使用拦截器实现用户登录权限验证
项目结构
User实体代码
package com.springmvc.entity;
public class User {
private String loginName;
private String password;
public String getLoginName() {
return loginName;
}
public void setLoginName(String loginName) {
this.loginName = loginName;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
}
Controller代码:
package com.springmvc.controller;
import javax.servlet.http.HttpSession;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import com.springmvc.entity.User;
@Controller
public class UserController {
//向用户页面登录跳转的方法
@RequestMapping(value="/toLogin",method=RequestMethod.GET)
public String loginPage() {
return "login";
}
//用户实现登录的方法
@RequestMapping(value="/login",method=RequestMethod.POST)
public String login(User user,Model model,HttpSession session) {
String loginName=user.getLoginName();
String password=user.getPassword();
if(loginName!=null && password!=null && loginName.equals("admit") && password.equals("123")) {
System.out.println("登录功能实现!");
session.setAttribute("CURRENT_USER", user);
return "redirect:index";
}
model.addAttribute("message", "账号或密码错误!");
return "login";
}
//向主页跳转的方法
@RequestMapping(value="/index")
public String indexPage() {
return "index";
}
//用户退出登录的方法
@RequestMapping(value="/logout")
public String logout(HttpSession session) {
session.invalidate();
return "redirect:toLogin";
}
}
拦截器代码:
package com.springmvc.interceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
public class LoginInterceptor implements HandlerInterceptor{
@Override
public void afterCompletion(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, Exception arg3)
throws Exception {
// TODO Auto-generated method stub
}
@Override
public void postHandle(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, ModelAndView arg3)
throws Exception {
// TODO Auto-generated method stub
}
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
// TODO Auto-generated method stub
String url = request.getRequestURI();
System.out.println(url);
if(!(url.contains("Login")||url.contains("login"))) {//如果不是登录操作,判断是否有用户数据
if(request.getSession().getAttribute("CURRENT_USER")!=null) {
return true;//有用户数据,说明登录成功
}else {
request.setAttribute("message", "您还没登录,请先登录!");
request.getRequestDispatcher("/pages/login.jsp").forward(request, response);
return false;
}
}else {
return true;
}
}
}
spring配置文件代码:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:p="http://www.springframework.org/schema/p"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-4.3.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.3.xsd">
<context:component-scan base-package="com.springmvc.*"></context:component-scan>
<mvc:annotation-driven/>
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/pages/"></property>
<property name="suffix" value=".jsp"></property>
</bean>
<!-- 配置拦截器信息 -->
<mvc:interceptors>
<mvc:interceptor>
<mvc:mapping path="/**"/>
<bean class="com.springmvc.interceptor.LoginInterceptor"/>
</mvc:interceptor>
</mvc:interceptors>
</beans>
index.jsp代码:
<%@ page language="java" contentType="text/html; charset=utf-8"
pageEncoding="utf-8"%>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>index</title>
</head>
<body>
欢迎,${sessionScope.CURRENT_USER.loginName }|
<a href="${pageContext.request.contextPath }/logout">退出</a>
</body>
</html>
login.jsp代码:
<%@ page language="java" contentType="text/html; charset=utf-8"
pageEncoding="utf-8"%>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>login</title>
</head>
<body>
<font color="red">${requestScope.message }</font><br><br>
<form action="${pageContext.request.contextPath }/login"method="post">
账号:<input type="text" name="loginName"><br><br>
密码:<input type="password" name="password"><br><br>
<input type="submit" value="登录"><br><br>
</form>
</body>
</html>
运行效果: