在interceptor包下
package com.interceptor;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import com.po.User;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
@Component
public class UserInterceptor implements HandlerInterceptor {
//这个方法是在访问接口之前执行的,我们只需要在这里写验证登陆状态的业务逻辑,就可以在用户调用指定接口之前验证登陆状态了
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
//每一个项目对于登陆的实现逻辑都有所区别,我这里使用最简单的Session提取User来验证登陆。
HttpSession session = request.getSession();
//这里的User是登陆时放入session的
User user = (User) session.getAttribute("user");
//如果session中没有user,表示没登陆
if (user == null){
//这个方法返回false表示忽略当前请求,如果一个用户调用了需要登陆才能使用的接口,如果他没有登陆这里会直接忽略掉
//当然你可以利用response给用户返回一些提示信息,告诉他没登陆
request.getRequestDispatcher("/views/login.jsp").forward(request, response);
return false;
}else {
return true; //如果session里有user,表示该用户已经登陆,放行,用户即可继续调用自己需要的接口
}
}
public void postHandle(
HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView)
throws Exception{
}
public void afterCompletion(
HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
throws Exception{
}
}
与启动器同级目录创建
package com;
import org.aopalliance.intercept.Interceptor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.SpringBootConfiguration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
import com.interceptor.UserInterceptor;
@SpringBootConfiguration
public class SpringMvcConfigure extends WebMvcConfigurerAdapter
{
@Autowired
public UserInterceptor userInterceptor;
@Override
public void addInterceptors(InterceptorRegistry registry){
InterceptorRegistration userRegistration=registry.addInterceptor(userInterceptor);
userRegistration.addPathPatterns("/user/getSubject");
}
}
addPathPatterns("/**") 表示拦截所有的请求,
excludePathPatterns("/login", "/register") 表示除了登陆与注册之外,因为登陆注册不需要登陆也可以访问
addPathPatterns 用来设置拦截路径,excludePathPatterns 用来设置白名单,也就是不需要触发这个拦截器的路径。