0
点赞
收藏
分享

微信扫一扫

springboot实现登录的拦截器控制(全)

背景:有些页面是只能登录之后访问的,因此我们需要对除了登录操作的相关页面进行拦截控制

login.html

<form class="form-signin" action="dashboard.html" th:action="@{/user/login}" method="post">

LoginController.java

package com.pshdhx.controller;

import org.springframework.stereotype.Controller;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestParam;

import javax.servlet.http.HttpSession;
import java.util.Map;

/**
* @Authtor pshdhx
* @Date 2020/11/2913:14
* @Version 1.0
*/
@Controller
public class LoginController {
@PostMapping(value="/user/login")
public String login(@RequestParam("username") String username,
@RequestParam("password") String password,
Map<String,Object> map,
HttpSession session){
if(!StringUtils.isEmpty(username)&&"123456".equals(password)){
//在登录之后,一点刷新,会提示用户是否离开页面,这是因为url还是index,为了防止表单重复提交,我们需要重定向;=>利用视图解析器
//不仅如此,页面还很简陋,一些前端页面配置不生效,需要重定向。但是登陆之后的这个url别人可以随意访问,我们需要对其拦截校验
session.setAttribute("username",username);
return "redirect:/main.html";
}else{
map.put("msg","用户名密码错误");
return "login";
}
}
}

防止表单重复提交的

视图解析器:

MyMvcConfiguration.java

package com.pshdhx.config;

import com.pshdhx.component.LoginHandlerInterceptor;
import com.pshdhx.component.MyLocaleResolver;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.LocaleResolver;
import org.springframework.web.servlet.config.annotation.*;

/**
* @Authtor pshdhx
* @Date 2020/11/2818:48
* @Version 1.0
*/
@Configuration
//@EnableWebMvc
public class MyMvcConfiguration extends WebMvcConfigurerAdapter {
@Override
public void addViewControllers(ViewControllerRegistry registry) {
//浏览器发送com.pshdhx请求,也来到success页面。
registry.addViewController("/pshdhx").setViewName("success");
}



/**
* 所有的webmvcadapter组件都会一起起作用,前提是springboot知道我们自定义组件的存在
*/
@Bean//将我们的组件注册到容器中
public WebMvcConfigurerAdapter webMvcConfigurerAdapter(){
WebMvcConfigurerAdapter adapter = new WebMvcConfigurerAdapter(){
@Override
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/").setViewName("login");
registry.addViewController("/index.html").setViewName("login");
registry.addViewController("/main.html").setViewName("dashboard");
}
//注册拦截器的
@Override
public void addInterceptors(InterceptorRegistry registry) {
// super.addInterceptors(registry);"/","/login.html","/user/login","/asserts/**","/webjars/**"
registry.addInterceptor(new LoginHandlerInterceptor()).addPathPatterns("/**")//拦截任意多层路径下的任意请求
.excludePathPatterns("/","/index.html","/user/login"); //登录页面和登录请求页面不能拦截
//如果/index.html不加‘/’,这里就产生了死循环;
//springboot已经做好了静态资源的映射,我们不需要管,直接访问即可。
}
};

return adapter;
}
/**
* 添加localeResolver到容器中
*/
@Bean
public LocaleResolver localeResolver(){
return new MyLocaleResolver();
}
}

只需要这条语句就行

registry.addViewController("/main.html").setViewName("dashboard");

此时任意浏览器都可以对我们的dashboard.html页面进行访问,但是这是我们登录之后的首页,我们需要对其进行拦截,

需要自定义拦截器

package com.pshdhx.component;

import com.fasterxml.jackson.databind.*;
import com.fasterxml.jackson.databind.cfg.HandlerInstantiator;
import com.fasterxml.jackson.databind.cfg.MapperConfig;
import com.fasterxml.jackson.databind.introspect.Annotated;
import com.fasterxml.jackson.databind.jsontype.TypeIdResolver;
import com.fasterxml.jackson.databind.jsontype.TypeResolverBuilder;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
* @Authtor pshdhx
* @Date 2020/11/2913:39
* @Version 1.0
* 登陆拦截器,对登陆进行拦截检查
*/
public class LoginHandlerInterceptor implements HandlerInterceptor {

//目标方法执行之前
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
Object username = request.getSession().getAttribute("username");
if(username == null){
//未登录
request.setAttribute("msg","请先登录");
request.getRequestDispatcher("/index.html").forward(request,response);
return false;
}else{
return true;
}
}

@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {

}

@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {

}
}

对登录进行拦截之后,我们需要把其注册在容器中;

//注册拦截器的
@Override
public void addInterceptors(InterceptorRegistry registry) {
// super.addInterceptors(registry);"/","/login.html","/user/login","/asserts/**","/webjars/**"
registry.addInterceptor(new LoginHandlerInterceptor()).addPathPatterns("/**")//拦截任意多层路径下的任意请求
.excludePathPatterns("/","/index.html","/user/login"); //登录页面和登录请求页面不能拦截
//如果/index.html不加‘/’,这里就产生了死循环;
//springboot已经做好了静态资源的映射,我们不需要管,直接访问即可。
}

此时,页面被拦截,如果没有登录,会直接访问的登录页面;

登录之后,跳转到dashboard.html,左上角显示用户名

[[${session.username}]]

springboot实现登录的拦截器控制(全)_spring

学习过程中遇到的错误:

//注册拦截器的
@Override
public void addInterceptors(InterceptorRegistry registry) {
// super.addInterceptors(registry);"/","/login.html","/user/login","/asserts/**","/webjars/**"
registry.addInterceptor(new LoginHandlerInterceptor()).addPathPatterns("/**")//拦截任意多层路径下的任意请求
.excludePathPatterns("/","/index.html","/user/login"); //登录页面和登录请求页面不能拦截
//如果/index.html不加‘/’,这里就产生了死循环;
//springboot已经做好了静态资源的映射,我们不需要管,直接访问即可。
}

一定要注意“/index.html”一定要加‘/’;

原因是:

我们判断出user == null 于是就重定向到/index.html,而​/index.html​也是被拦截的,所以又回到了if里边,就开始了死循环

所以定义拦截器的重定向的页面和url和注册excludePathPatterns的url一定一定要一一对应

 

举报

相关推荐

0 条评论