1、过滤器
1.1、创建过滤器类,设置过滤规则。
public class LoginFilter implements Filter {
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest rq = (HttpServletRequest)request;
HttpServletResponse rp = (HttpServletResponse)response;
//获取session
Object admin = rq.getSession().getAttribute("userSession");
//indexOf()方法是区分大小写的!如果要检索的字符串值没有出现,则该方法返回-1。
if(admin == null && rq.getRequestURI().indexOf("/login") == -1){
// 没有登录 强制跳转到登录页面
request.getRequestDispatcher("login.jsp").forward(request, response);
}else{
// 已经登录,继续请求下一级资源(继续访问)
chain.doFilter(request, response);
}
}
1.2、在web.xml配置过滤器,设置过滤需要过滤的路径。
<filter>
<filter-name>SessionFilter</filter-name>
<filter-class>com.itlhc.filter.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>SessionFilter</filter-name>
<!--这里过滤全部路径-->
<url-pattern>/*</url-pattern>
</filter-mapping>
2、拦截器
2.1、创建过拦截器类,设置拦截规则。
public class LoginHandlerInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
// 登录成功应该有session(在登陆的Controller中设置session)
Object admin = request.getSession().getAttribute("userSession");
System.out.println(admin);
if (admin == null) {
request.setAttribute("msg", "没有权限,请先登录!");
request.getRequestDispatcher("login.jsp").forward(request, response);
return false;
} else {
return true;
}
}
}
2.2、在spring-mvc.xml配置文件下设置拦截器,设置不拦截的路径。
<!--配置拦截器-->
<mvc:interceptors>
<mvc:interceptor>
<!--// 所有请求都拦截-->
<mvc:mapping path="/**"/>
<!--// 放行登录界面和登陆请求-->
<mvc:exclude-mapping path="/login.jsp"/>
<mvc:exclude-mapping path="/login"/>
<!--// 拦截器类的位置-->
<bean class="com.itlhc.filter.LoginHandlerInterceptor"/>
</mvc:interceptor>
</mvc:interceptors>
3、登录注销设置
@RequestMapping("/logout")
public String Logout(HttpServletRequest request){
//清除session
request.getSession().removeAttribute(Constants.USER_SESSION);
return "redirect:login.jsp";
}