SpringMVC拦截器实现登录认证
2017-04-21 15:35
323 查看
当使用到springmvc的做网页工程的时候,总会遇到需要判断登陆权限的,一般的做法是每次登陆的话,发送给后台,后台返回一个唯一的token,以便标识用户每一次请求的权限,如果没有登陆成功,则token为空,访问任意网址都会跳到登陆界面.
注意: 不过我发现了网上所有的登陆权限认证,都忽略了一个问题,如果你的项目中有js/css等其他代码的话,是会都拦截到,就会一直陷入死循环中,导致无法进入主界面,需要把这些js和css等界面的所需的文件,也进行判断才能顺利拦截。(还有访问登陆界面的路径、点击登陆按钮访问后台的路径,都需要判断),其他的路径的话,如果没有token就返回主界面.
pom.xml :
web.xml:
springmvc.xml:
logincontrol.java:
LoginInterceptor.java:
login.jsp:
hello.jsp:
总体结构:
注意: 不过我发现了网上所有的登陆权限认证,都忽略了一个问题,如果你的项目中有js/css等其他代码的话,是会都拦截到,就会一直陷入死循环中,导致无法进入主界面,需要把这些js和css等界面的所需的文件,也进行判断才能顺利拦截。(还有访问登陆界面的路径、点击登陆按钮访问后台的路径,都需要判断),其他的路径的话,如果没有token就返回主界面.
pom.xml :
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>ldns</groupId> <artifactId>springmvc</artifactId> <packaging>war</packaging> <version>0.0.1-SNAPSHOT</version> <name>springmvc Maven Webapp</name> <url>http://maven.apache.org</url> <properties> <!-- spring版本号 --> <spring.version>4.3.3.RELEASE</spring.version> </properties> <dependencies> <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <version>4.11</version> <!-- 表示开发的时候引入,发布的时候不会加载此包 --> <scope>test</scope> </dependency> <!-- spring核心包 --> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-core</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-web</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-oxm</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-tx</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-jdbc</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-webmvc</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-aop</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-context-support</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-test</artifactId> <version>${spring.version}</version> </dependency> <!-- JSTL标签类 --> <dependency> <groupId>jstl</groupId> <artifactId>jstl</artifactId> <version>1.2</version> </dependency> <dependency> <groupId>javax.servlet</groupId> <artifactId>javax.servlet-api</artifactId> <version>3.1.0</version> </dependency> </dependencies> <build> <finalName>springmvc</finalName> </build> </project>
web.xml:
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0"> <display-name>springmvc</display-name> <context-param> <param-name>contextConfigLocation</param-name> <param-value></param-value> </context-param> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <listener> <listener-class>org.springframework.web.util.IntrospectorCleanupListener</listener-class> </listener> <filter> <filter-name>encodingFilter</filter-name> <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class> <async-supported>true</async-supported> <init-param> <param-name>encoding</param-name> <param-value>UTF-8</param-value> </init-param> </filter> <filter-mapping> <filter-name>encodingFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <servlet> <servlet-name>SpringMVC</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <init-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:springmvc.xml</param-value> </init-param> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>SpringMVC</servlet-name> <url-pattern>/</url-pattern> </servlet-mapping> <welcome-file-list> <welcome-file>/WEB-INF/jsp/login.jsp</welcome-file> </welcome-file-list> </web-app>
springmvc.xml:
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" xmlns:tx="http://www.springframework.org/schema/tx" xmlns:mvc="http://www.springframework.org/schema/mvc" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd"> <!-- 自动扫描该包,使SpringMVC认为包下用了@controller注解的类是控制器 --> <context:component-scan base-package="com.test.controller" /> <!-- 访问静态资源 --> <mvc:default-servlet-handler /> <!-- 视图解析器 --> <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver"> <property name="prefix" value="/WEB-INF/jsp/"></property> <property name="suffix" value=".jsp"></property> </bean> <!-- 拦截器 --> <mvc:interceptors> <mvc:interceptor> <mvc:mapping path="/**" /> <bean class="com.test.interceptor.LoginInterceptor"></bean> </mvc:interceptor> </mvc:interceptors> </beans>
logincontrol.java:
package com.test.controller; import javax.servlet.http.HttpSession; @Controller public class LoginControl { @RequestMapping(value = "/login") public String login(HttpSession session, String username, String password) throws Exception { System.out.println("-----login------"); // 在Session里保存信息 session.setAttribute("username", username); // 重定向 return "hello"; } @RequestMapping(value = "/logout") public String logout(HttpSession session) throws Exception { // 清除Session session.invalidate(); return "hello"; } }
LoginInterceptor.java:
package com.test.interceptor; import javax.servlet.http.HttpServletRequest; public class LoginInterceptor implements HandlerInterceptor { @Override public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object arg2, Exception arg3) throws Exception { // TODO Auto-generated method stub } @Override public void postHandle(HttpServletRequest request, HttpServletResponse response, Object arg2, ModelAndView arg3) throws Exception { // TODO Auto-generated method stub } @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { System.out.println("------LoginInterceptor-------"); // 获取请求的URL String url = request.getRequestURI(); // URL:login.jsp是公开的;这个demo是除了login.jsp是可以公开访问的,其它的URL都进行拦截控制 // 注意:一些静态文件不能拦截,否则会死循环,知道内存耗尽 if (url.indexOf("login") >= 0) { return true; } // 获取Session HttpSession session = request.getSession(); String username = (String) session.getAttribute("username"); if (username != null) { return true; } // 不符合条件的,跳转到登录界面 // request.getRequestDispatcher("/WEB-INF/jsp/login.jsp").forward(request, response); response.sendRedirect("/test/login"); return false; } }
login.jsp:
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%> <%@taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <title>My JSP 'login.jsp' starting page</title> <meta http-equiv="pragma" content="no-cache"> <meta http-equiv="cache-control" content="no-cache"> <meta http-equiv="expires" content="0"> <meta http-equiv="keywords" content="keyword1,keyword2,keyword3"> <meta http-equiv="description" content="This is my page"> <!-- <link rel="stylesheet" type="text/css" href="styles.css"> --> </head> <body> <form action="login" method="post"> 用户名:<input type="text" name="username" /><br> 密码:<input type="text" name="password" /><br> <input type="submit" value="登录" /> </form> </body> </html>
hello.jsp:
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%> <%@taglib uri="http://www.springframework.org/tags" prefix="spring"%> <%@taglib uri="http://www.springframework.org/tags/form" prefix="form"%> <%@taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <title>My JSP 'hello.jsp' starting page</title> <meta http-equiv="pragma" content="no-cache"> <meta http-equiv="cache-control" content="no-cache"> <meta http-equiv="expires" content="0"> <meta http-equiv="keywords" content="keyword1,keyword2,keyword3"> <meta http-equiv="description" content="This is my page"> <!-- <link rel="stylesheet" type="text/css" href="styles.css"> --> </head> <body> 当前用户:${username} <c:if test="${username!=null}"> <a href="logout">退出</a> </c:if> </body> </html>
总体结构:
相关文章推荐
- SpringMVC拦截器实现登录认证
- SpringMVC拦截器实现登录认证(2017修正版)
- SpringMvc使用拦截器实现登录认证
- SpringMVC拦截器实现登录认证
- SpringMVC拦截器实现登录认证
- SpringMVC拦截器实现登录认证
- SpringMVC拦截器实现登录认证
- SpringMVC拦截器实现登录认证
- SpringMVC拦截器――实现登录验证拦截器的示例代码
- SpringMVC拦截器应用(实现登陆认证)
- SpringMVC通过拦截器实现登录控制
- SpringMVC 拦截器实现原理和登录实现
- Springmvc拦截器实现网站非登录不能访问。
- SpringMVC 拦截器实现原理和登录实现
- SpringMVC拦截器实现登录
- SpringMVC拦截器实现登录验证
- SpringMVC拦截器实现登录控制
- SpringMVC拦截器(实现登录验证拦截器)
- SpringMVC拦截器实现登录控制
- SpringMVC 拦截器实现原理跟登录实现