an asynchronous processing scenario, the handler may be executed in a
 * separate thread while the main thread exits without rendering or invoking the
 * {@code postHandle} and {@code afterCompletion} callbacks. When concurrent
 * handler execution completes, the request is dispatched back in order to
 * proceed with rendering the model and all methods of this contract are invoked
 * again. For further options and details see
 * {@code org.springframework.web.servlet.AsyncHandlerInterceptor}
 *
 * <p>Typically an interceptor chain is defined per HandlerMapping bean,
 * sharing its granularity. To be able to apply a certain interceptor chain
 * to a group of handlers, one needs to map the desired handlers via one
 * HandlerMapping bean. The interceptors themselves are defined as beans
 * in the application context, referenced by the mapping bean definition
 * via its "interceptors" property (in XML: a &lt;list&gt; of &lt;ref&gt;).
 *
 * <p>HandlerInterceptor is basically similar to a Servlet Filter, but in
 * contrast to the latter it just allows custom pre-processing with the option
 * of prohibiting the execution of the handler itself, and custom post-processing.
 * Filters are more powerful, for example they allow for exchanging the request
 * and response objects that are handed down the chain. Note that a filter
 * gets configured in web.xml, a HandlerInterceptor in the application context.
 *
 * <p>As a basic guideline, fine-grained handler-related preprocessing tasks are
 * candidates for HandlerInterceptor implementations, especially factored-out
 * common handler code and authorization checks. On the other hand, a Filter
 * is well-suited for request content and view content handling, like multipart
 * forms and GZIP compression. This typically shows when one needs to map the
 * filter to certain content types (e.g. images), or to all requests.
 *
 * @author Juergen Hoeller
 * @since 20.06.2003
 * @see HandlerExecutionChain#getInterceptors
 * @see org.springframework.web.servlet.handler.HandlerInterceptorAdapter
 * @see org.springframework.web.servlet.handler.AbstractHandlerMapping#setInterceptors
 * @see org.springframework.web.servlet.handler.UserRoleAuthorizationInterceptor
 * @see org.springframework.web.servlet.i18n.LocaleChangeInterceptor
 * @see org.springframework.web.servlet.theme.ThemeChangeInterceptor
 * @see javax.servlet.Filter
 */
public interface HandlerInterceptor {

	/**
	 * Intercept the execution of a handler. Called after HandlerMapping determined
	 * an appropriate handler object, but before HandlerAdapter invokes the handler.
	 * <p>DispatcherServlet processes a handler in an execution chain, consisting
	 * of any number of interceptors, with the handler itself at the end.
	 * With this method, each interceptor can decide to abort the execution chain,
	 * typically sending an HTTP error or writing a custom response.
	 * <p><strong>Note:</strong> special considerations apply for asynchronous
	 * request processing. For more details see
	 * {@link org.springframework.web.servlet.AsyncHandlerInterceptor}.
	 * <p>The default implementation returns {@code true}.
	 * @param request current HTTP request
	 * @param response current HTTP response
	 * @param handler chosen handler to execute, for type and/or instance evaluation
	 * @return {@code true} if the execution chain should proceed with the
	 * next interceptor or the handler itself. Else, DispatcherServlet assumes
	 * that this interceptor has already dealt with the response itself.
	 * @throws Exception in case of errors
	 */
	default boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
			throws Exception {

		return true;
	}

	/**
	 * Intercept the execution of a handler. Called after HandlerAdapter actually
	 * invoked the handler, but before the DispatcherServlet renders the view.
	 * Can expose additional model objects to the view via the given ModelAndView.
	 * <p>DispatcherServlet processes a handler in an execution chain, consisting
	 * of any number of interceptors, with the handler itself at the end.
	 * With this method, each interceptor can post-process an execution,
	 * getting applied in inverse order of the execution chain.
	 * <p><strong>Note:</strong> special considerations apply for asynchronous
	 * request processing. For more details see
	 * {@link org.springframework.web.servlet.AsyncHandlerInterceptor}.
	 * <p>The default implementation is empty.
	 * @param request current HTTP request
	 * @param response current HTTP response
	 * @param handler the handler (or {@link HandlerMethod}) that started asynchronous
	 * execution, for type and/or instance examination
	 * @param modelAndView the {@code ModelAndView} that the handler returned
	 * (can also be {@code null})
	 * @throws Exception in case of errors
	 */
	default void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
			@Nullable ModelAndView modelAndView) throws Exception {
	}

	/**
	 * Callback after completion of request processing, that is, after rendering
	 * the view. Will be called on any outcome of handler execution, thus allows
	 * for proper resource cleanup.
	 * <p>Note: Will only be called if this interceptor's {@code preHandle}
	 * method has successfully completed and returned {@code true}!
	 * <p>As with the {@code postHandle} method, the method will be invoked on each
	 * interceptor in the chain in reverse order, so the first interceptor will be
	 * the last to be invoked.
	 * <p><strong>Note:</strong> special considerations apply for asynchronous
	 * request processing. For more details see
	 * {@link org.springframework.web.servlet.AsyncHandlerInterceptor}.
	 * <p>The default implementation is empty.
	 * @param request current HTTP request
	 * @param response current HTTP response
	 * @param handler the handler (or {@link HandlerMethod}) that started asynchronous
	 * execution, for type and/or instance examination
	 * @param ex any exception thrown on handler execution, if any; this does not
	 * include exceptions that have been handled through an exception resolver
	 * @throws Exception in case of errors
	 */
	default void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler,
			@Nullable Exception ex) throws Exception {
	}

}

@Slf4j
public class LoginInterceptor implements HandlerInterceptor {

    /**
     * 目标方法执行之前
     */
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {

        String requestURI = request.getRequestURI();
        log.info("preHandle拦截的请求路径是{}",requestURI);

        //登录检查逻辑
        HttpSession session = request.getSession();

        Object loginUser = session.getAttribute("loginUser");

        if(loginUser != null){
            //放行
            return true;
        }

        //拦截住。未登录。跳转到登录页
        request.setAttribute("msg","请先登录");
//        re.sendRedirect("/");
        request.getRequestDispatcher("/").forward(request,response);
        return false;
    }

    /**
     * 目标方法执行完成以后
     */
    @Override
    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
        log.info("postHandle执行{}",modelAndView);
    }

    /**
     * 页面渲染以后
     */
    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
        log.info("afterCompletion执行异常{}",ex);
    }
}
2、拦截器注册到容器中 && 指定拦截规则:
@Configuration
public class AdminWebConfig implements WebMvcConfigurer{
    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        registry.addInterceptor(new LoginInterceptor())//拦截器注册到容器中
                .addPathPatterns("/**")  //所有请求都被拦截包括静态资源
                .excludePathPatterns("/","/login","/css/**","/fonts/**","/images/**",
                        "/js/**","/aa/**"); //放行的请求
}
JOKER-Wing
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
详解springmvc拦截器拦截静态资源
08-31
2. **在拦截器中进行资源判断**:你可以在自定义拦截器类中添加逻辑,检查请求的URL是否属于静态资源。如果是,就直接放行。例如,可以在 `LoginInterceptor` 类中设置一个属性 `allowUrls`,包含不拦截的资源路径,...
struts2配置静态资源代码详解
08-29
`struts.xml` 是自定义配置文件,可以定义Action、拦截器、结果类型等。而`default.properties`是Struts2的默认属性文件,包含了框架的默认设置。 在`default.properties`中,你可以自定义一些全局配置,例如编码...
SpringBoot配置拦截器,指定拦截或放行的请求路径
热门推荐
二饭的博客
07-21 1万+
配置类: @Configuration public class AppConfig implements WebMvcConfigurer { @Bean public MyInterceptor myInterceptor() { return new MyInterceptor(); } /** * 注册自定义拦截器 * 指定要拦截的路径 * /api/blog/** 拦截请求前缀为api/blog的请求,其他请求放行
登录拦截器
qq_43881663的博客
02-20 616
本篇主要介绍spring框架里提供的 HandlerInterceptor 拦截器登录拦截。
拦截器放行静态资源
最新发布
qq_59837818的博客
05-03 219
为了避免这个异常,您可以在拦截器中添加一个条件来检查处理程序对象的类型,以确保只有当处理程序对象是 HandlerMethod 类型时才进行转换。这样就可以避免在处理静态资源请求时出现类型转换异常。通过添加对处理程序对象类型的检查,我们确保只有当处理程序对象是 HandlerMethod 类型时才尝试转换,并且在其他情况下直接放行请求,避免了类型转换异常。静态资源请求的处理程序对象是 ResourceHttpRequestHandler,而不是 HandlerMethod。
SpringMvc中纯注解开发中的拦截和以及静态资源放行
weixin_62907807的博客
05-23 430
再写一类个去继承 WebMvcConfigurationSupport类,重写拦截的addResourceHandlers方法,和放行的addInterceptors的代码。方式2:在主要配置类 implements WebMvcConfigurer。1.先写一个配置拦截类 实现 HandlerInterceptor。包扫描,记住扫描要扫描住。
拦截器】配置登录拦截器,实现不登陆下也能静态资源访问
qq_42184586的博客
09-05 601
简单的配置spring拦截器,应用到登录静态资源访问受限的问题上
拦截器实现登录检查(学习笔记)
weixin_46007404的博客
08-01 1733
拦截器实现登录检查 后台中心页面,如果没有登录,是不能随意访问的,此时可以通过拦截器进行拦截校验,校验规则如下: a.客户端请求登录页面,则直接放行; b. 客户端请求其他页面,则拦截校验,校验session域中如果有用户信息,则说明用户已登录放行;如果session域中没有用户信息,则说明用户未登录,则跳转登录页面。 示例: 编写拦截器 注:下面的manager是ManagerController控制层中存入session的 ManagerController.java中: import org.
浅谈Spring Security 对于静态资源的拦截与放行
08-25
在本文中,我们将深入探讨如何处理Spring Security对于静态资源(如CSS、JavaScript和图片)的拦截与放行。 在初始创建的Spring Boot项目中,通常会使用模板引擎(如Thymeleaf)来构建动态网页。Spring Security...
Springboot登录后关于cookie和session拦截问题的案例分析
09-07
拦截器Spring MVC的一部分,主要关注业务逻辑,可以在Controller方法前后执行,而过滤器更底层,可以处理所有类型的请求,包括静态资源。 **四、单点登录(SSO)** 单点登录(Single Sign-On, SSO)是一种允许...
SpringBoot解决整合thymeleaf静态资源以及没有整合时都无法访问的尝试
01-08
以为是路径扫描错误或者是拦截器拦截了,没有配置拦截器,所以以为是路径扫描错误所以这样进行了重新配置: /** * 映射静态资源 */ //@Configuration //public class WebMvcConfig extends ...
springsecurity+springspoot登录验证拦截
08-30
本项目聚焦于如何在Spring Boot应用中集成Spring Security进行登录验证和权限拦截。 1. **Spring Security简介** Spring Security是一个全面的Java安全框架,它提供了身份验证、授权、CSRF防护、会话管理等核心...
02_用户模块和加入样式和spring对静态文件的放行
04-26
标题“02_用户模块和加入样式和spring对静态文件的放行”涉及到的是Web开发中的关键概念,尤其是关于Spring框架处理用户模块、样式表(CSS)以及静态资源的访问控制。这一主题主要涵盖以下几个核心知识点: 1. **...
jsp登录验证(含过滤器)
03-21
- **放行请求**:过滤器看到这个标志,认为用户已登录,允许请求继续到目标资源。 4. **过滤器配置** 在`web.xml`部署描述符中,我们需要配置过滤器,指定要拦截的URL模式以及调用的过滤器类。例如: ```xml ...
使用Filter实现登录权限验证
08-25
- 如果请求的路径不是放行资源,我们将检查用户的登录状态。通过`getSession().getAttribute("name")`获取存储在session中的用户名,如果用户名不为空,说明用户已登录,同样调用`chain.doFilter(request, response)...
过滤器学习笔记一(Filter教你快速入门)
12-20
2. **粗粒度权限管理**:过滤器可以用于检查用户是否已登录,未登录的用户会被重定向到登录页面,从而实现基本的权限控制。 3. **全站编码问题**:过滤器可以统一处理请求和响应的编码问题,确保数据正确无误地在...
springboot 使用拦截器以及使用静态资源的配置的一些细节
qq_46699919的博客
06-20 1282
样例:写一些条件](https://img-blog.csdnimg.cn/26b77fb5666442c882c82b1f91d7d6a7.png#pic_center)根据需要在对应的方法写入条件常用是在preHandle() 方法执行前调用,准备工作做好之后开始进入正题springboot拦截器的创建和使用步骤。我们在application.properties配置文件新增配置。比如我们的登录功能,需要验证用户是否登录就可以使用;ok,到这里就分享完了!版权所属,禁止转载;
springMVC拦截器interceptor(如何释放静态资源
m0_60516073的博客
04-01 1979
登录之前,拦截跳转登录,释放web-app中的静态资源不被拦截
SpringBoot拦截器放行静态资源
05-27
SpringBoot拦截器中,我们可以通过addPathPatterns方法来指定需要拦截的请求路径,同时通过excludePathPatterns方法来指定需要放行的请求路径。对于静态资源,我们可以将它们的路径添加到excludePathPatterns方法中,从而将其放行,例如: ```java @Configuration public class MyInterceptorConfig implements WebMvcConfigurer { @Autowired private MyInterceptor myInterceptor; @Override public void addInterceptors(InterceptorRegistry registry) { registry.addInterceptor(myInterceptor).addPathPatterns("/**") .excludePathPatterns("/static/**", "/css/**", "/js/**", "/images/**"); } } ``` 在上面的代码中,我们将/static、/css、/js、/images等静态资源路径添加到了excludePathPatterns方法中,从而将它们放行。这样,当请求这些静态资源时,拦截器就不会进行拦截了。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值