springmvc interceptor, does not intercept jsp files

Others 2022-04-23 03:53:08 views: 0

The interceptor of spring mvc only intercepts the controller and does not intercept the jsp file. If the jsp file is not intercepted, it will also bring security problems to the system.

There are two solutions:

1. Put all jsp files into the WEB-INF folder, so that users cannot directly access the jsp files under the WEB-INF file. The concept of spring mvc is also to request related jsp pages through @RequestMapping in the controller, instead of users directly accessing the jsp pages.

Next, write the relevant configuration

Add in springmvc.xml

<mvc:interceptors>
        <mvc:interceptor>
            <mvc:mapping path="/**"/>

            <mvc:exclude-mapping path="/admin/login.do"/><!--Exclude interception page-->
            <bean class="com.ms.controller.LoginInterceptor"></bean>
        </mvc:interceptor>
    </mvc:interceptors>
public class LoginInterceptor implements HandlerInterceptor {

    public void afterCompletion(HttpServletRequest arg0,
            HttpServletResponse arg1, Object arg2, Exception arg3)
            throws Exception {
        // TODO Auto-generated method stub

    }

    public void postHandle(HttpServletRequest arg0, HttpServletResponse arg1,
            Object arg2, ModelAndView arg3) throws Exception {
        // TODO Auto-generated method stub

    }

    public boolean preHandle(HttpServletRequest req, HttpServletResponse res,
            Object handler) throws Exception {
        HttpSession session=req.getSession();
        Object obj=session.getAttribute("userId");
        if(obj==null||obj.toString().equals("")){
            req.getRequestDispatcher("/admin/login.do").forward(req, res);
            return false;
        }
        return true;
    }
}
at the controller layer 
@Controller
@RequestMapping("/admin")
public class AdminController {
    
    
    @RequestMapping("/login")  
    public String login(){
        return "/WEB-INF/jsp/admin/login.jsp";
    }
}

The above can solve the problem of spring mvc intercepting jsp pages

2. There is another solution: if the jsp is not placed in the WEB-INF file, spring mvc cannot intercept it. In this case, the most primitive servlet Filter interface needs to be used. For details, please refer to

The following blog will not repeat them.

http://blog.csdn.net/lsx991947534/article/details/45499205 http://blog.csdn.net/lsx991947534/article/details/45499205









Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=325428421&siteId=291194637
Recommended
Ranking
#2019110700005
What materials and procedures are required for patent transfer
What is the blockchain Ethereum triplet state root transaction root receipt root
Front-end study notes 04 --- About the insertion of html pictures and videos
Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries
2017 Qingdao-site tournament I The Squared Mosquito Coil
[BZOJ3165][HEOI2013]Segment (line segment tree without marking)
Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju
The latest tutorial on making framework for iOS
DAX Section 6: Statistical Functions
Daily
More
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)

Code World

© 2018 codetd.com