一、验证流程思路
1、访问请求【透过拦截器】到登录页面再【透过拦截器】到验证程序存入用户名到Sesion,
2、访问请求【通过拦截器Sesion验证】 访问任意权限页面
3、只有普通页面的请求可以透过拦截器
4、权限页面的请求要通过【拦截器验证Sesion】,通过就放行,不通过会被重定向到登录页面。
二、springboot用户验证
1、模板页面
login模板
<!DOCTYPE html>
<html>
<head>
<title>index.html</title>
<meta name="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<form th:action="@{/yanzheng}" method="post">
用户:<input type="text" name="name" placeholder="请输入用户名"><br>
密码:<input type="password" name="password" placeholder="请输入密码"><br>
<input type="submit" value="提交">
</form>
</body>
</html>
index 模板
<!DOCTYPE html>
<html>
<head>
<title>index.html</title>
<meta name="content-type" content="text/html; charset=UTF-8">
</head>
<body>
这是主页 <br>
<a th:href="@{/ciye}">第二页跳转</a>
</body>
</html>
2、拦截器
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
//就是拦截器
public class SessionInterceptor implements HandlerInterceptor {
@Override
public void afterCompletion(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, Exception arg3)
throws Exception {
}
@Override
public void postHandle(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, ModelAndView arg3)
throws Exception {
}
@Override
public boolean preHandle(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2) throws Exception {
//普通路径放行
if ("/yanzheng".equals(arg0.getRequestURI()) || "/login".equals(arg0.getRequestURI())) {
return true;}
//权限路径拦截
Object object = arg0.getSession().getAttribute("users");
if (null == object) {
arg1.sendRedirect("/login");
return false;}
return true;
}
}
3、配置拦截器
import org.omg.PortableInterceptor.Interceptor;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
import org.springframework.web.servlet.mvc.WebContentInterceptor;
@Configuration
// web配置文件(web.xml)添加一个拦截器
public class SessionConfiguration extends WebMvcConfigurerAdapter{
@Override
public void addInterceptors(InterceptorRegistry registry ){
registry.addInterceptor(new SessionInterceptor()).addPathPatterns("/");
//网站配置生成器:添加一个拦截器,拦截路径为整个项目
}
}
4、验证Controller
先来个实体类,方便接收数据
public class User {
private String name,password;
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;}
public String getPassword() {return password;
}
public void setPassword(String password) {
this.password = password;
}
@Override
public String toString() {
return "User [name=" + name + ", password=" + password + "]";
}
}
验证Controller
@Controller
public class MainControler {
@RequestMapping("/index")
public String showindex(){
return "index";
}
@RequestMapping("/login")
public String showlogin(){
return "login";
}
@RequestMapping("/yanzheng")
//也可以添加标注@ResponseBody 返回数据给页面(js跳转)
public String yanzheng(User user ,HttpServletRequest request){
//只是密码的简单判断,哈哈。当然也可以连数据判断
if("1234".equals(user.getPassword())){
request.getSession().setAttribute("users", user.getName());
//先添加到session,在跳转
return "index";
}else {
return "login";
}
}
}