在进行登录操作时我们都要使用拦截器拦截用户的访问,以避免用户未登录操作。
以下是对登录操作的简单拦截,自己可针对自己的业务进行扩展。
自定义LoginInterceptor 实现HandlerInterceptor,用户发送的每个请求都会被preHandle()方法拦截,我们就可以在preHandle方法中实现自己的业务员逻辑,哪些不需要被拦截等等操作。
package com.light.ac.web.interceptor; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.shiro.SecurityUtils; import org.apache.shiro.subject.Subject; import org.springframework.web.servlet.HandlerInterceptor; import org.springframework.web.servlet.ModelAndView; import com.light.ac.domain.User; public class LoginInterceptor implements HandlerInterceptor { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object obj) throws Exception { Subject subject = SecurityUtils.getSubject(); User user = (User) subject.getPrincipal(); if (user != null) { return true; } response.sendRedirect("/index.jsp"); return false; } @Override public void afterCompletion(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, Exception arg3) throws Exception { } @Override public void postHandle(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, ModelAndView arg3) throws Exception { } }
springmvc.xml中的配置为:
<!-- 拦截器 --> <mvc:interceptors> <!-- 登陆拦截器 --> <mvc:interceptor> <mvc:mapping path="/**" /> <mvc:exclude-mapping path="/resources/**"/> <mvc:exclude-mapping path="/login"/> <mvc:exclude-mapping path="/logout"/> <bean class="com.light.ac.web.interceptor.LoginInterceptor"></bean> </mvc:interceptor> </mvc:interceptors>