基于SpringMVC的interceptor的用户登录权限限制

小灰灰 2022-06-01 11:26 122阅读 0赞

本次写的案例是,构建一个用户注册和登录界面,并用SpringMVC 的interceptor对用户直接登录主页权限进行限制  
首先写一个domain对象,简单起见,就只写username和password属性

package lhc.domain;
    public class User2 { 
         private String username;
         private String password;
         public String getUsername() {
               return username;
         }
         public void setUsername(String username) {
               this.username = username;
         }
         public String getPassword() {
               return password;
         }
         public void setPassword(String password) {
               this.password = password;
         }
         @Override
         public String toString() {
               return "User2 [username=" + username + ", password=" + password + "]";
         }
    
    }

配置web.xml文件

<?xml version="1.0" encoding="UTF-8"?>
    <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
        <display-name>testspring</display-name>
        <welcome-file-list>
            <welcome-file>index.html</welcome-file>
            <welcome-file>index.htm</welcome-file>
            <welcome-file>index.jsp</welcome-file>
            <welcome-file>default.html</welcome-file>
            <welcome-file>default.htm</welcome-file>
            <welcome-file>default.jsp</welcome-file>
        </welcome-file-list>
    
    
        
        
        <servlet>
            <servlet-name>springDispatcherServlet</servlet-name>
            <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
            <init-param>
                <param-name>contextConfigLocation</param-name>
                <param-value>classpath:springmvc.xml</param-value>
            </init-param>
            <load-on-startup>1</load-on-startup>
        </servlet>
    
        
        <servlet-mapping>
            <servlet-name>springDispatcherServlet</servlet-name>
            <url-pattern>/</url-pattern>
        </servlet-mapping>
    
    
        
    
        <filter>  
            <filter-name>Encoding</filter-name>  
            <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>  
            <init-param>  
                <param-name>encoding</param-name>  
                <param-value>UTF-8</param-value>  
            </init-param>  
            <init-param>  
                <param-name>forceEncoding</param-name>  
                <param-value>true</param-value>  
            </init-param>  
        </filter>  
        <filter-mapping>  
            <filter-name>Encoding</filter-name>  
            <url-pattern>/*</url-pattern>  
        </filter-mapping>  
    
    
    </web-app>

接下来是SpringMVC的配置文件的配置,开启注解,扫描包,开启视图解析器,配置自定义的拦截器

<?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" xmlns:aop="http://www.springframework.org/schema/aop" xmlns:tx="http://www.springframework.org/schema/tx" xmlns:mvc="http://www.springframework.org/schema/mvc" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd">
         
         <mvc:annotation-driven></mvc:annotation-driven>
         
         <context:component-scan base-package="lhc"></context:component-scan>
         
         <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
               <property name="prefix" value="/WEB-INF/jsp/"></property>
               <property name="suffix" value=".jsp"></property>
         </bean>         
         
         <mvc:interceptors>
               <mvc:interceptor>
                    <mvc:mapping path="/**" />
                    <bean class="lhc.controller.LoginInterceptor" />
               </mvc:interceptor>
         </mvc:interceptors>
    </beans>

写一个登录界面的表单,并显示错误信息

<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
    <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
    <html>
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <title>Insert title here</title>
    </head>
    <body>
         <h1>登录</h1>
    
         
         ${msg }
    
         <form action="${pageContext.request.contextPath }/user/login" method="post">
         用户名:<input type="text" name="username" /> <br/>
         密码:<input type="password" name="password"/><br/>
         <input type="submit" value="submit">
         </form>
    </body>
    </html>

写一个主页,并提供注销链接

写Controller组件,由于SpringMVC架构建议不让用户直接访问jsp页面,并且直接访问的jsp页面不进行拦截.故在控制层转发到jsp页面,此时的jsp页面会被拦截

// 登录login.jsp
         @RequestMapping(value = "/login", method = RequestMethod.GET)
         public String ToLogin() {
               return "login";
         }
         // 表单验证,注意方法与上面不同
         @RequestMapping(value = "/login", method = RequestMethod.POST)
         public String login(User2 user2, HttpSession session, HttpServletRequest request) {
               String username = user2.getUsername();
               String password = user2.getPassword();
               //由于重点在SpringMVC,此处模拟从数据库取出数据进行表单验证
               if (username != null && username.equals("tom") && password != null && password.equals("123")) {
                    session.setAttribute("user", user2);
                    //进入登录主页
                    return "main";
               } else {
                    request.setAttribute("msg", "用户名或密码错误");
                    //返回到登录页面
                    return "login";
               }
         }
    
         // 主页的注销处理
         @RequestMapping("/logout")
         public String logout(HttpSession session) {
               //清除session的数据
               session.invalidate();
               return "login";
         }
         // 直接登录main.jsp主页,需要写一个拦截器进行拦截
         @RequestMapping(value = "/main")
         public String ToMain() {
               return "main";
         }

为直接访问主页设置一个拦截器

package lhc.controller;
    import javax.servlet.http.HttpServletRequest;
    import javax.servlet.http.HttpServletResponse;
    import javax.servlet.http.HttpSession;
    import org.springframework.web.servlet.HandlerInterceptor;
    import org.springframework.web.servlet.ModelAndView;
    import lhc.domain.User2;
    public class LoginInterceptor implements HandlerInterceptor { 
         @Override
         public void afterCompletion(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, Exception arg3)
                    throws Exception {
         }
         @Override
         public void postHandle(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, ModelAndView arg3)
                    throws Exception {
         }
         @Override
         public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object arg2) throws Exception {
               //如果是登录login则放行
               if (request.getRequestURL().indexOf("/login")>0) {
                    return true;
               }
               //如果已经登录过,则放行
               HttpSession session =request.getSession();
               User2 user = (User2)session.getAttribute("user");
               if(user!=null) {
                    return true;
               }
               //没登录过又不登录login页面,转发到登录页面
               request.setAttribute("msg", "你还没登录");
              request.getRequestDispatcher("/WEB-INF/jsp/login.jsp").forward(request, response);
               return false;
         }
    }