The main article is to achieve user authentication login process with interceptor / filter can intercept when the user is not logged, the system can not be accessed page
A: Interceptor
Here is how the custom interceptor project directory implementation:
1: Create a new interceptor interceptor package, create a LoginInterceptor interceptor class
2: this class inherits HandlerInterceptor interfaces, and three methods to achieve this interface HandlerInterceptor
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import org.springframework.web.servlet.HandlerInterceptor; import org.springframework.web.servlet.ModelAndView; public class LoginInterceptor implements HandlerInterceptor { @Override public void afterCompletion(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, Exception arg3) throws Exception { // 执行完毕,返回前拦截 } @Override public void The postHandle (the HttpServletRequest the arg0, the HttpServletResponse arg1, arg2 Object, ModelAndView arg3) throws Exception { // in the process, performed to intercept } @Override public Boolean The preHandle (the HttpServletRequest Request, Response the HttpServletResponse, Object arg2) throws Exception { // intercepting interception point before performing the operation (successful interception) returns true if the intercept point is not executed // returns false interception is not performed the HttpSession the session = request.getSession (); String url = request.getRequestURI (); // for login the uri, this is not to intercept //IF (! session.getAttribute ( "_ CURRENT_USER") = null || url.indexOf ( "home.action") = -!. 1 || url.indexOf ( "login.action") = -!. 1) { IF (the session ! .getAttribute ( "_ CURRENT_USER") = null ) { // successful login does not block return to true ; } the else { // after intercepting enter the login page response.sendRedirect (request.getContextPath () + "/ home.action" ); return to false ; } } }
3: interceptor is to be configured, this class, arranged in spring-mvc.xml configuration file as follows:
< Mvc: interceptors > < mvc: Interceptor > <-! Intercept all controllers mvc -> < mvc: Mapping path = "/ **" /> <-! Mvc: Mapping the exclude-intercept is another, it can be a page in your later testing is not intercepted, so do not go get request uri address does not intercept the (preferred) method inside LoginInterceptor of preHandler -> < MVC: Mapping the exclude- path = "/ Home .action " /> < MVC:-Mapping the exclude path =" / login.action " /> < the bean class =" cn.itcast.util.LoginInterceptor " > </ the bean > </mvc:interceptor> </mvc:interceptors>
The landing interceptor class LoginInterceptor, configured to inside
This interceptor has two knowledge points:
①:
< MVC: Mapping path = "/ **" /> is already blocked all requests, including login, if the later does not want to block a page, in the interception of the configuration inside the < MVC: Mapping the exclude- path = "/ the Login. Action " />
②: the configuration file can not intercept a page request to obtain the path to intercept interception inside the class, and then make a judgment
// String uri = request.getRequestURI (); // get logged uri, this is not to intercept
//if(session.getAttribute("LOGIN_USER")!=null || uri.indexOf ( "/ login.action ! ") = - 1)
II: Filters
Filter on two steps: Create a new filter class, then the configuration web.xml
LoginFilter build a class, class inheritance Filter
import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; public class LoginFilter implements Filter { public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2) throws IOException, ServletException { // TODO Auto-generated method stub HttpServletRequest request = (HttpServletRequest)arg0; HttpServletResponse response = (HttpServletResponse)arg1; HttpSession session = request.getSession(); /* if(session.getAttribute("_CURRENT_USER") != null){ arg2.doFilter(arg0, arg1); return; } if(request.getRequestURI().indexOf("home.action") != -1 || request.getRequestURI().indexOf("login.action") != -1){ arg2.doFilter(arg0, arg1); return; } // 没有登录 response.sendRedirect(request.getContextPath()+"/home.action");*/ if(session.getAttribute("_CURRENT_USER")==null && request.getRequestURI().indexOf("/home.action") == -1 && request.getRequestURI().indexOf("/login.action") == -1 // -1表示不存在该url ){ // 没有登录 response.sendRedirect(request.getContextPath()+"/home.action"); }else{ // 已经登录,继续请求下一级资源(继续访问) arg2.doFilter(arg0, arg1); } } public void init(FilterConfig arg0) throws ServletException { // TODO Auto-generated method stub } public void destroy() { // TODO Auto-generated method stub }
}
2:配置 web.xml ,在字符过滤器下面接着配置一个过滤器
<!-- 5.使用filter实现登录控制 --> <filter> <filter-name>LoginFilter</filter-name> <filter-class>cn.itcast.util.LoginFilter</filter-class> </filter> <filter-mapping> <filter-name>LoginFilter</filter-name> <!-- 所有的管理页面需要登录后才能访问 --> <url-pattern>/*</url-pattern> </filter-mapping>
将过滤器类 LoginFilter 配置到 过滤器配置文件中,即可完成
过滤器也实现了
内容大部分来自https://blog.csdn.net/chenxihua1/article/details/80779234 感谢大佬分享!