Description of Requirement:
When a user visits a page that requires authentication and login, if the user is not logged in,
Then jump to the system login page. After successful login, jump to the page that the user visited before.
Implementation steps:
1. Create a new login interceptor: LoginInterceptor.java, pay attention to the @Component annotation at the top of the interceptor
package com.rc.controller;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.net.URLEncoder;
@Component
public class LoginInterceptor implements HandlerInterceptor {
private static final String LOGIN_URL = "/login";
@Override
public void postHandle(HttpServletRequest request,
HttpServletResponse response, Object handler,
ModelAndView modelAndView) throws Exception {
}
@Override
public void afterCompletion(HttpServletRequest request,
HttpServletResponse response, Object handler, Exception ex)
throws Exception {
}
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response,
Object handler) throws Exception {
Object username = request.getSession().getAttribute("username");
if (username == null || "".equals(username.toString())) {
//构造登录成功后跳转页面
String path = request.getRequestURI();
String parm = request.getQueryString();
String returnUrl = path;
if (parm != null && !parm.equals("")) {
returnUrl = path + "?" + parm;
}
//重定向到登录页,附加returnurl参数
response.sendRedirect(
request.getSession().getServletContext()
.getContextPath()
+ LOGIN_URL + "?returnurl=" + URLEncoder.encode(returnUrl)
);
return false;
}
return true;
}
}
In the sample code, the session is used to verify whether the user is logged in.
2. Create a new configuration class for login filters: LoginConfiguration.java
package com.rc.controller;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@Configuration
public class LoginConfiguration implements WebMvcConfigurer {
public final LoginInterceptor LoginInterceptor;
public LoginConfiguration(LoginInterceptor loginInterceptor) {
this.LoginInterceptor = loginInterceptor;
}
@Override
public void addInterceptors(InterceptorRegistry registry) {
//添加对用户未登录的拦截器,并添加排除项
registry.addInterceptor(LoginInterceptor).addPathPatterns("/**")
.excludePathPatterns("/content/**")//排除样式、脚本、图片等资源文件
.excludePathPatterns("/login","/login-form")
.excludePathPatterns("/", "/index");
}
}Here you can specify which paths require login verification and which paths do not require login verification. I am using the Spring MVC 2.7.6 version here, which can be configured through code without configuring the xml file.
Attached:
1. Login Controller reference code:
package com.rc.controller;
import com.rc.model.AjaxResult;
import com.rc.model.ConnectionInfo;
import com.rc.util.SqlServerHelper;
import org.apache.tomcat.Jar;
import org.json.JSONArray;
import org.json.JSONObject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import javax.servlet.http.HttpServletRequest;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
@Controller
public class HomeController extends BaseController {
@RequestMapping("/")
public String index() {
return "/login";
}
@RequestMapping("/index")
public String index2() {
return "/login";
}
@RequestMapping("/login")
public String login() {
return "/login";
}
@RequestMapping("/logout")
public String logout(HttpServletRequest request) {
request.getSession().setAttribute("username", "");
return "/login";
}
@RequestMapping("/login-form")
@ResponseBody
public String loginfrom(HttpServletRequest request) {
String name = request.getParameter("name");
String pass = request.getParameter("pass");
AjaxResult result = new AjaxResult();
if (name == null || name.equals("")) {
result.setIsSuccess(false);
result.setBody("抱歉,用户名不能为空!");
return new JSONObject(result).toString();
}
if (pass == null || pass.equals("")) {
result.setIsSuccess(false);
result.setBody("抱歉,密码不能为空!");
return new JSONObject(result).toString();
}
ConnectionInfo con = new ConnectionInfo();
con.setServer("192.168.1.1");
con.setDbName("******");
con.setPort("1433");
con.setUserName("******");
con.setPassword("******");
SqlServerHelper sql = InitSqlServer(con);
pass = getMD5Str(pass);
String json = sql.QueryJson("select * from Usertable where username=? and psw=?", new String[]{name, pass});
if (json != null) {
try {
JSONArray arr = new JSONArray(json);
if (arr.length() > 0) {
JSONObject o = arr.getJSONObject(0);
result.setIsSuccess(true);
result.setBody("验证通过");
request.getSession().setAttribute("username", o.getString("username"));
return new JSONObject(result).toString();
} else {
result.setIsSuccess(false);
result.setBody("抱歉,用户名或密码错误!");
return new JSONObject(result).toString();
}
} catch (Exception ex) {
result.setIsSuccess(false);
result.setBody("抱歉,请求异常" + ex.getMessage());
return new JSONObject(result).toString();
}
} else {
result.setIsSuccess(false);
result.setBody("抱歉,用户名或密码错误!");
return new JSONObject(result).toString();
}
}
public static String getMD5Str(String str) {
byte[] digest = null;
try {
MessageDigest md5 = MessageDigest.getInstance("md5");
digest = md5.digest(str.getBytes("utf-8"));
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
//16是表示转换为16进制数
String md5Str = new BigInteger(1, digest).toString(16);
return md5Str;
}
public static SqlServerHelper InitSqlServer(ConnectionInfo con) {
String connection = "jdbc:sqlserver://" + con.getServer() + ":" + con.getPort() + ";DatabaseName=" + con.getDbName();
String userName = con.getUserName();
String password = con.getPassword();
SqlServerHelper helper = new SqlServerHelper(connection, userName, password);
return helper;
}
}
2.SqlServerHelper.java
package com.rc.util;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.ResultSetMetaData;
import java.sql.SQLException;
import java.sql.Statement;
import javax.sql.RowSet;
import javax.sql.rowset.CachedRowSet;
import javax.sql.rowset.RowSetFactory;
import javax.sql.rowset.RowSetProvider;
import org.json.JSONObject;
public class SqlServerHelper {
private String _connection;
private String _userName;
private String _password;
/**
* 构造函数,传入数据库地址和账户信息
*
* @param connection 如:jdbc:sqlserver://localhost:1433;DatabaseName=Test
* @param userName 如:sa
* @param password 如:123456
*/
public SqlServerHelper(String connection, String userName, String password) {
_connection = connection;
_userName = userName;
_password = password;
}
private Connection getConnection() {
try {
Class.forName("com.microsoft.sqlserver.jdbc.SQLServerDriver");
Connection conn = (Connection) DriverManager.getConnection(_connection, _userName, _password);
return conn;
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
private void closeCon(Connection conn, PreparedStatement pstm, ResultSet rs) {
try {
if (conn != null) {
conn.close();
}
if (pstm != null) {
pstm.close();
}
if (rs != null) {
rs.close();
}
} catch (Exception e) {
e.printStackTrace();
throw new RuntimeException(e);
}
}
public RowSet Query(String sql, String[] params) {
Connection conn = null;
PreparedStatement pstm = null;
try {
conn = getConnection();
pstm = conn.prepareStatement(sql);
if (params != null) {
for (int i = 0; i < params.length; i++) {
pstm.setString(i + 1, params[i]);
}
}
ResultSet rs = pstm.executeQuery();
RowSetFactory factory = RowSetProvider.newFactory();
CachedRowSet cachedRs = factory.createCachedRowSet();
// 使用ResultSet装填RowSet
cachedRs.populate(rs);
rs.close();
pstm.close();
conn.close();
return cachedRs;
} catch (Exception e) {
e.printStackTrace();
} finally {
closeCon(conn, pstm, null);
}
return null;
}
/**
* 执行单个数据库操作 Insert,Update,Delete
*
* @return 成功执行的记录数
*/
public Integer Update(String sql, String[] params) {
Connection conn = null;
PreparedStatement pstm = null;
try {
conn = getConnection();
pstm = conn.prepareStatement(sql);
if (params != null) {
for (int i = 0; i < params.length; i++) {
pstm.setString(i + 1, params[i]);
}
}
return pstm.executeUpdate();
} catch (Exception e) {
e.printStackTrace();
return -1;
} finally {
closeCon(conn, pstm, null);
}
}
/**
* 执行多个数据库操作,包含事务处理功能
*
* @return 如果事务执行成功返回1,如果事务执行不成功返回0
*/
public Integer Update(String[] sqls, String[][] params) {
Connection conn = null;
PreparedStatement pstm = null;
try {
conn = getConnection();
// 禁止自动提交事务
conn.setAutoCommit(false);
for (int i = 0; i < sqls.length; i++) {
pstm = conn.prepareStatement(sqls[i]);
if (params != null) {
for (int j = 0; j < params[i].length; j++) {
pstm.setString(j + 1, params[i][j]);
}
}
pstm.executeUpdate();
}
conn.commit();
return 1;
} catch (Exception e) {
e.printStackTrace();
try {
conn.rollback();
} catch (Exception e2) {
e2.printStackTrace();
}
return 0;
} finally {
closeCon(conn, pstm, null);
}
}
/**
* 执行SQL语句,返回JSON结果(不带参数)
*/
public String QueryJson(String sql) {
Connection conn = getConnection();
Statement stmt;
try {
stmt = conn.createStatement();
ResultSet rs = stmt.executeQuery(sql);
String json;
try {
json = resultSetToJson(rs);
return json;
} catch (Exception e) {
rs.close();
stmt.close();
conn.close();
e.printStackTrace();
return e.getMessage();
}
} catch (SQLException e) {
e.printStackTrace();
return e.getMessage();
}
}
/**
* 执行SQL语句,返回JSON结果(带参数)
*/
public String QueryJson(String sql, String[] params) {
Connection conn = null;
PreparedStatement pstm = null;
try {
conn = getConnection();
pstm = conn.prepareStatement(sql);
if (params != null) {
for (int i = 0; i < params.length; i++) {
pstm.setString(i + 1, params[i]);
}
}
ResultSet rs = pstm.executeQuery();
String json = resultSetToJson(rs);
return json;
} catch (Exception e) {
e.printStackTrace();
return e.toString();
} finally {
closeCon(conn, pstm, null);
}
}
public Object ExecuteScalar(String sql) {
Object value = null;
RowSet rs;
try {
rs = Query(sql);
if (rs != null) {
rs.next();
value = rs.getObject(1);
}
return value;
} catch (SQLException e) {
e.printStackTrace();
return null;
}
}
public Object ExecuteScalar(String sql, String[] params) {
Object value = null;
try {
RowSet rs = Query(sql, params);
if (rs != null) {
rs.next();
value = rs.getObject(1);
return value;
}
} catch (Exception e) {
return value;
}
return value;
}
public RowSet Query(String sql) {
Connection conn = getConnection();
Statement stmt;
try {
stmt = conn.createStatement();
ResultSet rs = stmt.executeQuery(sql);
RowSetFactory factory = RowSetProvider.newFactory();
CachedRowSet cachedRs = factory.createCachedRowSet();
cachedRs.populate(rs);
rs.close();
stmt.close();
conn.close();
return cachedRs;
} catch (SQLException e) {
e.printStackTrace();
return null;
}
}
public String resultSetToJson(ResultSet rs) throws SQLException, Exception {
org.json.JSONArray array = new org.json.JSONArray();
ResultSetMetaData metaData = rs.getMetaData();
int columnCount = metaData.getColumnCount();
while (rs.next()) {
JSONObject jsonObj = new JSONObject();
for (int i = 1; i <= columnCount; i++) {
String columnName = metaData.getColumnLabel(i);
String value = rs.getString(columnName);
jsonObj.put(columnName, value);
}
array.put(jsonObj);
}
String json = array.toString();
return json;
}
}
3. Login view: login.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>****系统-用户登录</title>
<link th:href="@{/content/img/favicon.ico}" rel="shortcut icon" type="image/x-icon"/>
<script th:src="@{/content/jquery-easyui-1.7.4/jquery.min.js}"></script>
<link rel="stylesheet" th:href="@{/content/font-awesome-4.7.0/css/font-awesome.css}">
<script th:inline="javascript" type="text/javascript">
var _root = [[${#request.getContextPath()}]];
</script>
<style type="text/css">
* {font-size: 14px;}
td {padding: 5px;}
.main {width: 80%;margin: 40px auto;}
input[type="text"], input[type="password"] {
border: 1px solid #ccc;padding: 5px 5px;outline: none; border-radius: 3px;
}
.btnLogin { background: brown;
color: white;
border: 0;
padding: 5px 10px;
border-radius: 3px;}
</style>
</head>
<body>
<div class="main">
<table style="margin: 0 auto;">
<tr>
<td colspan="2" style="text-align: center;font-size: 16px;padding: 20px 0;">
<b style="letter-spacing: 5px;font-size: 22px;line-height: 45px;"> ****系统<br/>用户登录</b>
<span style="color:gray;font-size: 12px;display: block;text-align: center;margin: 10px 0">(请使用****账号登录)</span>
</td>
</tr>
<tr>
<td style="text-align: right">用户名:</td>
<td><input type="text" name="username"/></td>
</tr>
<tr>
<td style="text-align: right"> 密 码:</td>
<td><input type="password" name="password"/></td>
</tr>
<tr>
<td></td>
<td>
<input type="button" value="登录" class="btnLogin"/>
</td>
</tr>
</table>
<script type="text/javascript">
$(function () {
$(".btnLogin").click(function () {
var name = $("[name='username']").val();
var pass = $("[name='password']").val();
if (name.length == 0) {
alert("请输入用户名!");
return;
}
if (pass.length == 0) {
alert("请输入密码!");
return;
}
$.ajax({
url: _root + "/login-form",
type: "post",
data: {
name: name,
pass: pass
},
success: function (res) {
res = JSON.parse(res);
if (res.isSuccess) {
var returnurl = getQueryString("returnurl");
if (returnurl&&returnurl.length > 0 && returnurl.indexOf("/logout") == -1) {
window.location = returnurl;
} else {
window.location = _root + "/con/list";
}
} else {
alert(res.body);
}
}
});
});
})
function getQueryString(name) {
var reg = new RegExp("(^|&)" + name + "=([^&]*)(&|$)", "i");
var reg_rewrite = new RegExp("(^|/)" + name + "/([^/]*)(/|$)", "i");
var r = window.location.search.substr(1).match(reg);
var q = window.location.pathname.substr(1).match(reg_rewrite);
if (r != null) {
return unescape(r[2]);
} else if (q != null) {
return unescape(q[2]);
} else {
return null;
}
}
</script>
</div>
</body>
</html>