1、Controller
@Controller
public class LoginController {
/*restful方式请求*/
@PostMapping("/user/login")
//@RequestMapping(value = "/user/login",method = RequestMethod.POST)
public String login(@RequestParam("username") String username,
@RequestParam("password") String password,
Map<String,Object> map,
HttpSession session){
if(!StringUtils.isEmpty(username) && "123".equals(password)){
session.setAttribute("loginUser",username);
//登录成功
//防止表单重复提交,利用重定向
// return "redirect:main.html";
return "dashboard";
}else {
map.put("msg","用户名或密码错误");
return "login";
}
}
}
判断用户信息,将用户信息存储在session中
2、定义拦截器
public class LoginHandlerInterceptor implements HandlerInterceptor {
//目标方法执行前
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object o) throws Exception {
Object user = request.getSession().getAttribute("loginUser");
if(user == null){
//未登录,返回登录页面
request.setAttribute("msg","没有权限,请先登录");
request.getRequestDispatcher("index.html").forward(request,response);
return false;
}else {
//已登录,放行请求
return true;
}
}
@Override
public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception {
}
@Override
public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception {
}
}
3、在配置文件中注册拦截器
//使用WebMvcConfigurerAdapter可以来扩展SpringMVC的功能
//@EnableWebMvc 不要接管SpringMVC
@Configuration
public class MyMvcConfig extends WebMvcConfigurerAdapter {
//所有的WebMvcConfigurerAdapter组件都会一起起作用
@Bean //将组件注册在容器
public WebMvcConfigurerAdapter webMvcConfigurerAdapter(){
WebMvcConfigurerAdapter adapter = new WebMvcConfigurerAdapter() {
//注册拦截器
@Override
public void addInterceptors(InterceptorRegistry registry) {
//super.addInterceptors(registry);
//静态资源; *.css , *.js
//SpringBoot已经做好了静态资源映射
registry.addInterceptor(new LoginHandlerInterceptor()).addPathPatterns("/**")
.excludePathPatterns("/index.html","/","/user/login");//排除
}
};
return adapter;
}
}
4、效果
(1)直接访问后台会提示“无权限,然后跳转到登录页面”
(2)/index.html和/user/login请求不会被拦截