只有经过登录的用户方可访问处理器,否则,将返回“无权访问”提示。
本例的登录,由一个
JSP
页面完成。即在该页面里将用户信息放入
session
中。也就是说,只要访问过该页面,就说明登录了。没访问过,则为未登录用户。
项目结构
(
1
) 修改
index
页面
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>Title</title>
</head>
<body>
<p>权限拦截器举例</p>
<p>只有张山登录后,输入姓名和年龄才能正确的访问show.jsp页面</p>
<p>未登录状态不能正确的访问show.jsp页面</p>
<form action="some.do" method="post">
姓名:<input type="text" name="name"><br>
年龄:<input type="text" name="age"><br>
<input type="submit" value="提交请求">
</form>
<br>
</body>
</html>
(
2
)定义
Controller
package com.it.controller;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.servlet.ModelAndView;
@Controller
public class MyController {
@RequestMapping(value = "/some.do")
public ModelAndView doSome(String name,Integer age){
System.out.println("=====执行了MyController中的doSome方法=========");
ModelAndView mv=new ModelAndView();
mv.addObject("myname",name);
mv.addObject("myage",age);
mv.setViewName("show");
return mv;
}
}
(
3
)
定义权限拦截器
package com.it.handler;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.Date;
public class MyInterceptor implements HandlerInterceptor {
//验证登录的用户信息,正确返回true,其他全部返回false
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
System.out.println("11111-拦截器的MyInterceptor的preHandle()");
String loginName="";
//从session中获取name的值
Object attr= request.getSession().getAttribute("name");
if (attr!=null){
loginName= (String) attr;
}
//判断登录的账号是否符合要求
if(!"张山".equals(loginName)){
//不能访问系统
//给用户提示
request.getRequestDispatcher("/tips.jsp").forward(request,response);
return false;
}
//张山登录
return true;
}
}
(
4
)定义
tips.jsp
页面
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>Title</title>
</head>
<body>
tip.jsp。用户张山没有登录,请求被拦截不能执行
</body>
</html>
(
5
)
springmvc.xml页面
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context https://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/mvc https://www.springframework.org/schema/mvc/spring-mvc.xsd">
<!-- 声明组件扫描器-->
<context:component-scan base-package="com.it.controller"/>
<!--声明springmvc框架中的视图解析器,帮助开发人员设置视图文件的路径-->
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<!-- 前缀:视图文件的路径-->
<property name="prefix" value="/WEB-INF/view/"/>
<!-- 后缀:视图文件的扩展名-->
<property name="suffix" value=".jsp"/>
</bean>
<!--声明拦截器,拦截器可以有0个或多个
拦截器先声明的先执行,在框架中保存多个拦截器是ArrayList,按照声明的先后顺序放入到ArrayList
-->
<mvc:interceptors>
<!-- 声明第一个拦截器 -->
<mvc:interceptor>
<mvc:mapping path="/**"/>
<bean class="com.it.handler.MyInterceptor"/>
</mvc:interceptor>
</mvc:interceptors>
</beans>
(
6
)定义
login
页面
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>Title</title>
</head>
<body>
模拟登录,张山登录系统
<br>
<%
session.setAttribute("name","张山");
%>
</body>
</html>
(
7
)定义
logout
页面
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>Title</title>
</head>
<body>
退出系统,从session中删除数据
<%
session.removeAttribute("name");
%>
</body>
</html>
(8)web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd"
version="4.0">
<servlet>
<servlet-name>springmvc</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:springmvc.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>springmvc</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
<filter>
<filter-name>characterEncodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>utf-8</param-value>
</init-param>
<init-param>
<param-name>forceRequestEncoding</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>forceResponseEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>characterEncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
项目结果
张山不登录时,无法正常使用年龄和姓名的提交
张山登录后
返回主页继续使用年龄和姓名的提交
退出登录后 ,不能正常使用年龄和姓名的提交