对于登录的访问控制以及session的超时控制。
当用户在未登录情况下,直接在地址栏输入url进入某些页面时,会越过登录页,如果不做控制会有安全问题。
因此可添加拦截器处理异常:
/** * @Description: 非法登录拦截 * @author DennyZhao * @date 2018年2月24日 * @version 1.0 */ public class LoginInterceptor implements HandlerInterceptor { private static final Logger logger = LoggerFactory.getLogger(LoginInterceptor.class); @Override public void afterCompletion(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, Exception arg3) throws Exception { // TODO Auto-generated method stub } @Override public void postHandle(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, ModelAndView arg3) throws Exception { // TODO Auto-generated method stub } @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse resp, Object arg2) throws Exception { logger.debug(">>>preHandle(HttpServletRequest request, HttpServletResponse resp, Object arg2)"); User User = (User)request.getSession().getAttribute(CommonConstants.SESSION_USER); if(retireUser == null) { logger.warn("session time out..."); throw new MySessionException("会话超时..."); } logger.debug("<<<preHandle(HttpServletRequest request, HttpServletResponse resp, Object arg2)"); return true; } }
注意:要实现springmvc的 HandlerInterceptor 这个接口,同时将这个拦截器配置到spring配置文件中:
<mvc:interceptors>
<mvc:interceptor>
<!-- 拦截全部地址 -->
<mvc:mapping path="${adminPath}/rest/**" />
<mvc:exclude-mapping path="${adminPath}/rest/login/**"/>
<!-- 登录拦截类 -->
<bean id="loginInterceptor"
class="com.common.interceptor.LoginInterceptor">
</bean>
</mvc:interceptor>
</mvc:interceptors>