Spring MVC,拦截器实现session控制
2013-03-19 17:02
471 查看
本文基于Spring MVC 注解,让Spring跑起来。
未登录,不允许访问background文件夹内的页面,那如何判断是否登录呢?background是关键目录,每个操作该目录的人都需要写在日志表中,如何实现呢?拦截器是实现方案之一。
(1) 在com.geloin.spring.interceptor包中添加SystemInterceptor,并使其继承HandlerInterceptor
[java]
view plaincopyprint?
/**
*
* @author geloin
* @date 2012-3-27 下午2:29:35
*/
package com.geloin.spring.interceptor;
import java.io.PrintWriter;
import java.util.Iterator;
import java.util.Map;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.stereotype.Repository;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import com.embest.ruisystem.form.SystemLoggerForm;
import com.embest.ruisystem.form.SystemUserForm;
import com.embest.ruisystem.service.SystemLoggerService;
import com.embest.ruisystem.util.Constants;
import com.embest.ruisystem.util.DataUtil;
/**
*
* @author geloin
* @date 2012-3-27 下午2:29:35
*/
@Repository
public class SystemInterceptor
extends HandlerInterceptorAdapter {
@Resource(name =
"systemLoggerService")
private SystemLoggerService systemLoggerService;
/*
* (non-Javadoc)
*
* @see
* org.springframework.web.servlet.handler.HandlerInterceptorAdapter#preHandle
* (javax.servlet.http.HttpServletRequest,
* javax.servlet.http.HttpServletResponse, java.lang.Object)
*/
@SuppressWarnings({ "rawtypes",
"unchecked" })
@Override
public boolean preHandle(HttpServletRequest request,
HttpServletResponse response, Object handler)
throws Exception {
request.setCharacterEncoding("UTF-8");
response.setCharacterEncoding("UTF-8");
response.setContentType("text/html;charset=UTF-8");
// 后台session控制
String[] noFilters = new String[] {
"login.html", "veriCode.html",
"index.html",
"logout.html" };
String uri = request.getRequestURI();
if (uri.indexOf("background") != -1) {
boolean beFilter =
true;
for (String s : noFilters) {
if (uri.indexOf(s) != -1) {
beFilter = false;
break;
}
}
if (beFilter) {
Object obj = request.getSession().getAttribute(
Constants.LOGINED);
if (null == obj) {
// 未登录
PrintWriter out = response.getWriter();
StringBuilder builder =
new StringBuilder();
builder.append("<script type=\"text/javascript\" charset=\"UTF-8\">");
builder.append("alert(\"页面过期,请重新登录\");");
builder.append("window.top.location.href=\"");
builder.append(Constants.basePath);
builder.append("/background/index.html\";</script>");
out.print(builder.toString());
out.close();
return
false;
} else {
// 添加日志
String operateContent = Constants.operateContent(uri);
if (null != operateContent) {
String url = uri.substring(uri.indexOf("background"));
String ip = request.getRemoteAddr();
Integer userId = ((SystemUserForm) obj).getId();
SystemLoggerForm form =
new SystemLoggerForm();
form.setUserId(userId);
form.setIp(ip);
form.setOperateContent(operateContent);
form.setUrl(url);
this.systemLoggerService.edit(form);
}
}
}
}
Map paramsMap = request.getParameterMap();
for (Iterator<Map.Entry> it = paramsMap.entrySet().iterator(); it
.hasNext();) {
Map.Entry entry = it.next();
Object[] values = (Object[]) entry.getValue();
for (Object obj : values) {
if (!DataUtil.isValueSuccessed(obj)) {
throw new RuntimeException("有非法字符:" + obj);
}
}
}
return super.preHandle(request, response, handler);
}
}
(2) 修改context-dispatcher.xml,让spring管理拦截器
[java]
view plaincopyprint?
<mvc:interceptors>
<bean class="com.geloin.spring.interceptor.SystemInterceptor" />
</mvc:interceptors>
未登录,不允许访问background文件夹内的页面,那如何判断是否登录呢?background是关键目录,每个操作该目录的人都需要写在日志表中,如何实现呢?拦截器是实现方案之一。
(1) 在com.geloin.spring.interceptor包中添加SystemInterceptor,并使其继承HandlerInterceptor
[java]
view plaincopyprint?
/**
*
* @author geloin
* @date 2012-3-27 下午2:29:35
*/
package com.geloin.spring.interceptor;
import java.io.PrintWriter;
import java.util.Iterator;
import java.util.Map;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.stereotype.Repository;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import com.embest.ruisystem.form.SystemLoggerForm;
import com.embest.ruisystem.form.SystemUserForm;
import com.embest.ruisystem.service.SystemLoggerService;
import com.embest.ruisystem.util.Constants;
import com.embest.ruisystem.util.DataUtil;
/**
*
* @author geloin
* @date 2012-3-27 下午2:29:35
*/
@Repository
public class SystemInterceptor
extends HandlerInterceptorAdapter {
@Resource(name =
"systemLoggerService")
private SystemLoggerService systemLoggerService;
/*
* (non-Javadoc)
*
* @see
* org.springframework.web.servlet.handler.HandlerInterceptorAdapter#preHandle
* (javax.servlet.http.HttpServletRequest,
* javax.servlet.http.HttpServletResponse, java.lang.Object)
*/
@SuppressWarnings({ "rawtypes",
"unchecked" })
@Override
public boolean preHandle(HttpServletRequest request,
HttpServletResponse response, Object handler)
throws Exception {
request.setCharacterEncoding("UTF-8");
response.setCharacterEncoding("UTF-8");
response.setContentType("text/html;charset=UTF-8");
// 后台session控制
String[] noFilters = new String[] {
"login.html", "veriCode.html",
"index.html",
"logout.html" };
String uri = request.getRequestURI();
if (uri.indexOf("background") != -1) {
boolean beFilter =
true;
for (String s : noFilters) {
if (uri.indexOf(s) != -1) {
beFilter = false;
break;
}
}
if (beFilter) {
Object obj = request.getSession().getAttribute(
Constants.LOGINED);
if (null == obj) {
// 未登录
PrintWriter out = response.getWriter();
StringBuilder builder =
new StringBuilder();
builder.append("<script type=\"text/javascript\" charset=\"UTF-8\">");
builder.append("alert(\"页面过期,请重新登录\");");
builder.append("window.top.location.href=\"");
builder.append(Constants.basePath);
builder.append("/background/index.html\";</script>");
out.print(builder.toString());
out.close();
return
false;
} else {
// 添加日志
String operateContent = Constants.operateContent(uri);
if (null != operateContent) {
String url = uri.substring(uri.indexOf("background"));
String ip = request.getRemoteAddr();
Integer userId = ((SystemUserForm) obj).getId();
SystemLoggerForm form =
new SystemLoggerForm();
form.setUserId(userId);
form.setIp(ip);
form.setOperateContent(operateContent);
form.setUrl(url);
this.systemLoggerService.edit(form);
}
}
}
}
Map paramsMap = request.getParameterMap();
for (Iterator<Map.Entry> it = paramsMap.entrySet().iterator(); it
.hasNext();) {
Map.Entry entry = it.next();
Object[] values = (Object[]) entry.getValue();
for (Object obj : values) {
if (!DataUtil.isValueSuccessed(obj)) {
throw new RuntimeException("有非法字符:" + obj);
}
}
}
return super.preHandle(request, response, handler);
}
}
/** * * @author geloin * @date 2012-3-27 下午2:29:35 */ package com.geloin.spring.interceptor; import java.io.PrintWriter; import java.util.Iterator; import java.util.Map; import javax.annotation.Resource; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.springframework.stereotype.Repository; import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; import com.embest.ruisystem.form.SystemLoggerForm; import com.embest.ruisystem.form.SystemUserForm; import com.embest.ruisystem.service.SystemLoggerService; import com.embest.ruisystem.util.Constants; import com.embest.ruisystem.util.DataUtil; /** * * @author geloin * @date 2012-3-27 下午2:29:35 */ @Repository public class SystemInterceptor extends HandlerInterceptorAdapter { @Resource(name = "systemLoggerService") private SystemLoggerService systemLoggerService; /* * (non-Javadoc) * * @see * org.springframework.web.servlet.handler.HandlerInterceptorAdapter#preHandle * (javax.servlet.http.HttpServletRequest, * javax.servlet.http.HttpServletResponse, java.lang.Object) */ @SuppressWarnings({ "rawtypes", "unchecked" }) @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { request.setCharacterEncoding("UTF-8"); response.setCharacterEncoding("UTF-8"); response.setContentType("text/html;charset=UTF-8"); // 后台session控制 String[] noFilters = new String[] { "login.html", "veriCode.html", "index.html", "logout.html" }; String uri = request.getRequestURI(); if (uri.indexOf("background") != -1) { boolean beFilter = true; for (String s : noFilters) { if (uri.indexOf(s) != -1) { beFilter = false; break; } } if (beFilter) { Object obj = request.getSession().getAttribute( Constants.LOGINED); if (null == obj) { // 未登录 PrintWriter out = response.getWriter(); StringBuilder builder = new StringBuilder(); builder.append("<script type=\"text/javascript\" charset=\"UTF-8\">"); builder.append("alert(\"页面过期,请重新登录\");"); builder.append("window.top.location.href=\""); builder.append(Constants.basePath); builder.append("/background/index.html\";</script>"); out.print(builder.toString()); out.close(); return false; } else { // 添加日志 String operateContent = Constants.operateContent(uri); if (null != operateContent) { String url = uri.substring(uri.indexOf("background")); String ip = request.getRemoteAddr(); Integer userId = ((SystemUserForm) obj).getId(); SystemLoggerForm form = new SystemLoggerForm(); form.setUserId(userId); form.setIp(ip); form.setOperateContent(operateContent); form.setUrl(url); this.systemLoggerService.edit(form); } } } } Map paramsMap = request.getParameterMap(); for (Iterator<Map.Entry> it = paramsMap.entrySet().iterator(); it .hasNext();) { Map.Entry entry = it.next(); Object[] values = (Object[]) entry.getValue(); for (Object obj : values) { if (!DataUtil.isValueSuccessed(obj)) { throw new RuntimeException("有非法字符:" + obj); } } } return super.preHandle(request, response, handler); } }
(2) 修改context-dispatcher.xml,让spring管理拦截器
[java]
view plaincopyprint?
<mvc:interceptors>
<bean class="com.geloin.spring.interceptor.SystemInterceptor" />
</mvc:interceptors>
相关文章推荐
- Spring MVC,拦截器实现session控制
- Spring MVC拦截器实现session控制,权限控制
- Spring MVC,拦截器实现session控制
- Spring MVC,拦截器实现session控制
- 详解Spring MVC拦截器实现session控制
- Spring MVC,拦截器实现session控制
- 【Spring MVC】教程——使用拦截器实现权限控制
- 【Spring MVC】教程——使用拦截器实现权限控制
- Spring MVC使用拦截器实现权限控制
- ExtJS4.2.1与Spring MVC实现Session超时控制
- 【Spring MVC】教程——使用拦截器实现权限控制
- Spring MVC代码实例系列-11:Spring MVC实现简单的权限控制拦截器和请求信息统计拦截器
- ExtJS4.2.1与Spring MVC实现Session超时控制
- struts2通过拦截器,实现权限控制功能
- Spring MVC拦截器+注解方式实现防止表单重复提交
- springMVC 拦截器session控制
- 分布式系统登录功能拦截器的实现以及cookie的共享问题(利用cookie实现session在分布式系统的共享)
- spring mvc 实现网站登录与非登录的控制
- Spring mvc拦截器+angular js拦截器 做用户登录拦截控制
- SpringMVC配置拦截器实现登录控制的方法