1.创建 AuthIntercepter并实现spring的HandlerInterceptor接口
public class AuthIntercepter implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse httpServletResponse, Object o) throws Exception {
Map<String, String[]> map = request.getParameterMap();
map.forEach((k,v) -> {
if (k.equals(“errorMsg”) || k.equals(“successMsg”) || k.equals(“target”)) {
request.setAttribute(k, Joiner.on(",").join(v));
}
});
String requestUri = request.getRequestURI();//获取请求路径
if (requestUri.startsWith("/static") || requestUri.startsWith("/error")) {//如果访问的是静态资源 不拦截请求
return true;
}
//获取当前用户
HttpSession session = request.getSession(true);
User user = (User) session.getAttribute(CommonConstants.USER_ATTRIBUTE);
if (user != null) {
UserContext.setUser(user);
}
return true;
}
@Override
public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception {
}
@Override
public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception {
UserContext.remove();
}
}该拦截器主要是拦截除了静态资源的所有请求 把用户信息保存在ThreadLocal里
2.创建AuthActionIntercepter并实现spring的HandlerInterceptor接口
public class AuthActionIntercepter implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object o) throws Exception {
User user = UserContext.getUser();
if(user==null){//重定向到登陆页面 并且记录当前页面路径
String msg= URLEncoder.encode(“请先登录”,“utf-8”);
String target=URLEncoder.encode(request.getRequestURI(),“utf-8”);
if(“GET”.equalsIgnoreCase(request.getMethod())){//get 请求参数以问号的形式存在
response.sendRedirect("/accounts/signin?errorMsg="+msg+"&target="+target);
}else{
response.sendRedirect("/accounts/signin?errorMsg="+msg);
}
}
return false;
}
@Override
public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception {
}
@Override
public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception {
}
}
该接口主要是拦截所有需要登录的请求
3.让拦截器生效起作用
@Configuration
public class WebMvcConf extends WebMvcConfigurerAdapter {
@Autowired
private AuthIntercepter authIntercepter;
@Autowired
private AuthActionIntercepter authActionIntercepter;
@Override
public void addInterceptors(InterceptorRegistry registry) {
//设置要拦截的路径 拦截除了/static的所有请求
registry.addInterceptor(authIntercepter).excludePathPatterns("/static").addPathPatterns("/**");
//拦截需要登录的请求
registry.addInterceptor(authActionIntercepter).addPathPatterns("/accounts/profile");
}
}