spring mvc 拦截器怎么拦截jsp页面
2016-10-31 13:18
363 查看
spring mvc 拦截器怎么拦截jsp页面
你这个 是拦截带 /jsp 的 .do请求
解决方案
用spring 的拦截器 去拦截 所有的 .do 请求,
然后写一个 过滤器去拦截 所有的.jsp 的请求
这样才能防止循环过滤
这种会把所有jsp请求过滤不推荐。
<filter>
<filter-name> loginFilter</filter-name>
<filter-class>
net.techfinger.yoyoapp.interceptor.CheckLoginFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>loginFilter</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<servlet-mapping>
<servlet-name>Spring-Servlet</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
public class CheckLoginFilter implements Filter{
@Override
public void destroy() {
// TODO Auto-generated method stub
}
@Override
public void doFilter(ServletRequest servletRequest,
ServletResponse servletResponse, FilterChain filterChain)
throws IOException, ServletException {
// TODO Auto-generated method stub
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
HttpSession session = request.getSession();
// 获得用户请求的URI
String path = request.getRequestURI();
String contextPath = request.getContextPath();
String url = path.substring(contextPath.length());
Person person =SessionUtils.getPerson(request);
if (person == null) {
response.sendRedirect(contextPath+"/person.do?method=tologin");
return;
}
if (person.getId()!=null&&person.getPassword()!=null) {
filterChain.doFilter(servletRequest, servletResponse);
return;
}
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
}
public class AuthInterceptor extends HandlerInterceptorAdapter {
private final static Logger log= Logger.getLogger(AuthInterceptor.class);
@Override
public boolean preHandle(HttpServletRequest request,
HttpServletResponse response, Object handler) throws Exception {
HandlerMethod method = (HandlerMethod)handler;
Auth auth = method.getMethod().getAnnotation(Auth.class);
////验证登陆超时问题
auth = null,默认验证
if( auth == null || auth.verifyLogin()){
String baseUri = request.getContextPath();
String path = request.getServletPath();
Person person =SessionUtils.getPerson(request);
if(person == null){
if(path.endsWith(".jsp")){
response.setStatus(response.SC_GATEWAY_TIMEOUT);
response.sendRedirect(baseUri+"/person.do?method=tologin");
return false;
}else{
response.setStatus(response.SC_GATEWAY_TIMEOUT);
Map<String, Object> result = new
HashMap<String, Object>();
/* result.put("success", false);
result.put("logoutFlag", true);//登录标记 true 退出
result.put("msg", "登录超时.");
XmlUtil.sendMsg(response, result);*/
response.sendRedirect(baseUri+"/person.do?method=tologin");
return false;
}
}
}
//验证URL权限
if( auth == null || auth.verifyURL()){/*
//判断请求的url,是否包含在该角色的url里
String methodName=request.getParameter("method");
String menuUrl = StringUtils.remove(request.getRequestURI(),request.getContextPath())+"?method="+methodName;
System.out.println(menuUrl);
if(!SessionUtils.isAccessUrl(request, StringUtils.trim(menuUrl))){
//日志记录
String userMail = SessionUtils.getPerson(request).getLoginName();
String msg ="URL权限验证不通过:[url="+menuUrl+"][email
="+ userMail+"]" ;
log.error(msg);
response.setStatus(response.SC_FORBIDDEN);
Map<String, Object> result = new
HashMap<String, Object>();
result.put("success", false);
result.put("msg", "没有权限访问,请联系管理员.");
XmlUtil.sendMsg(response, result);
return false;
}
*/}
return super.preHandle(request, response, handler);
}
你这个 是拦截带 /jsp 的 .do请求
解决方案
用spring 的拦截器 去拦截 所有的 .do 请求,
然后写一个 过滤器去拦截 所有的.jsp 的请求
这样才能防止循环过滤
这种会把所有jsp请求过滤不推荐。
<filter>
<filter-name> loginFilter</filter-name>
<filter-class>
net.techfinger.yoyoapp.interceptor.CheckLoginFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>loginFilter</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<servlet-mapping>
<servlet-name>Spring-Servlet</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
public class CheckLoginFilter implements Filter{
@Override
public void destroy() {
// TODO Auto-generated method stub
}
@Override
public void doFilter(ServletRequest servletRequest,
ServletResponse servletResponse, FilterChain filterChain)
throws IOException, ServletException {
// TODO Auto-generated method stub
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
HttpSession session = request.getSession();
// 获得用户请求的URI
String path = request.getRequestURI();
String contextPath = request.getContextPath();
String url = path.substring(contextPath.length());
Person person =SessionUtils.getPerson(request);
if (person == null) {
response.sendRedirect(contextPath+"/person.do?method=tologin");
return;
}
if (person.getId()!=null&&person.getPassword()!=null) {
filterChain.doFilter(servletRequest, servletResponse);
return;
}
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
}
public class AuthInterceptor extends HandlerInterceptorAdapter {
private final static Logger log= Logger.getLogger(AuthInterceptor.class);
@Override
public boolean preHandle(HttpServletRequest request,
HttpServletResponse response, Object handler) throws Exception {
HandlerMethod method = (HandlerMethod)handler;
Auth auth = method.getMethod().getAnnotation(Auth.class);
////验证登陆超时问题
auth = null,默认验证
if( auth == null || auth.verifyLogin()){
String baseUri = request.getContextPath();
String path = request.getServletPath();
Person person =SessionUtils.getPerson(request);
if(person == null){
if(path.endsWith(".jsp")){
response.setStatus(response.SC_GATEWAY_TIMEOUT);
response.sendRedirect(baseUri+"/person.do?method=tologin");
return false;
}else{
response.setStatus(response.SC_GATEWAY_TIMEOUT);
Map<String, Object> result = new
HashMap<String, Object>();
/* result.put("success", false);
result.put("logoutFlag", true);//登录标记 true 退出
result.put("msg", "登录超时.");
XmlUtil.sendMsg(response, result);*/
response.sendRedirect(baseUri+"/person.do?method=tologin");
return false;
}
}
}
//验证URL权限
if( auth == null || auth.verifyURL()){/*
//判断请求的url,是否包含在该角色的url里
String methodName=request.getParameter("method");
String menuUrl = StringUtils.remove(request.getRequestURI(),request.getContextPath())+"?method="+methodName;
System.out.println(menuUrl);
if(!SessionUtils.isAccessUrl(request, StringUtils.trim(menuUrl))){
//日志记录
String userMail = SessionUtils.getPerson(request).getLoginName();
String msg ="URL权限验证不通过:[url="+menuUrl+"][email
="+ userMail+"]" ;
log.error(msg);
response.setStatus(response.SC_FORBIDDEN);
Map<String, Object> result = new
HashMap<String, Object>();
result.put("success", false);
result.put("msg", "没有权限访问,请联系管理员.");
XmlUtil.sendMsg(response, result);
return false;
}
*/}
return super.preHandle(request, response, handler);
}
相关文章推荐
- spring mvc 拦截器拦截jsp页面
- Spring mvc怎么获取当前应用的url地址?即jsp页面中的${contextpath}怎么得到?
- Spring mvc怎么获取当前应用的url地址?即jsp页面中的${contextpath}怎么得到?
- Spring MVC 拦截器问题,如何配置不需要拦截的页面
- Spring Mvc中Jsp也页面怎么会获取不到Controller中的数据
- spring mvc 在jsp页面如何使时间以格式yyyy-MM-dd HH:mm:ss显示,24小时制
- spring mvc时jsp页面表单关联form属性多层关联问题.
- 怎么在jsp页面加载时向Servlet发出请求
- 在jsp页面的背景里怎么添加FLSA
- Struts2 拦截器控制jsp页面跳转
- jsp页面中使用超链接标签<a>中的属性<href>和<onclick>同时触发怎么执行
- 一个在JSP页面输出“HelloWorld”的Spring MVC实例
- SPRING MVC控制层传递对象后在JSP页面中的取值方法
- 怎么从ActionInvocation(拦截器)中获取用户jsp表单提交的所有值,比如用户输入的任意项
- 在jsp中怎么实现登录后自动跳转到登陆前浏览页面
- java Filter之拦截jsp页面检查用户是否已经登录
- 怎么在JSP页面里面捕捉关闭IE浏览器事件
- JSP教程(六)-怎么在JSP中跳转到别一页面
- 我的jsp程序中有的页面中某些汉字显示为?,怎么办?
- 使用filter拦截servlet和jsp页面的内容,进行过滤后输出