背景:
开发的项目都须要账号password登录才干够查看站点的内容,所以我们设计时须要考虑,用户进入站点仅仅能从一个我们设计的规范通道进入即通过注冊的账号password登录,其它方法都是非法的和不同意的,所以我们就要对非法的訪问进行拦截并跳转到用户登录页面。
这里主要是讲SpringMVC拦截器Interceptor的相关配置和介绍。
首先新建一个自己定义的拦截器:
LoginInterceptor.java
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.log4j.Logger;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import com.sgcc.uds.fs.client.UserToken;
/**
* @author lyx
*
* 2015-8-17上午9:53:23
*
*
*登录拦截器
*/
public class LoginInterceptor implements HandlerInterceptor {
//日志
protected Logger log = Logger.getLogger(getClass());
public boolean preHandle(HttpServletRequest request, HttpServletResponse response,
Object handle) throws Exception {
//创建session
HttpSession session =request.getSession();
//无需登录。同意訪问的地址
String[] allowUrls =new String[]{"/toLogin","/login"};
//获取请求地址
String url =request.getRequestURL().toString();
//获得session中的用户
UserToken user =(UserToken) session.getAttribute("userToken");
for (String strUrl : allowUrls) {
if(url.contains(strUrl))
{
return true;
}
}
if(user ==null)
{
throw new UnLoginException("您尚未登录!");
}
//重定向
//response.sendRedirect(request.getContextPath()+"/toLogin");
return true;
}
@Override
public void postHandle(HttpServletRequest request,
HttpServletResponse response, Object handler,
ModelAndView modelAndView) throws Exception {
// TODO Auto-generated method stub
}
@Override
public void afterCompletion(HttpServletRequest request,
HttpServletResponse response, Object handler, Exception ex)
throws Exception {
// TODO Auto-generated method stub
}
}
新建一个登录失败异常类:
(注:也能够不建这个类直接在拦截器中进行重定向)
UnLoginException.java
import java.io.IOException;
/**
* @author lyx
*
* 2015-8-17上午10:57:24
*
*fs-config-web.com.sgcc.uds.fs.config.web.interceptor.UnLoginException
*登录失败异常类
*/
public class UnLoginException extends Exception{
/**
*
*/
private static final long serialVersionUID = 1L;
public UnLoginException() {
super();
// TODO Auto-generated constructor stub
}
public UnLoginException(String message) throws IOException {
super(message);
// TODO Auto-generated constructor stub
}
}
SpringMVC配置文件:
ApplicationContext-config-web.xml
<!-- 拦截器 -->
<mvc:interceptors>
<mvc:interceptor>
<!-- 拦截所有地址 -->
<mvc:mapping path="/**"/>
<!-- 登录拦截类 -->
<bean id="loginInterceptor" class="com.sgcc.uds.fs.config.web.interceptor.LoginInterceptor">
</bean>
</mvc:interceptor>
</mvc:interceptors>
<!-- 异常 -->
<bean id="exceptionResolver" class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver">
<property name="exceptionMappings">
<props>
<登录失败异常类>
<prop key="com.sgcc.uds.fs.config.web.interceptor.UnLoginException">redirect:/toLogin</prop>
</props>
</property>
</bean> LoginController.java
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import com.sgcc.uds.fs.client.UserToken;
import com.sgcc.uds.fs.config.web.util.ResultUtil;
@Controller
public class LoginController {
@RequestMapping(value = "/", method = RequestMethod.GET)
public String welcome(HttpServletRequest request){
//TODO 推断有无session,有直接到首页
if(request.getSession().getAttribute("userToken")!=null)
{
return "/index";
}
return "login";
}
@RequestMapping(value = "/toLogin", method = RequestMethod.GET)
public String toLogin(HttpServletRequest request){
//TODO 推断有无session。有直接到首页
if(request.getSession().getAttribute("userToken")!=null)
{
return "/index";
}
return "login";
}
@RequestMapping(value = "/login", method = RequestMethod.POST)
@ResponseBody
public Map<String, Object> login(@RequestParam(required=true,value="loginName") String loginName, @RequestParam(required=true,value="pwd") String pwd,HttpServletRequest request){
ResultUtil result = new ResultUtil();
try
{
if(null != loginName && loginName.equals("admin") && null != pwd && pwd.equals("admin") ){
//TODO 登陆成功,保存session
HttpSession session =request.getSession();
UserToken userToken =new UserToken("admin","admin", "bucketName");
session.setAttribute("userToken",userToken);
//设置超时无效
//session.setMaxInactiveInterval(20);
}else{
result.setSuccess(false);
result.setMsg("username或password错误!");
}
} catch (Exception e)
{
result.setSuccess(false);
result.setMsg("系统内部异常!");
}
return result.getResult();
}
}
这样就能够实现对用户非法訪问站点进行拦截,保证站点的安全性。