背景:有些页面是只能登录之后访问的,因此我们需要对除了登录操作的相关页面进行拦截控制
login.html
<form class="form-signin" action="dashboard.html" th:action="@{/user/login}" method="post">LoginController.java
package com.pshdhx.controller;
import org.springframework.stereotype.Controller;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestParam;
import javax.servlet.http.HttpSession;
import java.util.Map;
/**
* @Authtor pshdhx
* @Date 2020/11/2913:14
* @Version 1.0
*/
@Controller
public class LoginController {
@PostMapping(value="/user/login")
public String login(@RequestParam("username") String username,
@RequestParam("password") String password,
Map<String,Object> map,
HttpSession session){
if(!StringUtils.isEmpty(username)&&"123456".equals(password)){
//在登录之后,一点刷新,会提示用户是否离开页面,这是因为url还是index,为了防止表单重复提交,我们需要重定向;=>利用视图解析器
//不仅如此,页面还很简陋,一些前端页面配置不生效,需要重定向。但是登陆之后的这个url别人可以随意访问,我们需要对其拦截校验
session.setAttribute("username",username);
return "redirect:/main.html";
}else{
map.put("msg","用户名密码错误");
return "login";
}
}
}
防止表单重复提交的
视图解析器:
MyMvcConfiguration.java
package com.pshdhx.config;
import com.pshdhx.component.LoginHandlerInterceptor;
import com.pshdhx.component.MyLocaleResolver;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.LocaleResolver;
import org.springframework.web.servlet.config.annotation.*;
/**
* @Authtor pshdhx
* @Date 2020/11/2818:48
* @Version 1.0
*/
@Configuration
//@EnableWebMvc
public class MyMvcConfiguration extends WebMvcConfigurerAdapter {
@Override
public void addViewControllers(ViewControllerRegistry registry) {
//浏览器发送com.pshdhx请求,也来到success页面。
registry.addViewController("/pshdhx").setViewName("success");
}
/**
* 所有的webmvcadapter组件都会一起起作用,前提是springboot知道我们自定义组件的存在
*/
@Bean//将我们的组件注册到容器中
public WebMvcConfigurerAdapter webMvcConfigurerAdapter(){
WebMvcConfigurerAdapter adapter = new WebMvcConfigurerAdapter(){
@Override
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/").setViewName("login");
registry.addViewController("/index.html").setViewName("login");
registry.addViewController("/main.html").setViewName("dashboard");
}
//注册拦截器的
@Override
public void addInterceptors(InterceptorRegistry registry) {
// super.addInterceptors(registry);"/","/login.html","/user/login","/asserts/**","/webjars/**"
registry.addInterceptor(new LoginHandlerInterceptor()).addPathPatterns("/**")//拦截任意多层路径下的任意请求
.excludePathPatterns("/","/index.html","/user/login"); //登录页面和登录请求页面不能拦截
//如果/index.html不加‘/’,这里就产生了死循环;
//springboot已经做好了静态资源的映射,我们不需要管,直接访问即可。
}
};
return adapter;
}
/**
* 添加localeResolver到容器中
*/
@Bean
public LocaleResolver localeResolver(){
return new MyLocaleResolver();
}
}
只需要这条语句就行
registry.addViewController("/main.html").setViewName("dashboard");此时任意浏览器都可以对我们的dashboard.html页面进行访问,但是这是我们登录之后的首页,我们需要对其进行拦截,
需要自定义拦截器
package com.pshdhx.component;
import com.fasterxml.jackson.databind.*;
import com.fasterxml.jackson.databind.cfg.HandlerInstantiator;
import com.fasterxml.jackson.databind.cfg.MapperConfig;
import com.fasterxml.jackson.databind.introspect.Annotated;
import com.fasterxml.jackson.databind.jsontype.TypeIdResolver;
import com.fasterxml.jackson.databind.jsontype.TypeResolverBuilder;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* @Authtor pshdhx
* @Date 2020/11/2913:39
* @Version 1.0
* 登陆拦截器,对登陆进行拦截检查
*/
public class LoginHandlerInterceptor implements HandlerInterceptor {
//目标方法执行之前
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
Object username = request.getSession().getAttribute("username");
if(username == null){
//未登录
request.setAttribute("msg","请先登录");
request.getRequestDispatcher("/index.html").forward(request,response);
return false;
}else{
return true;
}
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
}
}
对登录进行拦截之后,我们需要把其注册在容器中;
//注册拦截器的
@Override
public void addInterceptors(InterceptorRegistry registry) {
// super.addInterceptors(registry);"/","/login.html","/user/login","/asserts/**","/webjars/**"
registry.addInterceptor(new LoginHandlerInterceptor()).addPathPatterns("/**")//拦截任意多层路径下的任意请求
.excludePathPatterns("/","/index.html","/user/login"); //登录页面和登录请求页面不能拦截
//如果/index.html不加‘/’,这里就产生了死循环;
//springboot已经做好了静态资源的映射,我们不需要管,直接访问即可。
}
此时,页面被拦截,如果没有登录,会直接访问的登录页面;
登录之后,跳转到dashboard.html,左上角显示用户名
[[${session.username}]]
学习过程中遇到的错误:
//注册拦截器的
@Override
public void addInterceptors(InterceptorRegistry registry) {
// super.addInterceptors(registry);"/","/login.html","/user/login","/asserts/**","/webjars/**"
registry.addInterceptor(new LoginHandlerInterceptor()).addPathPatterns("/**")//拦截任意多层路径下的任意请求
.excludePathPatterns("/","/index.html","/user/login"); //登录页面和登录请求页面不能拦截
//如果/index.html不加‘/’,这里就产生了死循环;
//springboot已经做好了静态资源的映射,我们不需要管,直接访问即可。
}
一定要注意“/index.html”一定要加‘/’;
原因是:
我们判断出user == null 于是就重定向到/index.html,而/index.html也是被拦截的,所以又回到了if里边,就开始了死循环
所以定义拦截器的重定向的页面和url和注册excludePathPatterns的url一定一定要一一对应
