SpringBoot 配置登陆拦截器
说明:
添加拦截器,当用户没有登录时,不允许访问其他页面,跳转到登录页面.
原理:
用户打开网站,进行url拦截,将登录的某一字段存入session中,在AuthInterceptor类中判断session某一字段是否为空,为空则跳转到登录页面,不为空则放行.登录后可访问其他页面
此篇是基于以下文章继续创作。
1.1 搭建SpringBoot脚手架
1.2 搭建SpringBoot脚手架注解及标签说明
1.3 SpringBoot 整合热部署
1.4 SpringBoot 整合Thymeleaf
1.5 SpringBoot 整合Mybatis
目录
1.1 文件结构
| 模块 | 配置项 | 示例代码 |
|---|---|---|
| 定义一个类实现HandlerInterceptor接口 | AuthInterceptor.java | 1.3 |
| 定义一个类继承WebMvcConfigurerAdapter 类 | WebConfig.java | 1.4 |
| 登录时向session中增加校验属性 | BkLogin.java | 1.5 |
1.2 文字介绍
1.3 AuthInterceptor.java
package org.hy.nrs.config;
import java.io.PrintWriter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
public class AuthInterceptor implements HandlerInterceptor{
/**
* 登陆拦截器
* 在请求处理之前进行调用(Controller方法调用之前)
*/
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
System.out.println("preHandle");
HttpSession session = request.getSession();
if (session.getAttribute("XIAOYAN") != "XIAOYAN") {
//校验登录标记
PrintWriter out = response.getWriter();
out.println("<html>");
out.println("<script>");
out.println("window.open ('"+request.getContextPath()+"/backagelogin.html','_top')");
out.println("</script>");
out.println("</html>");
return false;
//如果设置为false时,被请求时,拦截器执行到此处将不会继续操作
//如果设置为true时,请求将会继续执行后面的操作
}
return true;
}
/**
* 请求处理之后进行调用,但是在视图被渲染之前(Controller方法调用之后)
*/
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
ModelAndView modelAndView) throws Exception {
// TODO Auto-generated method stub
}
/**
* 在整个请求结束之后被调用,也就是在DispatcherServlet 渲染了对应的视图之后执行(主要是用于进行资源清理工作)
*/
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
throws Exception {
// TODO Auto-generated method stub
}
}
1.4 WebConfig.java
package org.hy.nrs.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
@Configuration
public class WebConfig extends WebMvcConfigurerAdapter{
/**
* 静态资源配置
*/
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("/static/**").addResourceLocations("classpath:/static/");
registry.addResourceHandler("/templates/**").addResourceLocations("classpath:/templates/");
}
/**
* 登陆拦截器配置
*/
@Override
public void addInterceptors(InterceptorRegistry registry){
registry.addInterceptor(new AuthInterceptor())
.addPathPatterns("/catalog", "/editpwd", "/selfmsg", "/table",
"/upload.html", "/catalog.html", "/editpwd.html", "/selfmsg.html",
"/table.html", "/upload", "/getFolderPath")
.excludePathPatterns("/static/**"); //过滤掉静态资源
}
}
1.5 BkLoginController.java
//用于权限验证
HttpServletRequest request ; request.getSession().setAttribute("XIAOYAN", "XIAOYAN");