首先需要在spring mvc的配置文件中写一个拦截器:
<!-- 拦截器 -->
<mvc:interceptors>
<mvc:interceptor>
<mvc:mapping path="/admin/**" />
<bean id="adminInterceptor" class="com.message.interceptor.AdminInterceptor" />
</mvc:interceptor>
</mvc:interceptors>
这里过滤包含admin的请求,然后去写这个AdminInterceptor
package com.message.interceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import com.message.entity.User;
import com.message.service.UserService;
/**
* 后台登录验证
*
* @author lolli
*
*/
public class AdminInterceptor implements HandlerInterceptor {
@Autowired
private UserService userService;
@Override
public void afterCompletion(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, Exception arg3)
throws Exception {
// TODO Auto-generated method stub
}
@Override
public void postHandle(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, ModelAndView arg3)
throws Exception {
// TODO Auto-generated method stub
}
/**
* 拦截后台请求
*/
@Override
public boolean preHandle(HttpServletRequest req, HttpServletResponse res, Object arg2) throws Exception {
String reqURL = req.getRequestURL().toString();
System.out.println("后台请求的url: " + reqURL);
if (!reqURL.contains("/admin/member")) {
return true;
}
// 判断当前用户是否登录,且判断是否为管理员
User user = (User) req.getSession().getAttribute("admin_user");
if (user != null && user.getRole().getId() == 1) {
// 每次请求刷新session中的数据
req.getSession().setAttribute("admin_user", userService.findById(Long.valueOf(user.getId())));
return true;
} else {
// 重定向到登录页面
res.sendRedirect(req.getContextPath() + "/admin.jhtml?reqUrl=" + reqURL);
return false;
}
}
}
前提是我们登录的时候需要把“USER”放在session里。