WEB開發----springboot的登錄攔截機制

如果是一個後臺的管理項目的,有些東西是不能直接就可以訪問的,必須要登錄纔可以進去,所以就需要進行登錄攔截,只有登錄過的用戶纔可以正常訪問.
登錄攔截是不會攔截jsp頁面的方法,所以我們需要在Controller寫方法進行頁面的調用,而且需要把jsp頁面從webapp文件夾下放到WEB-INF下面,因爲webapp下的文件是可以直接訪問到的:文件目錄
,
首先創建一個WebConfig.class文件,進行攔截器的創建,攔截器需要實現WebMvcConfigurerAdapter類,繼承ApplicationContextAware類,
代碼如下:

package com;

import org.springframework.beans.BeansException;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.context.annotation.Configuration;
import org.springframework.util.ResourceUtils;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;

import com.interceptor.LoginInterceptor;

@Configuration
public class WebConfig extends WebMvcConfigurerAdapter implements ApplicationContextAware {

    private ApplicationContext applicationContext;

    public WebConfig(){
        super();
    }

    @Override
    public void addResourceHandlers(ResourceHandlerRegistry registry) {
        System.out.println("1");
        registry.addResourceHandler("/static/**").addResourceLocations(ResourceUtils.CLASSPATH_URL_PREFIX+"/static/");
        registry.addResourceHandler("/templates/**").addResourceLocations(ResourceUtils.CLASSPATH_URL_PREFIX+"/templates/");

        super.addResourceHandlers(registry);  
    }

    @Override
    public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
        System.out.println("11");
        this.applicationContext = applicationContext;
    } 
    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        System.out.println("111");
        //攔截規則：除了login，其他都攔截判斷
        registry.addInterceptor(new LoginInterceptor()).addPathPatterns("/**").excludePathPatterns("/user/login","/user/gologin");
        super.addInterceptors(registry);
    }

}

上面的文件除了/user/login(登錄信息驗證方法),/user/gologin(返回登錄頁面方法)這兩個方法不攔截,別的都攔截判斷
然後編寫自定義的驗證規則,判斷攔截到的請求是否通過

package com.interceptor;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;

public class LoginInterceptor implements HandlerInterceptor {

    private static final Logger log = LoggerFactory.getLogger(LoginInterceptor.class);

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
            throws Exception {
        // TODO Auto-generated method stub
        log.info("------preHandle------");
        // 獲取session
        HttpSession session = request.getSession(true);
        // 判斷用戶ID是否存在，不存在就跳轉到登錄界面
        if (session.getAttribute("userId") == null) {
            log.info("------:跳轉到login頁面！");
            System.out.println(request.getContextPath() + "/login");
            response.sendRedirect("/user/gologin");
            return false;
        } else {
            return true;
        }
    }

    @Override
    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
            ModelAndView modelAndView) throws Exception {
        // TODO Auto-generated method stub
    }

    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
            throws Exception {
        // TODO Auto-generated method stub
    }

}

當用戶登錄成功,將用戶的信息存到session中,之後的訪問,就會去session中判斷有沒有用戶信息,如果沒有用戶信息,則跳轉到登錄頁面,進行用戶登錄