登录和权限验证判断在后台管理系统中是最常用的功能,这部分代码是比较固定和独立的,为了减少对业务代码入侵性,一般我会考虑使用Filter来实现,下面我就来详细说一下我的实现思路和代码:
前台页面:
String path = request.getContextPath();
String basePath = request.getScheme() + "://" + request.getServerName() + ":" + request.getServerPort() + path + "/";
%>
会员登录--蓝狐通用后台管理系统#line-chart {
height: 300px;
width: 800px;
margin: 0px auto;
margin-top: 1em;
}
.brand {
font-family: georgia, serif;
}
.brand .first {
color: #ccc;
font-style: italic;
}
.brand .second {
color: #fff;
font-weight: bold;
}
会员登录
- ${errorMessage}
用户名
密码
登录页面很简单就是一个登录表单。
后台Controller:
package com.lanhusoft.controllers;
import com.lanhusoft.dao.mybatis.UserInfoImpl;
import com.lanhusoft.model.Sys_UserInfo;
import com.lanhusoft.model.VAuthenticatedUser;
import com.lanhusoft.model.VSysUserInfo;
import org.hibernate.Session;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpSession;
import java.util.List;
import java.util.Map;
import java.util.Objects;
/**
* Created by Administrator on 2016/8/15.
*/
@Controller
@RequestMapping("/account")
public class AccountController {
@Autowired
VAuthenticatedUser currentUser;
@RequestMapping(value="/logon",method = RequestMethod.GET)
public String Logon(){
return "Account/Logon";
}
@RequestMapping(value="/logon",method = RequestMethod.POST)
public ModelAndView LogonHandler(Sys_UserInfo user,HttpSession session){
UserInfoImpl dal=new UserInfoImpl();
ModelAndView mav=new ModelAndView("Account/Logon");
String errorMsg="";
if(user.getLoginName()==null||user.getLoginName()==""||user.getPwd()==null||user.getPwd()==""){
errorMsg = "用户名或密码不能为空";
mav.addObject("errorMessage",errorMsg);
return mav;
}
VAuthenticatedUser authUser=dal.getLegalUserByLoginName(user);
if(authUser==null||authUser.getUserInfo()==null) {
errorMsg = "用户名不存在";
}
else if(authUser.getUserInfo().getEnabled()!=1){
errorMsg = "用户未启用";
}
else if(!Objects.equals(authUser.getUserInfo().getPwd(), user.getPwd())){
errorMsg = "密码错误";
}
else {
session.setAttribute("currentUser",authUser);
//currentUser=authUser;
mav.setViewName("redirect:/SysUser/index");
return mav;
}
mav.addObject("errorMessage",errorMsg);
return mav;
}
@RequestMapping(value="/logout",method = RequestMethod.GET)
public String Logout(HttpSession session){
session.removeAttribute("currentUser");
return "Account/Logon";
}
}
登录成功把把用户信息和权限菜单存到sessoin中,key为currentUser。
Filter,登录及权限验证判断真实的核心代码:
package com.lanhusoft.filters;
import com.lanhusoft.model.Sys_Action;
import com.lanhusoft.model.VAuthenticatedUser;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.filter.OncePerRequestFilter;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* Created by Administrator on 2016/9/3.
*/
public class AuthFilter extends OncePerRequestFilter {
// @Autowired
// VAuthenticatedUser currentUser;
@Override
protected void doFilterInternal(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain filterChain) throws ServletException, IOException {
// 不过滤的uri
String[] notFilter = new String[]{"login.html", "index.html"};
// 请求的uri
String uri = request.getRequestURI();
boolean doFilter = true;
for (String s : notFilter) {
if (uri.indexOf(s) != -1) {
// 如果uri中包含不过滤的uri,则不进行过滤
doFilter = false;
break;
}
}
if (doFilter) {
// 执行过滤
// 从session中获取登录者实体
VAuthenticatedUser authUser = (VAuthenticatedUser) request.getSession().getAttribute("currentUser");
response.setContentType("text/html; charset=utf-8");
PrintWriter out = response.getWriter();
if (null == authUser) {
// 如果session中不存在登录者实体,则弹出框提示重新登录
// 设置request和response的字符集,防止乱码
//request.setCharacterEncoding("UTF-8");
//response.setCharacterEncoding("UTF-8");
StringBuilder builder = new StringBuilder();
builder.append("
builder.append("alert('网页过期,请重新登录!');");
builder.append("window.top.location.href='"+request.getContextPath()+"/account/logon';");
builder.append("");
out.print(builder.toString());
//response.sendRedirect(request.getContextPath()+"/account/logon");
} else {
// 如果session中存在登录者实体,则继续
boolean havePrivi = false;
for (Sys_Action act : authUser.getAuthorizedActions()) {
if (uri.contains(act.getActionHref())) {
havePrivi = true;
break;
}
}
if (havePrivi) {
filterChain.doFilter(request, response);
} else {
out.print("你没有该页面的访问权限");
}
}
} else {
// 如果不执行过滤,则继续
filterChain.doFilter(request, response);
}
}
}
web.xml加入以下配置:
authFilter
com.lanhusoft.filters.AuthFilter
authFilter
/SysUser/*
authFilter
/SysRole/*
filter-mapping结点中的url-pattern定义了需要验证的url。你可以根据自己需要添加多个。
