温故而知新。从其他页面访问时,如直接访问index页面,勾选过自动登录,从session/cookie获取用户信息,没有勾选,从session中获取用户信息,需要使用filter过滤器
工程结构,采用gradle构建:
public class User { private String username; private String password; public User() { } public User(String username, String password) { this.username = username; this.password = password; } public String getUsername() { return username; } public void setUsername(String username) { this.username = username; } public String getPassword() { return password; } public void setPassword(String password) { this.password = password; } @Override public String toString() { return "User{" + "username='" + username + '\'' + ", password='" + password + '\'' + '}'; } }
import com.yz.filter.LoginFilter; import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; /** * @description: springboot 登录拦截器配置 * @author: yz * @create: 2018/11/7 18:11 */ @Configuration public class LoginFilterConfig { @Bean public FilterRegistrationBean registrationBean(){ FilterRegistrationBean bean = new FilterRegistrationBean(); bean.setFilter(new LoginFilter()); bean.addUrlPatterns("/*"); return bean; } }
import com.yz.bean.User; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.servlet.ModelAndView; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; /** * @description: 自动登录 * @author: yz * @create: 2018/11/7 16:07 */ @Controller public class UserController { @GetMapping("login") public String login(){ return "login"; } @GetMapping("index") public String index(){ return "index"; } /** * @param request * @param response * @param user * @param auto * @return */ @PostMapping("user_login") public ModelAndView userLogin(HttpServletRequest request,HttpServletResponse response,User user, String auto){ ModelAndView mv = new ModelAndView("redirect:login"); HttpSession session = request.getSession(); // 登录成功 if("admin".equals(user.getUsername()) && "123456".equals(user.getPassword())){ // 存值 session.setAttribute("user",user); // 判断是否勾选自动登录 if("on".equals(auto)){ System.out.println("有勾选自动登录"); // 将用户账号密码保存到cookie中 Cookie cookie = new Cookie("account",user.getUsername()+"#"+user.getPassword()); cookie.setMaxAge(60*60*24*7); response.addCookie(cookie); } // 跳转 mv.setViewName("redirect:index"); return mv; } // 登录失败 session.setAttribute("msg","用户名或者密码错误!"); // 跳转到登录页面,显示数据 return mv; } }
import com.yz.bean.User; import javax.servlet.*; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import java.io.IOException; /** * @description: 登录拦截器 * 单独使用时,放开注解;使用拦截器配置时注掉注解 * @author: yz * @create: 2018/11/7 17:34 */ //@WebFilter("/*") //@Component //@Order public class LoginFilter implements Filter { @Override public void init(FilterConfig filterConfig) throws ServletException { } /** * 有登录(session or cookie中有用户数据)放行,没有登录就去登录页面 * @param request * @param response * @param chain * @throws IOException * @throws ServletException */ @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { System.out.println("来到过滤器了。~!~开始拦截请求"); HttpServletRequest req = (HttpServletRequest) request; HttpServletResponse resp = (HttpServletResponse) response; // 如果是登录有关操作的,不拦截 String path = req.getRequestURI(); System.out.println("path:"+path); if (path.contains("login") || path.endsWith(".ico")){ // 放行 chain.doFilter(request,response); return; } boolean isLogin = false; // 1. session还有效 HttpSession session = req.getSession(); User user = (User) session.getAttribute("user"); if(user != null){ isLogin = true; }else{ // 2.session失效,看cookie // 获取cookie,遍历cookie,拿到账号密码进行判断,对了放行,并将用户对象存储到session中 Cookie[] cookies = req.getCookies(); if(cookies !=null){ for (Cookie cookie : cookies) { // account=admin#123456; if("account".equals(cookie.getName())){ String[] accountArray = cookie.getValue().split("#"); if("admin".equals(accountArray[0]) && "123456".equals(accountArray[1])){ // 登录成功 , 将用户对象保存到session中,以便在会话有效期内访问,都会放行。 user = new User(accountArray[0], accountArray[1]); req.getSession().setAttribute("user" , user); isLogin = true; } } } } } // 统一对isLogin判断 if(isLogin){ chain.doFilter(request,response); }else{ resp.sendRedirect("login"); } } @Override public void destroy() { } }
import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; /** * @description: * @author: yz * @create: 2018/11/7 16:07 */ @SpringBootApplication public class LoginApp { public static void main(String [] args){ SpringApplication.run(LoginApp.class , args); } }
index.html
<!DOCTYPE html> <html xmlns:th="http://www.thymeleaf.org" > <head> <meta charset="UTF-8"/> <title>Title</title> </head> <body> <h2>欢迎您,<span th:text="${session.user.username}"></span></h2> </body> </html>
login.html
<!DOCTYPE html> <html xmlns:th="http://www.w3.org/1999/xhtml"> <head> <meta charset="UTF-8"/> <title>Title</title> </head> <body> <h2>登录页面</h2> <form action="user_login" method="post"> 用户名: <input type="text" name="username"/><br/> 密 码: <input type="password" name="password"/><br/> <input type="checkbox" name="auto"/>自动登录<br/> <input type="submit" value="登录"/> <!--用户名或者密码错误!!!--> <span style="color:red" th:text="${session.msg}"></span> </form> </body> </html>
application.properties
server.port=8089
build.gradle
plugins { id 'java' } group 'com.yz' version '1.0-SNAPSHOT' sourceCompatibility = 1.8 repositories { mavenCentral() } dependencies { testCompile group: 'junit', name: 'junit', version: '4.12' compile("org.springframework.boot:spring-boot-starter-web:1.5.10.RELEASE") compile("org.thymeleaf:thymeleaf-spring4:2.1.4.RELEASE") }