SpringMVC拦截器实现登录验证
2017-09-11 15:10
519 查看
Spring拦截器说明:
拦截器通过统一拦截从浏览器发往服务器的请求,进行相应的处理,完成功能增强SpringMVC拦截器是可插拔式设计,使用时,直接在配置文件中应用该拦截器即可
使用场景:解决浏览器请求的共性问题(如:用户权限验证,乱码等)
SpringMVC中的拦截器类通过实现HandlerInterceptor接口完成,
HandlerInterceptor接口中定义了如下三个方法:
boolean preHandle(HttpServletRequest request,HttpServletRepsonse repsonse,Object handler). 该方法在请求处理之前被调用,可以在此方法中进行一些初始化操作,也可以进行一些判断来决定请求是否继续执行。(若返回值为true,则正常往下执行,若为false,其余两个方法不会执行,且后边的Interceptor和Controller不再执行)
boolean postHandle(HttpServletRequest request,HttpServletRepsonse repsonse,Object handler,ModelAndView mv). 该方法在请求被Controller处理之后,返回dispatcherServlet进行视图渲染之前执行,因此我们能操作Controller处理后的ModelAndView对象。
void afterCompletion(HttpServletRequest request,HttpServletRepsonse repsonse,Object handler,Exception exception) 该方法在整个请求结束之后执行,主要进行资源清理等。
登录验证实现:
控制器:InterceptorController.java
import javax.servlet.http.HttpSession; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.servlet.ModelAndView; import com.zpc.entity.User; @Controller public class InterceptorController { private static final Log logger = LogFactory.getLog(InterceptorController.class); @RequestMapping(value="/{formName}") public String loginForm(@PathVariable String formName) { //动态页面跳转 return formName; } @RequestMapping(value="/loginForm",method=RequestMethod.POST) public ModelAndView login(String username,String password,ModelAndView mv,HttpSession session) { if(username.equals("zpc") && username != null && password.equals("123456") && password != null) { User user = new User(); user.setUsername(username); user.setPassword(password); logger.info(user); session.setAttribute("user", user); mv.setViewName("redirect:index"); }else { mv.addObject("error","用户名或密码错误"); mv.setViewName("login"); } return mv; } }
bookController.java
import java.util.ArrayList; import java.util.List; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.servlet.ModelAndView; import com.zpc.entity.Book; public class bookController { @RequestMapping(value="/index") public ModelAndView book(ModelAndView mv) { List<Book> books = new ArrayList<Book>(); books.add(new Book(10001,"JavaScript从入门到精通","明日科技")); books.add(new Book(10002,"Ajax从入门到精通","强锋科技")); books.add(new Book(10003,"Spring+MyBatista企业应用实战","疯狂软件")); mv.addObject(books); mv.setViewName("index"); return mv; } }
拦截器类:
MyInterceptor.java
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.springframework.web.servlet.HandlerInterceptor; import org.springframework.web.servlet.ModelAndView; import com.zpc.entity.User; public class MyInterceptor implements HandlerInterceptor { private static final String[] IGNORE_URI = {"/login"}; @Override public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception exception) throws Exception { System.out.println("afterCompletion方法执行了..."); } @Override public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView mv) throws Exception { System.out.println("postHandle方法执行了..."); } @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { System.out.println("preHandle方法执行了..."); boolean flag = false; String servletPath = request.getServletPath(); for(String s : IGNORE_URI) { if(servletPath.contains(s)) { flag = true; break; } } if(flag == false) { User user = (User) request.getSession().getAttribute("user"); if(user == null) { request.setAttribute("error", "您还没有登录,请登录!"); request.getRequestDispatcher("login").forward(request, response); }else { flag = true; } } return flag; } }
SpringMVC配置文件(主要看 定义SpringMVC拦截器):
dispatcher-config.xml
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p" xmlns:context="http://www.springframework.org/schema/context" xmlns:mvc="http://www.springframework.org/schema/mvc" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-4.3.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.3.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.3.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd"> <!-- 启用Spring关于annotation的DI,以便在Spring-MVC中使用Spring强大的功能。激活@Required @Autowired @Resource 等标注 --> <context:annotation-config/> <!-- 1.扩充了注解驱动,可以将请求参数绑定到控制器参数 2.自动注册了RequestMappingHandlerMapping和RequestMappingHandlerAdapter两个bean 3.@NumberFormatannotation支持 4.@DateTimeFormat支持 5.@Valid支持 6.读写XML文件的支持(JAXB) 7.读写JSON的支持 --> <mvc:annotation-driven/> <!-- 定义SpringMVC拦截器 --> <mvc:interceptors> <mvc:interceptor> <!-- 拦截所有请求 --> <mvc:mapping path="/*"/> <bean class="com.zpc.interceptor.MyInterceptor"/> </mvc:interceptor> </mvc:interceptors> <!-- 使用默认的Servlet响应静态文件。如js,css,image等 --> <mvc:default-servlet-handler/> <!-- 只管理Controller类型的bean,忽略其它类型的bean,如@Service --> <context:component-scan base-package="com.zpc.controller" > <context:include-filter type="annotation" expression="org.springframework.stereotype.Controller"/> </context:component-scan> <!-- 对模型视图名称的解析,即在模型视图名称添加前后缀 --> <bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver"/> </beans>
登录页面:
login.jsp
<%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>login</title> </head> <body> <form action="loginForm" method="POST"> <font color="red">${requestScope.error}</font> 用户名:<input type="text" name="username"/><br/> 密 码:<input type="text" name="password"/><br/> <input type="submit" value="登录"/> </form> </body> </html>
结果页:
index.jsp
<%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%> <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>index</title> </head> <body> <h4>欢迎[${sessionScope.user.username}]访问</h4><br/> <table> <tr> <th>编号</th><th>书名</th><th>作者</th> </tr> <c:forEach items="${requestScope.books}" var="book"> <tr> <td>${book.bookId}</td> <td>${book.bookName}</td> <td>${book.author}</td> </tr> </c:forEach> </table> </body> </html>
当在地址栏直接输入http://localhost:8080/interceptor/login时,进入登录页
当在地址栏直接输入http://localhost:8080/interceptor/index时,进入登录页,并提示未登录,说明拦截器起作用了
当在地址栏直接输入http://localhost:8080/interceptor/loginForm时,报404错误,因为我们配置的访问方法为POST方法
相关文章推荐
- SpringMVC拦截器――实现登录验证拦截器的示例代码
- SpringMVC学习笔记2_拦截器实现登录验证
- SpringMVC拦截器实现登录验证的例子
- SpringMVC拦截器(实现登录验证拦截器)
- SpringMVC拦截器(实现登录验证拦截器)
- SpringMVC拦截器(实现登录验证拦截器)
- SpringMVC拦截器实现登录认证(2017修正版)
- springmvc拦截器实现对用户登录状态的判断
- SpringMVC 拦截器实现原理和登录实现
- 用拦截器实现登录验证功能AuthorizationInterceptor
- 基于SSH2框架Struts2拦截器的登录验证实现
- SpringMVC拦截器实现登录控制
- SpringMVC拦截器实现登录
- Springmvc拦截器实现网站非登录不能访问。
- SpringMVC拦截器实现登录认证
- springMVC拦截器进行登录验证
- SpringMVC拦截器实现登录认证
- struts2 实现登录拦截器和验证方法
- 自定义拦截器实现验证登录
- node.js学习笔记(3)-node.js结合mysql数据库实现的web项目中常见功能--登录验证、session传值、拦截器、ajax传值等