思路:配置拦截规则,哪些需要拦截(需要登录才能访问的页面或者用到用户id的都要拦截),在拦截器中获取session,判断session中有没有user对象.有则放行,没有则表示没有登录,进行页面跳转,哪些不需要拦截的页面,如登录页面,主页等
//spring mvc的拦截器 实现HandlerInterceptor类,重写三个方法
public class LoginInterceptor implements
HandlerInterceptor{
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
//1.获取session
HttpSession session = request.getSession();
//2.从session中获取user;返回Object obj
Object obj = session.getAttribute("user");
//3.obj==null,表示没有登录则 重定向到 showLogin.do;return false
if(obj==null){
String path = request.getContextPath()+"/user/showLogin.do";
response.sendRedirect(path);
return false;
}
//4.obj!=null,表示已登录则放行请求return true;
return true;
}
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
ModelAndView modelAndView) throws Exception {
// TODO Auto-generated method stub
}
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
throws Exception {
// TODO Auto-generated method stub
}
}
xml里配置拦截规则
<mvc:interceptors>
<mvc:interceptor>
<!--需要拦截的请求路径-->
<mvc:mapping path="/user/*"/>
<mvc:mapping path="/address/*"/>
<mvc:mapping path="/cart/*"/>
<!--不需要拦截的请求-->
<mvc:exclude-mapping path="/user/register.do"/>
<mvc:exclude-mapping path="/user/login.do"/>
<bean class="cn.hu.interceptor.LoginInterceptor"/>
</mvc:interceptor>
</mvc:interceptors>
控制层获取session(便于使用登录用户的id)
//需要用到userid的控制层,直接继承此类就可以,方便减少重复代码
public class SessionController {
public Integer getId(HttpSession session){
User user = (User)session.getAttribute("user");
if(user!=null){
return user.getId();
}else{
return null;
}
}
}