拦截器,登录权限控制demo
- 1. 拦截器demo
- 2. 登录权限控制
地址:
https://github.com/sevenyoungairye/spring-mvc-interceptor
1. 拦截器demo
- 什么是拦截器
拦截器基于是aop思想实现的。
针对controller里面的目标方法进行拦截。
对比过滤器是过滤所有请求,及静态资源。
- 创建拦截器 实现HanlderInceptro接口
拦截器1
package cn.bitqian.interceptor;import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;/*** spring mvc 拦截器入门* @author echo lovely* @date 2020/9/6 17:30*/
public class MyInterceptor1 implements HandlerInterceptor {// 在目标方法执行之前执行@Overridepublic boolean preHandle(HttpServletRequest request, HttpServletResponse response,Object handler) throws Exception {System.out.println("preHandler..");String param = request.getParameter("param");if ("yes".equals(param)) {return true;}// 参数错误跳转到错误的页面request.getRequestDispatcher("/error.jsp").forward(request, response);// 放行return false;}// 在目标方法执行之后,视图返回之前执行@Overridepublic void postHandle(HttpServletRequest request, HttpServletResponse response,Object handler, ModelAndView modelAndView) throws Exception {// 可以在视图对象返回之前 修改modelif (modelAndView != null) // 如果访问的目标资源没有 ModelAndView返回,会null pointermodelAndView.addObject("name", "bitQian adorable");System.out.println("post handler");}// 在所有流程执行完后 执行@Overridepublic void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {System.out.println("after completion");}
}拦截器2
package cn.bitqian.interceptor;import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;/*** 拦截器2 与拦截器1构成链* @author echo lovely* @date 2020/9/6 21:40*/
public class MyInterceptor2 implements HandlerInterceptor {@Overridepublic boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {System.out.println("pre handle22222...");return true; // 经过拦截器2 放行}@Overridepublic void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {System.out.println("post handle222222222...");}@Overridepublic void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {System.out.println("completion222222...");}
}- 配置拦截器
<!-- 拦截器 对controller中的目标方法进行拦截 --><mvc:interceptors><mvc:interceptor><!--对所有目标资源(那些资源)进行拦截--><!--<mvc:mapping path="/**"/>--><!--<mvc:mapping path="/*"/>--><mvc:mapping path="/target1"/><bean id="interceptor1" class="cn.bitqian.interceptor.MyInterceptor1"></bean></mvc:interceptor><!-- 拦截器1与拦截器2构成拦截器链 拦截器配置先后 决定拦截器执行的顺序 --><mvc:interceptor><mvc:mapping path="/target1"/><bean id="interceptor2" class="cn.bitqian.interceptor.MyInterceptor2"></bean></mvc:interceptor></mvc:interceptors>
- 目标方法(controller)
package cn.bitqian.controller;import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.servlet.ModelAndView;/*** 测试拦截器* @author echo lovely* @date 2020/9/6 17:42*/
@Controller
public class TargetController {@RequestMapping("/target1")public ModelAndView target1() {ModelAndView modelAndView = new ModelAndView();// 设置模型modelAndView.addObject("name", "bitqian");// 返回视图对象modelAndView.setViewName("demo1");System.out.println("target1 目标资源访问..");return modelAndView;}
}
- 测试拦截器的拦截效果
未带参数跳转到对应的页面
当我带参数
2. 登录权限控制
- 页面
<%--Created by IntelliJ IDEA.User: echo lovelyDate: 2020/9/7Time: 19:21用户登录页面
--%>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head><title>login page</title>
</head>
<body><form action="user/login" method="post">用户名:<input type="text" name="userName"/> <br/>密码:<input type="password" name="password"/> <br/><input type="submit" value="login"/></form></body>
</html>- user controller
package cn.bitqian.controller;import cn.bitqian.entity.User;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;import javax.servlet.http.HttpSession;/*** @author echo lovely* @date 2020/9/7 19:15*/
@Controller
@RequestMapping(value = "/user")
public class UserController {@RequestMapping(value = "/login")public String login(String userName, String password, HttpSession session) {if ("bitqian".equals(userName) && "bitqian666".equals(password)) {User user = new User(userName, password);// 账号密码正确设置 将用户对象保存到session中session.setAttribute("user", user);return "redirect:/index.jsp";}System.out.println(userName + "\t" + password);return "redirect:/login.jsp";}
}- 权限控制拦截器
package cn.bitqian.interceptor;import cn.bitqian.entity.User;
import org.springframework.web.servlet.HandlerInterceptor;import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;/*** @author echo lovely* @date 2020/9/7 19:42*/
public class AuthorityInterceptor implements HandlerInterceptor {@Overridepublic boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {User user = (User) request.getSession().getAttribute("user");if (user == null) {// 未登录跳转到登录页面response.sendRedirect("login.jsp");return false;}System.out.println("user permission..");return true;}
}- 对目标方法进行拦截,除login
<mvc:interceptors><!-- 用户是否登录 作用的拦截器 --><mvc:interceptor><mvc:mapping path="/**"/><!-- 不拦截 login方法--><mvc:exclude-mapping path="/user/login"/><mvc:exclude-mapping path="/target1"/><bean class="cn.bitqian.interceptor.AuthorityInterceptor"></bean></mvc:interceptor>
</mvc:interceptors>
