配置文件
springmvc.xml中配置拦截器
<!--拦截器 --> <mvc:interceptors> <!--多个拦截器,顺序执行 --> <mvc:interceptor> <!-- 用户认证拦截--> <mvc:mapping path="/**"/> <bean class="com.interceptor.LoginInterceptor"></bean> </mvc:interceptor> </mvc:interceptors>
anonymousURL.properties
#配置匿名访问的url(无需登陆访问的url) index=登陆页面 login=用户登录
commonURL.properties
#配置公用访问地址,公用访问地址只要通过用户认证,不需要对公用访问地址分配权限即可访问。 success=登陆成功页面 exit=用户退出
代码
实体类User
package com.po; public class User { private String id; private String username; private String password; public String getId() { return id; } public void setId(String id) { this.id = id; } public String getUsername() { return username; } public void setUsername(String username) { this.username = username; } public String getPassword() { return password; } public void setPassword(String password) { this.password = password; } }
工具类ResourcesUtil
package com.util; import java.io.Serializable; import java.util.ArrayList; import java.util.Iterator; import java.util.List; import java.util.Locale; import java.util.ResourceBundle; import java.util.Set; //资源文件读取工具类 public class ResourcesUtil implements Serializable { // 系统语言环境,默认为中文zh public static final String LANGUAGE = "zh"; //系统国家环境,默认为中国CN public static final String COUNTRY = "CN"; private static Locale getLocale() { Locale locale = new Locale(LANGUAGE, COUNTRY); return locale; } //获取配置文件信息 public static List<String> gekeyList(String baseName) { //getLocale方法返回此资源包的语言环境。 //此方法可用于调用getBundle()之后,确定资源包是否返回真正对应于所述请求的区域或者是回退。 Locale locale = getLocale(); ResourceBundle rb = ResourceBundle.getBundle(baseName, locale); List<String> reslist = new ArrayList<String>(); Set<String> keyset = rb.keySet(); for (Iterator<String> it = keyset.iterator(); it.hasNext();) { String lkey = (String)it.next(); reslist.add(lkey); } return reslist; } }
Controller
package com.controller; import javax.servlet.http.HttpSession; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import com.po.User; @Controller public class UserController { @RequestMapping("/") public String toIndex() { return "login"; } @RequestMapping("/index") public String index() { return "login"; } @RequestMapping("/success") public String pageJump() { //跳转登陆成功页面 return "success"; } @RequestMapping("/login") public String login(HttpSession session, User user) { if(user==null || user.getUsername()==null || user.getPassword()==null || user.getUsername()=="" || user.getPassword()=="") { return "login"; } else if(!user.getUsername().equals("zy") || !user.getPassword().equals("123")){ return "login"; } session.setAttribute("user", user); return "success"; } @RequestMapping("/exit") public String exit(HttpSession session) { session.invalidate(); return "login"; } }
拦截器
package com.interceptor; import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import org.springframework.web.servlet.HandlerInterceptor; import org.springframework.web.servlet.ModelAndView; import com.po.User; import com.util.ResourcesUtil; //用户身份认证拦截器 public class LoginInterceptor implements HandlerInterceptor { //用于用户认证校验、用户权限校验 @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { //得到请求的url String url = request.getRequestURI(); //从配置中取匿名访问url List<String> open_urls = ResourcesUtil.gekeyList("anonymousURL"); //遍历公开 地址,如果是公开 地址则放行 for(String open_url:open_urls){ if(url.indexOf(open_url)>=0){ System.out.println(url + "公开地址,放行"); //===============test================= return true; } } //判断用户身份在session中是否存在 HttpSession session = request.getSession(); User activeUser = (User) session.getAttribute("user"); //如果用户身份在session中存在放行 if(activeUser!=null){ List<String> common_urls = ResourcesUtil.gekeyList("commonURL"); //遍历公开 地址,如果是公开 地址则放行 for(String common_url:common_urls){ if(url.indexOf(common_url)>=0){ System.out.println(url + "公用访问地址,放行"); //===============test================= return true; } } System.out.println(url + "用户身份存在"); //===============test================= return true; } //执行到这里拦截,跳转到登陆页面,用户进行身份认证 System.out.println(url + "拦截,进行身份验证"); //===============test================= request.getRequestDispatcher("/WEB-INF/jsp/login.jsp").forward(request, response); //如果返回false表示拦截不继续执行handler,如果返回true表示放行 return false; } //在执行handler返回modelAndView之前来执行 //如果需要向页面提供一些公用 的数据或配置一些视图信息,使用此方法实现 从modelAndView入手 @Override public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception { System.out.println("HandlerInterceptor1...postHandle"); } //执行handler之后执行此方法 //作系统 统一异常处理,进行方法执行性能监控,在preHandle中设置一个时间点,在afterCompletion设置一个时间,两个时间点的差就是执行时长 //实现 系统 统一日志记录 @Override public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception { System.out.println("HandlerInterceptor1...afterCompletion"); } }
JSP页面
登陆页面
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>登录页面</title> <script type="text/javascript"> function check() { var username = document.getElementsByName("username")[0].value; var password = document.getElementsByName("password")[0].value; if(username == "" || password == "") { alert("账号或密码不能为空"); } else { var form = document.loginForm; form.action = "login"; form.submit(); } } </script> </head> <body> <form name="loginForm" method="POST"> <table> <caption align="top">登录页面</caption> <tr> <td>用户名</td> <td><input type="text" name="username"></td> </tr> <tr> <td>密码</td> <td><input type="password" name="password"></td> </tr> <tr> <td colspan="2"><input type="submit" value="登录" onclick="check()"></td> </tr> </table> </form> </body> </html>
登陆成功页面
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>登录成功</title> </head> <body> <h1>登录成功!!</h1> id:${user.id }<br> username:${user.username }<br> password:${user.password }<br> <form action="exit"> <input type="submit" value="退出" /> </form> </body> </html>
注:这里并没有用到数据库,而是模拟测试,账号密码分别为:zy 123
结果
未登陆时不能success.jsp页面,登陆成功后,不做退出操作,访问登陆页面后,也可继续访问success.jsp页面