利用springmvc中的攔截器如何實現一個登錄驗證功能
這期內容當中小編將會給大家帶來有關利用springmvc中的攔截器如何實現一個登錄驗證功能�����,文章內容豐富且以專業的角度為大家分析和敘述���,閱讀完這篇文章希望大家可以有所收獲�����。
在spring-mvc.xml中配置攔截器:
<mvc:interceptors>
<mvc:interceptor>
<mvc:mapping path="/user/*"/>
<!-- 定義在mvc:interceptor下面的表示是對特定的請求才進行攔截的 -->
<bean class="com.wyb.interceptor.LoginInterceptor"/>
</mvc:interceptor>
</mvc:interceptors>
如上所示����,這里配置了LoginIntercepter,為了簡單起見�,該過濾器只攔截了URL為"/user/*"的請求�����。
要攔截的請求對應控制器如下:
import java.util.ArrayList;
import java.util.List;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import com.wyb.domain.User;
import com.wyb.service.IUserService;
import com.wyb.service.impl.UserServiceImpl;
@Controller
@RequestMapping("/user")
public class UserController {
private static final Logger LOG=Logger.getLogger(UserController.class);
@Autowired
private IUserService userService;
@RequestMapping("/showAllUser")
public String showAllUser(Model m){
List<User> userlist=new ArrayList<User>();
userlist=userService.findAllUser();
for(User user :userlist){
System.out.println(user.getUserName());
}
return "/jsp/showAllUser";
}
}這里的showAllUser()方法是為了輸出所有的用戶��,為了表明執行了方法���,將所有用戶在后臺打印�,URL為:http://localhost:8080/TestSSM/user/showAllUser�����,可見該URL肯定會被LoginIntercepter攔截�����。
測試頁面showAllUser.jsp如下:
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>show All User</title>
</head>
<body>
this is showAllUser Page!!!
</body>
</html>
LoginIntercepter如下:
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import com.wyb.domain.User;
public class LoginInterceptor implements HandlerInterceptor{
@Override
public void afterCompletion(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, Exception arg3)
throws Exception {
System.out.println("this is afterCompletion of LoginInterceptor");
}
@Override
public void postHandle(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, ModelAndView arg3)
throws Exception {
System.out.println("this is postHandle of LoginInterceptor");
}
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object arg2) throws Exception {
// TODO Auto-generated method stub
System.out.println("this is preHandle of LoginInterceptor");
HttpSession session=request.getSession();
User user=(User)session.getAttribute("user");
if(user==null){
System.out.println("no user in LoginInterceptor!!!");
request.getRequestDispatcher("/WEB-INF/jsp/login.jsp").forward(request, response);
}
//返回true代表繼續往下執行
return true;
}
} 這里我犯了一個錯誤�����,聰明的小伙伴也許已經看出來了���,如果按照上面的代碼�����,當我們訪問:http://localhost:8080/TestSSM/user/showAllUser結果如下:
咋一看���,成功攔截了����,輸入用戶名信息�,正常跳轉到主頁���,再次進入http://localhost:8080/TestSSM/user/showAllUser如下:
頁面正常輸出���,已經記錄了session���,不會被再次攔截�����,看似成功了��,可是看看后臺輸出:
有沒有發現��,我們執行了兩次showAllUser()方法�,可見第一次訪問雖然被攔截器攔截了下來進入登錄頁面��,但后臺已經悄悄執行了showAllUser()����。為什么呢��?我們回頭再看看LoginIntercepter.java,尤其是preHandle()方法:
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object arg2) throws Exception {
// TODO Auto-generated method stub
System.out.println("this is preHandle of LoginInterceptor");
HttpSession session=request.getSession();
User user=(User)session.getAttribute("user");
if(user==null){
System.out.println("no user in LoginInterceptor!!!");
request.getRequestDispatcher("/WEB-INF/jsp/login.jsp").forward(request, response);
}
//返回true代表繼續往下執行
return true;
}在判斷user為空后�����,雖然執行了頁面跳轉���,但是程序還是會繼續執行����,最后返回true�,返回true意味著�����,被攔截的業務邏輯可以繼續往下執行�����,因此��,雖然表面上被攔截了�����,但從本質上來說并沒有攔截到���。因此需要修改如下:
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object arg2) throws Exception {
// TODO Auto-generated method stub
System.out.println("this is preHandle of LoginInterceptor");
HttpSession session=request.getSession();
User user=(User)session.getAttribute("user");
if(user==null){
System.out.println("no user in LoginInterceptor!!!");
request.getRequestDispatcher("/WEB-INF/jsp/login.jsp").forward(request, response);
//本次訪問被攔截��,業務邏輯不繼續執行
return false;
}
//返回true代表繼續往下執行
return true;
}user為空��,跳轉后�����,返回false��,就不會執行被攔截的業務邏輯了����,修改后后臺輸出如下:
現在后臺正常輸出�,且session保存了user信息后�����,才能執行showAllUser()方法�,大功告成����!
上述就是小編為大家分享的利用springmvc中的攔截器如何實現一個登錄驗證功能了��,如果剛好有類似的疑惑�����,不妨參照上述分析進行理解����。如果想知道更多相關知識����,歡迎關注億速云行業資訊頻道�����。
