1、拦截器
package com.wkrj.interceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import wkrjsystem.user.bean.WkrjUser;
import wkrjsystem.wkrjlogin.service.WkrjLonginService;
//继承HandlerInterceptorAdapter
public class Singleuserlogin extends HandlerInterceptorAdapter {
@Autowired
private WkrjLonginService wkrjLonginService;
@Override
public boolean preHandle(HttpServletRequest request,
HttpServletResponse response, Object handler) throws Exception {
String url=request.getRequestURI();
//如果拦截到的是登录的页面的话放行
if(url.indexOf("wkrjlogin/checkLogin")>=0||url.indexOf("wkrjlogin/login")>=0
||url.indexOf("/img/tx.png")>0){
return true;
}
//如果用户名存在放心(即登录放行)
WkrjUser user = (WkrjUser) request.getSession().getAttribute("user");
WkrjUser userDev = (WkrjUser) request.getSession().getAttribute("userDev");
if(userDev !=null){
}
if(user!=null){
String id=request.getSession().getId();
String sessionid = wkrjLonginService.getSessionByUserid(user.getUser_id());
if(sessionid.equals(request.getSession().getId())){
return true;
} else{
//获取完整路径
String basePath = request.getScheme() + "://" + request.getServerName() + ":" + request.getServerPort()+request.getContextPath();
//判断ajax请求
if("XMLHttpRequest".equals(request.getHeader("X-Requested-With"))){
//告诉ajax我是重定向
response.setHeader("REDIRECT", "REDIRECT");
//告诉ajax我重定向的路径
response.setHeader("CONTENTPATH", basePath+"/system/login.jsp");
response.setStatus(HttpServletResponse.SC_FORBIDDEN);
return false;
}else{
response.sendRedirect(basePath + "/system/login.jsp");
return false;
}
}
}
return super.preHandle(request, response, handler);
}
}
配置
spring-mvc.xml
<mvc:interceptors>
<mvc:interceptor>
<mvc:mapping path="/**"/>
<bean id="Singleuserlogin" class="com.wkrj.interceptor.Singleuserlogin"></bean>
</mvc:interceptor>
</mvc:interceptors>
2、过滤器
package com.wkrj.interceptor;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;
import wkrjsystem.user.bean.WkrjUser;
import wkrjsystem.wkrjlogin.service.WkrjLonginService;
public class LoginFilter implements Filter{
private String unauthorizedUrl = "/unauthorized.jsp";
private String loginUrl = "/system/login.jsp";
@Autowired
private JdbcTemplate jdbcTemplate;
@Autowired
private WkrjLonginService wkrjLonginService;
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest)request;
//HttpServletResponse resq = (HttpServletResponse)response;
ServletContext context = request.getServletContext();
WebApplicationContext ctx = WebApplicationContextUtils.getWebApplicationContext(context);
WkrjLonginService LonginService = ctx.getBean(WkrjLonginService.class);
/*String contextPath = req.getContextPath();
String requestURI = req.getRequestURI();
HttpSession session = req.getSession(false);*/
String url=req.getRequestURI();
//如果拦截到的是登录的页面的话放行
if(url.indexOf(loginUrl)>=0||url.indexOf("wkrjlogin/login")>=0
){
//return true;
chain.doFilter(request, response);
return;
}
//如果用户名存在放心(即登录放行)
WkrjUser user = (WkrjUser) req.getSession().getAttribute("user");
WkrjUser userDev = (WkrjUser) req.getSession().getAttribute("userDev");
if(userDev !=null){
}
if(user!=null){
String id=user.getUser_id();
//Map<String, Object> user1 = jdbcTemplate.queryForMap("select * from wkrj_sys_user where user_id ='"+id+"'");
String sessionid = LonginService.getSessionByUserid(id);
//String sessionid=user1.get("sessionid")+"";
if(sessionid.equals(req.getSession().getId())){
// return true;
chain.doFilter(request, response);
return;
} else{
request.getRequestDispatcher("/system/login.jsp").forward(req, response);
//resq.sendRedirect("/system/login.jsp");
//return false;
}
}
}
@Override
public void destroy() {
}
/*@Override
protected boolean isAccessAllowed(ServletRequest arg0,
ServletResponse arg1, Object arg2) throws Exception {
// TODO Auto-generated method stub
return false;
}
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response)
throws Exception {
HttpServletRequest req = (HttpServletRequest)request;
String url=req.getRequestURI();
//如果拦截到的是登录的页面的话放行
if(url.indexOf(loginUrl)>=0||url.indexOf(unauthorizedUrl)>=0
){
return true;
}
//如果用户名存在放心(即登录放行)
WkrjUser user = (WkrjUser) req.getSession().getAttribute("user");
WkrjUser userDev = (WkrjUser) req.getSession().getAttribute("userDev");
if(userDev !=null){
}
if(user!=null){
String id=req.getSession().getId();
String sessionid = user.getSessionid();
if(sessionid.equals(req.getSession().getId())){
return true;
} else{
request.getRequestDispatcher("/system/login.jsp").forward(req, response);
//return false;
}
}
return false;
}*/
}
配置
web.xml
<filter>
<filter-name> loginFilter</filter-name>
<filter-class>
com.wkrj.interceptor.LoginFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>loginFilter</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>