文章主要是实现用户登录过程的验证,用拦截器/过滤器可以拦截用户没有登录的情况下,不能进行访问系统页面
一:拦截器
以下是自定义拦截器工程目录实现的过程:
1:新建一个 interceptor 拦截器包,创建一个 LoginInterceptor 拦截器类
2:将这个类,继承 HandlerInterceptor 接口,并实现 HandlerInterceptor 这个接口的三个方法
importjavax.servlet.http.HttpServletRequest;importjavax.servlet.http.HttpServletResponse;importjavax.servlet.http.HttpSession;importorg.springframework.web.servlet.HandlerInterceptor;importorg.springframework.web.servlet.ModelAndView;public class LoginInterceptor implementsHandlerInterceptor {
@Overridepublic voidafterCompletion(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, Exception arg3)throwsException {//执行完毕,返回前拦截
}
@Overridepublic voidpostHandle(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, ModelAndView arg3)throwsException {//在处理过程中,执行拦截
}
@Overridepublic boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object arg2) throwsException {//在拦截点执行前拦截,如果返回true则不执行拦截点后的操作(拦截成功)//返回false则不执行拦截
HttpSession session =request.getSession();
String url= request.getRequestURI(); //获取登录的uri,这个是不进行拦截的//if(session.getAttribute("_CURRENT_USER")!=null || url.indexOf("home.action")!=-1 || url.indexOf("login.action")!=-1) {
if(session.getAttribute("_CURRENT_USER")!=null) {//登录成功不拦截
return true;
}else{//拦截后进入登录页面
response.sendRedirect(request.getContextPath()+"/home.action");return false;
}
}
}
3:拦截器是要配置的,将这个类,配置在 spring-mvc.xml 的配置文件中,如下:
将登陆拦截器类 LoginInterceptor,配置到里面
这个拦截器有2个知识要点:
①:
是已经拦截了所有请求,包括登录,如果后来想不拦截某个页面,就在拦截配置里面配置
②:也可以不在配置文件里拦截某个页面请求,在拦截类里面获取拦截路径,然后做个判断
//String uri = request.getRequestURI(); // 获取登录的uri,这个是不进行拦截的
//if(session.getAttribute("LOGIN_USER")!=null || uri.indexOf("/login.action")!=-1)
二:过滤器
过滤器就分两步:新建过滤器类,接着配置web.xml
建一个LoginFilter 类,继承 Filter 类
importjava.io.IOException;importjavax.servlet.Filter;importjavax.servlet.FilterChain;importjavax.servlet.FilterConfig;importjavax.servlet.ServletException;importjavax.servlet.ServletRequest;importjavax.servlet.ServletResponse;importjavax.servlet.http.HttpServletRequest;importjavax.servlet.http.HttpServletResponse;importjavax.servlet.http.HttpSession;public class LoginFilter implementsFilter {public voiddoFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2)throwsIOException, ServletException {//TODO Auto-generated method stub
HttpServletRequest request =(HttpServletRequest)arg0;
HttpServletResponse response=(HttpServletResponse)arg1;
HttpSession session=request.getSession();/*if(session.getAttribute("_CURRENT_USER") != null){
arg2.doFilter(arg0, arg1);
return;
}
if(request.getRequestURI().indexOf("home.action") != -1 || request.getRequestURI().indexOf("login.action") != -1){
arg2.doFilter(arg0, arg1);
return;
}
// 没有登录
response.sendRedirect(request.getContextPath()+"/home.action");*/
if(session.getAttribute("_CURRENT_USER")==null && request.getRequestURI().indexOf("/home.action") == -1
&& request.getRequestURI().indexOf("/login.action") == -1 //-1表示不存在该url
){//没有登录
response.sendRedirect(request.getContextPath()+"/home.action");
}else{//已经登录,继续请求下一级资源(继续访问)
arg2.doFilter(arg0, arg1);
}
}public void init(FilterConfig arg0) throwsServletException {//TODO Auto-generated method stub
}public voiddestroy() {//TODO Auto-generated method stub
}
}
2:配置 web.xml ,在字符过滤器下面接着配置一个过滤器
LoginFilter
cn.itcast.util.LoginFilter
LoginFilter
/*
将过滤器类 LoginFilter 配置到 过滤器配置文件中,即可完成
过滤器也实现了
内容大部分来自https://blog.csdn.net/chenxihua1/article/details/80779234 感谢大佬分享!