登录拦截实现过程
程序开发
2023-09-04 10:52:45
在目标用户查看需要登录才能查看的界面时候,进行拦截并提示用户登录
自定义一个拦截器LoginInterceptor
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
//用户的实体类,session的判断登录,视项目而变
import com.how2java.tmall.pojo.User;
import org.apache.commons.lang.StringUtils;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.subject.Subject;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;public class LoginInterceptor implements HandlerInterceptor {@Overridepublic boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o) throws Exception {HttpSession session = httpServletRequest.getSession();//Servlet中getServletContext()实质上可以看做一个对象,其可以使用ServletContext接口中的方法,getContextPath()为其中得到project名称方法。String contextPath = session.getServletContext().getContextPath();//定义一个需要需要登录才能访问的拦截路径字符串数组String[] requireAuthPages = new String[]{"buy","alipay","payed","cart","bought","confirmPay","orderConfirmed","forebuyone","forebuy","foreaddCart","forecart","forechangeOrderItem","foredeleteOrderItem","forecreateOrder","forepayed","forebought","foreconfirmPay","foreorderConfirmed","foredeleteOrder","forereview","foredoreview"};//获取uri并去除project工程名String uri = httpServletRequest.getRequestURI();uri = StringUtils.remove(uri, contextPath);String page = uri;//先beginWith判断,再判断用户是否在session中,是否登录了,未登录的话就跳转到登录页if (beginWith(page, requireAuthPages)) {User user = (User) session.getAttribute("user");if (user == null) {httpServletResponse.sendRedirect("login");return false;}}return true;}//判断是否是以requireAuthPages里的开头的private boolean beginWith(String page, String[] requireAuthPages) {boolean result = false;for (String requiredAuthPage : requireAuthPages) {if (StringUtils.startsWith(page, requiredAuthPage)) {result = true;break;}}return result;}@Overridepublic void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception {}@Overridepublic void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception {}}
配置拦截器注册到spring的bean中
import com.how2java.tmall.interceptor.LoginInterceptor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;@Configuration
class WebMvcConfigurer extends WebMvcConfigurerAdapter{@Beanpublic LoginInterceptor getLoginIntercepter() {return new LoginInterceptor();}@Overridepublic void addInterceptors(InterceptorRegistry registry){registry.addInterceptor(getLoginIntercepter()).addPathPatterns("/**"); }
}
这样在用户登录时候通过拦截器对requireAuthPages内的字符串进行匹配判断是否进行登录,如果没有登录,重定向跳转至登录界面
httpServletResponse.sendRedirect("login");
如果已经登录,则可以正常的进行访问
进行访问
自动拦截cart,由于未登录,自动跳转至
通过Controller访问登录界面
标签:
相关文章
-
无相关信息