拦截器,登录权限控制demo
地址:
https://github.com/sevenyoungairye/spring-mvc-interceptor
1. 拦截器demo
- 什么是拦截器
拦截器基于是aop思想实现的。
针对controller里面的目标方法进行拦截。
对比过滤器是过滤所有请求,及静态资源。
- 创建拦截器 实现HanlderInceptro接口
拦截器1
package cn.bitqian.interceptor;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* spring mvc 拦截器入门
* @author echo lovely
* @date 2020/9/6 17:30
*/
public class MyInterceptor1 implements HandlerInterceptor {
// 在目标方法执行之前执行
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response,
Object handler) throws Exception {
System.out.println("preHandler..");
String param = request.getParameter("param");
if ("yes".equals(param)) {
return true;
}
// 参数错误跳转到错误的页面
request.getRequestDispatcher("/error.jsp").forward(request, response);
// 放行
return false;
}
// 在目标方法执行之后,视图返回之前执行
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response,
Object handler, ModelAndView modelAndView) throws Exception {
// 可以在视图对象返回之前 修改model
if (modelAndView != null) // 如果访问的目标资源没有 ModelAndView返回,会null pointer
modelAndView.addObject("name", "bitQian adorable");
System.out.println("post handler");
}
// 在所有流程执行完后 执行
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
System.out.println("after completion");
}
}
拦截器2
package cn.bitqian.interceptor;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* 拦截器2 与拦截器1构成链
* @author echo lovely
* @date 2020/9/6 21:40
*/
public class MyInterceptor2 implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
System.out.println("pre handle22222...");
return true; // 经过拦截器2 放行
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
System.out.println("post handle222222222...");
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
System.out.println("completion222222...");
}
}
- 配置拦截器
<!-- 拦截器 对controller中的目标方法进行拦截 -->
<mvc:interceptors>
<mvc:interceptor>
<!--对所有目标资源(那些资源)进行拦截-->
<!--<mvc:mapping path="/**"/>-->
<!--<mvc:mapping path="/*"/>-->
<mvc:mapping path="/target1"/>
<bean id="interceptor1" class="cn.bitqian.interceptor.MyInterceptor1"></bean>
</mvc:interceptor>
<!-- 拦截器1与拦截器2构成拦截器链 拦截器配置先后 决定拦截器执行的顺序 -->
<mvc:interceptor>
<mvc:mapping path="/target1"/>
<bean id="interceptor2" class="cn.bitqian.interceptor.MyInterceptor2"></bean>
</mvc:interceptor>
</mvc:interceptors>
- 目标方法(controller)
package cn.bitqian.controller;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.servlet.ModelAndView;
/**
* 测试拦截器
* @author echo lovely
* @date 2020/9/6 17:42
*/
@Controller
public class TargetController {
@RequestMapping("/target1")
public ModelAndView target1() {
ModelAndView modelAndView = new ModelAndView();
// 设置模型
modelAndView.addObject("name", "bitqian");
// 返回视图对象
modelAndView.setViewName("demo1");
System.out.println("target1 目标资源访问..");
return modelAndView;
}
}
- 测试拦截器的拦截效果
未带参数跳转到对应的页面
当我带参数
2. 登录权限控制
- 页面
<%--
Created by IntelliJ IDEA.
User: echo lovely
Date: 2020/9/7
Time: 19:21
用户登录页面
--%>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>login page</title>
</head>
<body>
<form action="user/login" method="post">
用户名:<input type="text" name="userName"/> <br/>
密码:<input type="password" name="password"/> <br/>
<input type="submit" value="login"/>
</form>
</body>
</html>
- user controller
package cn.bitqian.controller;
import cn.bitqian.entity.User;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import javax.servlet.http.HttpSession;
/**
* @author echo lovely
* @date 2020/9/7 19:15
*/
@Controller
@RequestMapping(value = "/user")
public class UserController {
@RequestMapping(value = "/login")
public String login(String userName, String password, HttpSession session) {
if ("bitqian".equals(userName) && "bitqian666".equals(password)) {
User user = new User(userName, password);
// 账号密码正确设置 将用户对象保存到session中
session.setAttribute("user", user);
return "redirect:/index.jsp";
}
System.out.println(userName + "\t" + password);
return "redirect:/login.jsp";
}
}
- 权限控制拦截器
package cn.bitqian.interceptor;
import cn.bitqian.entity.User;
import org.springframework.web.servlet.HandlerInterceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* @author echo lovely
* @date 2020/9/7 19:42
*/
public class AuthorityInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
User user = (User) request.getSession().getAttribute("user");
if (user == null) {
// 未登录跳转到登录页面
response.sendRedirect("login.jsp");
return false;
}
System.out.println("user permission..");
return true;
}
}
- 对目标方法进行拦截,除login
<mvc:interceptors>
<!-- 用户是否登录 作用的拦截器 -->
<mvc:interceptor>
<mvc:mapping path="/**"/>
<!-- 不拦截 login方法-->
<mvc:exclude-mapping path="/user/login"/>
<mvc:exclude-mapping path="/target1"/>
<bean class="cn.bitqian.interceptor.AuthorityInterceptor"></bean>
</mvc:interceptor>
</mvc:interceptors>