这里有新鲜出炉的精品教程,程序狗速度看过来!
Spring是什么呢?首先它是一个开源的项目,而且目前非常活跃;它是一个基于IOC和AOP的构架多层j2ee系统的框架,但它不强迫你必须在每一层 中必须使用Spring,因为它模块化的很好,允许你根据自己的需要选择使用它的某一个模块;它实现了很优雅的MVC,对不同的数据访问技术提供了统一的接口,采用IOC使得可以很容易的实现bean的装配,提供了简洁的AOP并据此实现Transcation Managment,等等
本篇文章主要介绍了springmvc拦截器登录验证示例,小编觉得挺不错的,现在分享给大家,也给大家做个参考。一起跟随小编过来看看吧
一开始,学了拦截器与过滤器,咋一看两者有点像,实际上两者有很大的不同。就用拦截器和过滤器分别做了登录验证试验,这次先说拦截器。下面是自己实践的一个实例:
在spring-mvc.xml中配置拦截器:
- <mvc:interceptors>
- <mvc:interceptor>
- <mvc:mapping path="/user/*" />
- <!-- 定义在mvc:interceptor下面的表示是对特定的请求才进行拦截的 -->
- <bean class="com.wyb.interceptor.LoginInterceptor" />
- </mvc:interceptor>
- </mvc:interceptors>
如上所示,这里配置了LoginIntercepter,为了简单起见,该过滤器只拦截了URL为"/user/*"的请求。
要拦截的请求对应控制器如下:
- import java.util.ArrayList;
- import java.util.List;
- import javax.annotation.Resource;
- import javax.servlet.http.HttpServletRequest;
- import org.apache.log4j.Logger;
- import org.springframework.beans.factory.annotation.Autowired;
- import org.springframework.stereotype.Controller;
- import org.springframework.ui.Model;
- import org.springframework.web.bind.annotation.RequestMapping;
- import org.springframework.web.bind.annotation.ResponseBody;
- import com.wyb.domain.User;
- import com.wyb.service.IUserService;
- import com.wyb.service.impl.UserServiceImpl;
- @Controller
- @RequestMapping("/user")
- public class UserController {
- private static final Logger LOG=Logger.getLogger(UserController.class);
- @Autowired
- private IUserService userService;
- @RequestMapping("/showAllUser")
- public String showAllUser(Model m){
- List<User> userlist=new ArrayList<User>();
- userlist=userService.findAllUser();
- for(User user :userlist){
- System.out.println(user.getUserName());
- }
- return "/jsp/showAllUser";
- }
- }
这里的showAllUser()方法是为了输出所有的用户,为了表明执行了方法,将所有用户在后台打印,URL为:http://localhost:8080/TestSSM/user/showAllUser,可见该URL肯定会被LoginIntercepter拦截。
测试页面showAllUser.jsp如下:
- <%@ page language="java" contentType="text/html; charset=UTF-8"
- pageEncoding="UTF-8"%>
- <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
- <html>
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
- <title>show All User</title>
- </head>
- <body>
- this is showAllUser Page!!!
- </body>
- </html>
LoginIntercepter如下:
- import javax.servlet.http.HttpServletRequest;
- import javax.servlet.http.HttpServletResponse;
- import javax.servlet.http.HttpSession;
- import org.springframework.web.servlet.HandlerInterceptor;
- import org.springframework.web.servlet.ModelAndView;
- import com.wyb.domain.User;
- public class LoginInterceptor implements HandlerInterceptor{
- @Override
- public void afterCompletion(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, Exception arg3)
- throws Exception {
- System.out.println("this is afterCompletion of LoginInterceptor");
- }
- @Override
- public void postHandle(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, ModelAndView arg3)
- throws Exception {
- System.out.println("this is postHandle of LoginInterceptor");
- }
- @Override
- public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object arg2) throws Exception {
- // TODO Auto-generated method stub
- System.out.println("this is preHandle of LoginInterceptor");
- HttpSession session=request.getSession();
- User user=(User)session.getAttribute("user");
- if(user==null){
- System.out.println("no user in LoginInterceptor!!!");
- request.getRequestDispatcher("/WEB-INF/jsp/login.jsp").forward(request, response);
- }
- //返回true代表继续往下执行
- return true;
- }
- }
这里我犯了一个错误,聪明的小伙伴也许已经看出来了,如果按照上面的代码,当我们访问:http://localhost:8080/TestSSM/user/showAllUser结果如下:
咋一看,成功拦截了,输入用户名信息,正常跳转到主页,再次进入http://localhost:8080/TestSSM/user/showAllUser如下:
页面正常输出,已经记录了session,不会被再次拦截,看似成功了,可是看看后台输出:
有没有发现,我们执行了两次showAllUser()方法,可见第一次访问虽然被拦截器拦截了下来进入登录页面,但后台已经悄悄执行了showAllUser()。为什么呢?我们回头再看看LoginIntercepter.java,尤其是preHandle()方法:
- @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object arg2) throws Exception {
- // TODO Auto-generated method stub
- System.out.println("this is preHandle of LoginInterceptor");
- HttpSession session = request.getSession();
- User user = (User) session.getAttribute("user");
- if (user == null) {
- System.out.println("no user in LoginInterceptor!!!");
- request.getRequestDispatcher("/WEB-INF/jsp/login.jsp").forward(request, response);
- }
- //返回true代表继续往下执行
- return true;
- }
在判断user为空后,虽然执行了页面跳转,但是程序还是会继续执行,最后返回true,返回true意味着,被拦截的业务逻辑可以继续往下执行,因此,虽然表面上被拦截了,但从本质上来说并没有拦截到。因此需要修改如下:
- @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object arg2) throws Exception {
- // TODO Auto-generated method stub
- System.out.println("this is preHandle of LoginInterceptor");
- HttpSession session = request.getSession();
- User user = (User) session.getAttribute("user");
- if (user == null) {
- System.out.println("no user in LoginInterceptor!!!");
- request.getRequestDispatcher("/WEB-INF/jsp/login.jsp").forward(request, response);
- //本次访问被拦截,业务逻辑不继续执行
- return false;
- }
- //返回true代表继续往下执行
- return true;
- }
user为空,跳转后,返回false,就不会执行被拦截的业务逻辑了,修改后后台输出如下:
现在后台正常输出,且session保存了user信息后,才能执行showAllUser()方法,大功告成!
来源: http://www.phperz.com/article/17/1126/358205.html