1.前端页面:
main.jsp:
<body>
<h1>首页</h1>
${msg}
<p>
<a href="${pageContext.request.contextPath}/user/exit">注销</a>
</p>
</body>
index.jsp:
<body>
<a href="${pageContext.request.contextPath}/user/toLogin">登陆页面</a>
<a href="${pageContext.request.contextPath}/user/main">主页</a>
</body>
login.jsp:
<body>
<form action="${pageContext.request.contextPath}/user/login" method="post">
用户名:<input type="text" name="username">
密 码: <input type="text" name="password">
<input type="submit" value="提交">
</form>
</body>
2.编写controller:
@Controller
@RequestMapping("/user")
public class TestController {
@RequestMapping("/main")
public String main(HttpSession session,Model model){
String str = (String) session.getAttribute("user");
model.addAttribute("msg",str);
return "main";
}
@RequestMapping("/toLogin")
public String toLogin(HttpSession session){
if (session.getAttribute("user")!=null){
System.out.println("无需登录");
return "redirect:main";
}
return "login";
}
@RequestMapping("/login")
public String login(HttpSession session,String username, String password, Model model){
if (session.getAttribute("user")==null){
return "redirect:toLogin";
}
System.out.println("登录名:"+username+";密码:"+password);
session.setAttribute("user",username);
model.addAttribute("msg",username);
return "main";
}
@RequestMapping("/exit")
public String exit(HttpSession session){
session.removeAttribute("user");
return "main";
}
}
3.编写拦截器:
public class LoginInterceptor implements HandlerInterceptor {
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
HttpSession session = request.getSession();
// //登录页面会放行
// if (request.getRequestURI().contains("goLogin")){
// return true;
// }
// if (request.getRequestURI().contains("login")){
// return true;
// }
//第一次登陆没有session
if (session.getAttribute("user") !=null){
return true;
}
//其他情况不放行
request.getRequestDispatcher("/WEB-INF/jsp/login.jsp").forward(request,response);
return false;
}
}
4.在XML中配置:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context
https://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc.xsd">
<context:component-scan base-package="com.mi.controller"/>
<mvc:default-servlet-handler />
<mvc:annotation-driven />
<mvc:default-servlet-handler/>
<!--处理器映射器-->
<bean class="org.springframework.web.servlet.handler.BeanNameUrlHandlerMapping"/>
<!--处理器适配器-->
<bean class="org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter"/>
<!--视图解析器-->
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver" id="internalResourceViewResolver">
<!--前缀-->
<property name="prefix" value="/WEB-INF/jsp/"/>
<!--后缀-->
<property name="suffix" value=".jsp"/>
</bean>
<mvc:annotation-driven>
<mvc:message-converters register-defaults="true">
<bean class="org.springframework.http.converter.StringHttpMessageConverter">
<constructor-arg value="UTF-8"/>
</bean>
<bean class="org.springframework.http.converter.json.MappingJackson2HttpMessageConverter">
<property name="objectMapper">
<bean class="org.springframework.http.converter.json.Jackson2ObjectMapperFactoryBean">
<property name="failOnEmptyBeans" value="false"/>
</bean>
</property>
</bean>
</mvc:message-converters>
</mvc:annotation-driven>
<!--拦截器配置-->
<mvc:interceptors>
<mvc:interceptor>
<!--/**表示拦截所有-->
<mvc:mapping path="/user/**"/>
<mvc:exclude-mapping path="/user/login"/>
<mvc:exclude-mapping path="/user/toLogin"/>
<bean class="com.mi.config.LoginInterceptor"/>
</mvc:interceptor>
</mvc:interceptors>
</beans>
这种拦截方式无法防止直接进入/user/login的越权问题,建议login不存在usercontroller下或者请求路径不为/user/login,就不会被拦截器所拦截