SpringMVC拦截器实现登录验证
2017-09-11 15:10
519 查看
Spring拦截器说明:
拦截器通过统一拦截从浏览器发往服务器的请求,进行相应的处理,完成功能增强SpringMVC拦截器是可插拔式设计,使用时,直接在配置文件中应用该拦截器即可
使用场景:解决浏览器请求的共性问题(如:用户权限验证,乱码等)
SpringMVC中的拦截器类通过实现HandlerInterceptor接口完成,
HandlerInterceptor接口中定义了如下三个方法:
boolean preHandle(HttpServletRequest request,HttpServletRepsonse repsonse,Object handler). 该方法在请求处理之前被调用,可以在此方法中进行一些初始化操作,也可以进行一些判断来决定请求是否继续执行。(若返回值为true,则正常往下执行,若为false,其余两个方法不会执行,且后边的Interceptor和Controller不再执行)
boolean postHandle(HttpServletRequest request,HttpServletRepsonse repsonse,Object handler,ModelAndView mv). 该方法在请求被Controller处理之后,返回dispatcherServlet进行视图渲染之前执行,因此我们能操作Controller处理后的ModelAndView对象。
void afterCompletion(HttpServletRequest request,HttpServletRepsonse repsonse,Object handler,Exception exception) 该方法在整个请求结束之后执行,主要进行资源清理等。
登录验证实现:
控制器:InterceptorController.java
import javax.servlet.http.HttpSession;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.servlet.ModelAndView;
import com.zpc.entity.User;
@Controller
public class InterceptorController {
private static final Log logger = LogFactory.getLog(InterceptorController.class);
@RequestMapping(value="/{formName}")
public String loginForm(@PathVariable String formName) {
//动态页面跳转
return formName;
}
@RequestMapping(value="/loginForm",method=RequestMethod.POST)
public ModelAndView login(String username,String password,ModelAndView mv,HttpSession session) {
if(username.equals("zpc") && username != null && password.equals("123456") && password != null) {
User user = new User();
user.setUsername(username);
user.setPassword(password);
logger.info(user);
session.setAttribute("user", user);
mv.setViewName("redirect:index");
}else {
mv.addObject("error","用户名或密码错误");
mv.setViewName("login");
}
return mv;
}
}bookController.java
import java.util.ArrayList;
import java.util.List;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.servlet.ModelAndView;
import com.zpc.entity.Book;
public class bookController {
@RequestMapping(value="/index")
public ModelAndView book(ModelAndView mv) {
List<Book> books = new ArrayList<Book>();
books.add(new Book(10001,"JavaScript从入门到精通","明日科技"));
books.add(new Book(10002,"Ajax从入门到精通","强锋科技"));
books.add(new Book(10003,"Spring+MyBatista企业应用实战","疯狂软件"));
mv.addObject(books);
mv.setViewName("index");
return mv;
}
}拦截器类:
MyInterceptor.java
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import com.zpc.entity.User;
public class MyInterceptor implements HandlerInterceptor {
private static final String[] IGNORE_URI = {"/login"};
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception exception)
throws Exception {
System.out.println("afterCompletion方法执行了...");
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView mv)
throws Exception {
System.out.println("postHandle方法执行了...");
}
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
System.out.println("preHandle方法执行了...");
boolean flag = false;
String servletPath = request.getServletPath();
for(String s : IGNORE_URI) {
if(servletPath.contains(s)) {
flag = true;
break;
}
}
if(flag == false) {
User user = (User) request.getSession().getAttribute("user");
if(user == null) {
request.setAttribute("error", "您还没有登录,请登录!");
request.getRequestDispatcher("login").forward(request, response);
}else {
flag = true;
}
}
return flag;
}
}SpringMVC配置文件(主要看 定义SpringMVC拦截器):
dispatcher-config.xml
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p" xmlns:context="http://www.springframework.org/schema/context" xmlns:mvc="http://www.springframework.org/schema/mvc" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-4.3.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.3.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.3.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd"> <!-- 启用Spring关于annotation的DI,以便在Spring-MVC中使用Spring强大的功能。激活@Required @Autowired @Resource 等标注 --> <context:annotation-config/> <!-- 1.扩充了注解驱动,可以将请求参数绑定到控制器参数 2.自动注册了RequestMappingHandlerMapping和RequestMappingHandlerAdapter两个bean 3.@NumberFormatannotation支持 4.@DateTimeFormat支持 5.@Valid支持 6.读写XML文件的支持(JAXB) 7.读写JSON的支持 --> <mvc:annotation-driven/> <!-- 定义SpringMVC拦截器 --> <mvc:interceptors> <mvc:interceptor> <!-- 拦截所有请求 --> <mvc:mapping path="/*"/> <bean class="com.zpc.interceptor.MyInterceptor"/> </mvc:interceptor> </mvc:interceptors> <!-- 使用默认的Servlet响应静态文件。如js,css,image等 --> <mvc:default-servlet-handler/> <!-- 只管理Controller类型的bean,忽略其它类型的bean,如@Service --> <context:component-scan base-package="com.zpc.controller" > <context:include-filter type="annotation" expression="org.springframework.stereotype.Controller"/> </context:component-scan> <!-- 对模型视图名称的解析,即在模型视图名称添加前后缀 --> <bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver"/> </beans>
登录页面:
login.jsp
<%@ page language="java" contentType="text/html; charset=utf-8"
pageEncoding="utf-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>login</title>
</head>
<body>
<form action="loginForm" method="POST">
<font color="red">${requestScope.error}</font>
用户名:<input type="text" name="username"/><br/>
密 码:<input type="text" name="password"/><br/>
<input type="submit" value="登录"/>
</form>
</body>
</html>结果页:
index.jsp
<%@ page language="java" contentType="text/html; charset=utf-8"
pageEncoding="utf-8"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>index</title>
</head>
<body>
<h4>欢迎[${sessionScope.user.username}]访问</h4><br/>
<table>
<tr>
<th>编号</th><th>书名</th><th>作者</th>
</tr>
<c:forEach items="${requestScope.books}" var="book">
<tr>
<td>${book.bookId}</td>
<td>${book.bookName}</td>
<td>${book.author}</td>
</tr>
</c:forEach>
</table>
</body>
</html>当在地址栏直接输入http://localhost:8080/interceptor/login时,进入登录页
当在地址栏直接输入http://localhost:8080/interceptor/index时,进入登录页,并提示未登录,说明拦截器起作用了
当在地址栏直接输入http://localhost:8080/interceptor/loginForm时,报404错误,因为我们配置的访问方法为POST方法
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- SpringMVC拦截器――实现登录验证拦截器的示例代码
- SpringMVC学习笔记2_拦截器实现登录验证
- SpringMVC拦截器实现登录验证的例子
- SpringMVC拦截器(实现登录验证拦截器)
- SpringMVC拦截器(实现登录验证拦截器)
- SpringMVC拦截器(实现登录验证拦截器)
- SpringMVC拦截器实现登录认证(2017修正版)
- springmvc拦截器实现对用户登录状态的判断
- SpringMVC 拦截器实现原理和登录实现
- 用拦截器实现登录验证功能AuthorizationInterceptor
- 基于SSH2框架Struts2拦截器的登录验证实现
- SpringMVC拦截器实现登录控制
- SpringMVC拦截器实现登录
- Springmvc拦截器实现网站非登录不能访问。
- SpringMVC拦截器实现登录认证
- springMVC拦截器进行登录验证
- SpringMVC拦截器实现登录认证
- struts2 实现登录拦截器和验证方法
- 自定义拦截器实现验证登录
- node.js学习笔记(3)-node.js结合mysql数据库实现的web项目中常见功能--登录验证、session传值、拦截器、ajax传值等