当前位置: 移动技术网 > IT编程>开发语言>Java > springmvc拦截器登录验证示例

springmvc拦截器登录验证示例

2019年07月22日  | 移动技术网IT编程  | 我要评论

一开始,学了拦截器与过滤器,咋一看两者有点像,实际上两者有很大的不同。就用拦截器和过滤器分别做了登录验证试验,这次先说拦截器。下面是自己实践的一个实例:

在spring-mvc.xml中配置拦截器:

<mvc:interceptors>
  <mvc:interceptor> 
   <mvc:mapping path="/user/*"/> 
<!-- 定义在mvc:interceptor下面的表示是对特定的请求才进行拦截的 -->
   <bean class="com.wyb.interceptor.logininterceptor"/> 
  </mvc:interceptor>  
 </mvc:interceptors>

如上所示,这里配置了loginintercepter,为了简单起见,该过滤器只拦截了url为"/user/*"的请求。

要拦截的请求对应控制器如下:

import java.util.arraylist;
import java.util.list;

import javax.annotation.resource;
import javax.servlet.http.httpservletrequest;

import org.apache.log4j.logger;
import org.springframework.beans.factory.annotation.autowired;
import org.springframework.stereotype.controller;
import org.springframework.ui.model;
import org.springframework.web.bind.annotation.requestmapping;
import org.springframework.web.bind.annotation.responsebody;

import com.wyb.domain.user;
import com.wyb.service.iuserservice;
import com.wyb.service.impl.userserviceimpl;

@controller 
@requestmapping("/user") 
public class usercontroller { 
 
   private static final logger log=logger.getlogger(usercontroller.class);

   @autowired 
   private iuserservice userservice; 
  

 @requestmapping("/showalluser")
 public string showalluser(model m){
  list<user> userlist=new arraylist<user>(); 
  userlist=userservice.findalluser();
  for(user user :userlist){
   system.out.println(user.getusername());
  }  
  return "/jsp/showalluser";
  
 }
}

这里的showalluser()方法是为了输出所有的用户,为了表明执行了方法,将所有用户在后台打印,url为:http://localhost:8080/testssm/user/showalluser,可见该url肯定会被loginintercepter拦截。

测试页面showalluser.jsp如下:

<%@ page language="java" contenttype="text/html; charset=utf-8"
 pageencoding="utf-8"%>
<!doctype html public "-//w3c//dtd html 4.01 transitional//en" "http://www.w3.org/tr/html4/loose.dtd">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<title>show all user</title>
</head>
<body>
 this is showalluser page!!!
</body>
</html>

loginintercepter如下:

import javax.servlet.http.httpservletrequest;
import javax.servlet.http.httpservletresponse;
import javax.servlet.http.httpsession;

import org.springframework.web.servlet.handlerinterceptor;
import org.springframework.web.servlet.modelandview;

import com.wyb.domain.user;

public class logininterceptor implements handlerinterceptor{

 @override
 public void aftercompletion(httpservletrequest arg0, httpservletresponse arg1, object arg2, exception arg3)
   throws exception {
  system.out.println("this is aftercompletion of logininterceptor");
  
 }

 @override
 public void posthandle(httpservletrequest arg0, httpservletresponse arg1, object arg2, modelandview arg3)
   throws exception {
  system.out.println("this is posthandle of logininterceptor");
  
 }

 @override
 public boolean prehandle(httpservletrequest request, httpservletresponse response, object arg2) throws exception {
  // todo auto-generated method stub
  system.out.println("this is prehandle of logininterceptor");
  httpsession session=request.getsession();
  user user=(user)session.getattribute("user");
  if(user==null){
   system.out.println("no user in logininterceptor!!!");
   request.getrequestdispatcher("/web-inf/jsp/login.jsp").forward(request, response);

  } 
  //返回true代表继续往下执行
  return true;
 }

}

 这里我犯了一个错误,聪明的小伙伴也许已经看出来了,如果按照上面的代码,当我们访问:http://www.lhsxpumps.com/_localhost:8080/testssm/user/showalluser结果如下:

咋一看,成功拦截了,输入用户名信息,正常跳转到主页,再次进入http://www.lhsxpumps.com/_localhost:8080/testssm/user/showalluser如下:

页面正常输出,已经记录了session,不会被再次拦截,看似成功了,可是看看后台输出:

有没有发现,我们执行了两次showalluser()方法,可见第一次访问虽然被拦截器拦截了下来进入登录页面,但后台已经悄悄执行了showalluser()。为什么呢?我们回头再看看loginintercepter.java,尤其是prehandle()方法:

@override
 public boolean prehandle(httpservletrequest request, httpservletresponse response, object arg2) throws exception {
  // todo auto-generated method stub
  system.out.println("this is prehandle of logininterceptor");
  httpsession session=request.getsession();
  user user=(user)session.getattribute("user");
  if(user==null){
   system.out.println("no user in logininterceptor!!!");
   request.getrequestdispatcher("/web-inf/jsp/login.jsp").forward(request, response);

  } 
  //返回true代表继续往下执行
  return true;
 }

在判断user为空后,虽然执行了页面跳转,但是程序还是会继续执行,最后返回true,返回true意味着,被拦截的业务逻辑可以继续往下执行,因此,虽然表面上被拦截了,但从本质上来说并没有拦截到。因此需要修改如下:

@override
 public boolean prehandle(httpservletrequest request, httpservletresponse response, object arg2) throws exception {
  // todo auto-generated method stub
  system.out.println("this is prehandle of logininterceptor");
  httpsession session=request.getsession();
  user user=(user)session.getattribute("user");
  if(user==null){
   system.out.println("no user in logininterceptor!!!");
   request.getrequestdispatcher("/web-inf/jsp/login.jsp").forward(request, response);
   //本次访问被拦截,业务逻辑不继续执行
   return false;
  } 
  //返回true代表继续往下执行
  return true;
 }

user为空,跳转后,返回false,就不会执行被拦截的业务逻辑了,修改后后台输出如下:

现在后台正常输出,且session保存了user信息后,才能执行showalluser()方法,大功告成!

以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持移动技术网。

您可能感兴趣的文章:

如对本文有疑问, 点击进行留言回复!!

相关文章:

验证码:
最近更新的文章
大家感兴趣的文章
移动技术网