WEB开发----springboot的登录拦截机制

如果是一个后台的管理项目的,有些东西是不能直接就可以访问的,必须要登录才可以进去,所以就需要进行登录拦截,只有登录过的用户才可以正常访问.
登录拦截是不会拦截jsp页面的方法,所以我们需要在Controller写方法进行页面的调用,而且需要把jsp页面从webapp文件夹下放到WEB-INF下面,因为webapp下的文件是可以直接访问到的:文件目录
,
首先创建一个WebConfig.class文件,进行拦截器的创建,拦截器需要实现WebMvcConfigurerAdapter类,继承ApplicationContextAware类,
代码如下:

package com;



import org.springframework.beans.BeansException;

import org.springframework.context.ApplicationContext;

import org.springframework.context.ApplicationContextAware;

import org.springframework.context.annotation.Configuration;

import org.springframework.util.ResourceUtils;

import org.springframework.web.servlet.config.annotation.InterceptorRegistry;

import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;

import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;



import com.interceptor.LoginInterceptor;



@Configuration

public class WebConfig extends WebMvcConfigurerAdapter implements ApplicationContextAware {



    private ApplicationContext applicationContext;



    public WebConfig(){

        super();

    }



    @Override

    public void addResourceHandlers(ResourceHandlerRegistry registry) {

        System.out.println("1");

        registry.addResourceHandler("/static/**").addResourceLocations(ResourceUtils.CLASSPATH_URL_PREFIX+"/static/");

        registry.addResourceHandler("/templates/**").addResourceLocations(ResourceUtils.CLASSPATH_URL_PREFIX+"/templates/");



        super.addResourceHandlers(registry);  

    }



    @Override

    public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {

        System.out.println("11");

        this.applicationContext = applicationContext;

    } 

    @Override

    public void addInterceptors(InterceptorRegistry registry) {

        System.out.println("111");

        //拦截规则：除了login，其他都拦截判断

        registry.addInterceptor(new LoginInterceptor()).addPathPatterns("/**").excludePathPatterns("/user/login","/user/gologin");

        super.addInterceptors(registry);

    }



}

上面的文件除了/user/login(登录信息验证方法),/user/gologin(返回登录页面方法)这两个方法不拦截,别的都拦截判断
然后编写自定义的验证规则,判断拦截到的请求是否通过

package com.interceptor;



import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

import javax.servlet.http.HttpSession;



import org.slf4j.Logger;

import org.slf4j.LoggerFactory;

import org.springframework.web.servlet.HandlerInterceptor;

import org.springframework.web.servlet.ModelAndView;



public class LoginInterceptor implements HandlerInterceptor {


    private static final Logger log = LoggerFactory.getLogger(LoginInterceptor.class);



    @Override

    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)

            throws Exception {

        // TODO Auto-generated method stub

        log.info("------preHandle------");

        // 获取session

        HttpSession session = request.getSession(true);

        // 判断用户ID是否存在，不存在就跳转到登录界面

        if (session.getAttribute("userId") == null) {

            log.info("------:跳转到login页面！");

            System.out.println(request.getContextPath() + "/login");

            response.sendRedirect("/user/gologin");

            return false;

        } else {

            return true;

        }

    }



    @Override

    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,

            ModelAndView modelAndView) throws Exception {

        // TODO Auto-generated method stub

    }



    @Override

    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)

            throws Exception {

        // TODO Auto-generated method stub

    }



}

当用户登录成功,将用户的信息存到session中,之后的访问,就会去session中判断有没有用户信息,如果没有用户信息,则跳转到登录页面,进行用户登录