完整的SSM架構+session+HandlerInterceptor
閒來想把SSM框架好好搭建一套 弄清楚具體的原理,以免後忘:
項目截圖如下:
一、本項目採用的SSM框架各組件介紹
1. spring-mybatis.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.1.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-3.1.xsd">
<!-- 自動掃描,自動注入,配置數據庫 -->
<!-- 自動掃描 -->
<!-- <context:annotation-config/> -->
<context:component-scan base-package="com.wx">
<!-- 將Controller的註解打消掉 -->
<context:exclude-filter type="annotation"
expression="org.springframework.stereotype.Controller"/>
</context:component-scan>
<!-- 加載配置JDBC文件 -->
<context:property-placeholder location="classpath:db.properties" />
<!-- 兩種數據源 -->
<!--第一種-->
<!--事實上是因爲DriverManagerDataSource建立連接是只要有連接就新建一個connection,根本沒有連接池的作用 -->
<!--兩種不同的DataSource -->
<!-- 在訪問數量大,併發的情況下,毫無疑問是要選擇連接池的, 因爲有連接池的功能,無論是效率還是在資源利用率上都優於DriverManagerDataSource -->
<!--單純的DataSource -->
<!--<bean id="pkmDataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName">
<value>${mysql.driver}</value>
${pkm.jdbc.driverClassName}是jdbc.properties文件 中的key
</property>
<property name="url">
<value>${mysql.url}</value>
</property>
<property name="username">
<value>${mysql.username}</value>
</property>
<property name="password">
<value>${mysql.password}</value>
</property>
</bean>-->
<!--第二種有連接池的BasicDataSource -->
<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource"
destroy-method="close" lazy-init="false">
<property name="driverClassName" value="${mysql.driver}" />
<property name="url" value="${mysql.url}" />
<property name="username" value="${mysql.username}" />
<property name="password" value="${mysql.password}" />
<property name="initialSize" value="${mysql.initialSize}" />
<property name="maxActive" value="${mysql.maxActive}" />
<property name="maxWait" value="${mysql.maxWait}" />
<property name="poolPreparedStatements" value="true" />
<!-- testOnBorrow和testOnReturn在生產環境一般是不開啓的,主要是性能考慮。
失效連接主要通過testWhileIdle保證,如果獲取到了不可用的數據庫連接(長時間沒有訪問數據庫),一般由應用處理異常 -->
<property name="testOnBorrow">
<value>true</value>
</property>
<property name="validationQuery">
<value>SELECT 1 FROM DUAL</value>
</property>
</bean>
<!-- 在使用mybatis時 spring使用sqlsessionFactoryBean 來管理mybatis的sqlsessionFactory -->
<bean id="sqlSessionFactory" class="org.mybatis.spring.SqlSessionFactoryBean">
<property name="dataSource" ref="dataSource" />
<!-- 實體類映射文件路徑,這裏只有一個就寫死了,多個可以使用mybatis/*.xml來替代 -->
<property name="mapperLocations" value="classpath*:com/wx/mapping/*.xml" />
</bean>
<!--動態代理實現 不用寫dao的實現 -->
<bean id="MapperScannerConfigurer" class="org.mybatis.spring.mapper.MapperScannerConfigurer">
<!-- 這裏的basePackage 指定了dao層接口路勁,這裏的dao接口不用自己實現 -->
<property name="basePackage" value="com.wx.dao" />
<!-- 如果只有一個數據源的話可以不用指定,但是如果有多個數據源的話必須要指定 -->
<property name="sqlSessionFactoryBeanName" value="sqlSessionFactory" />
<!--直接指定了sqlsessionTemplate名稱,這個和上面的其實是一樣的 -->
<!-- <property name="sqlSessionTemplateBeanName" value="sqlSession" /> -->
</bean>
<!--事務管理器 -->
<bean id="transactionManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
<property name="dataSource" ref="dataSource" />
</bean>
<!-- 使用全註釋事務 -->
<tx:annotation-driven transaction-manager="transactionManager" />
</beans>
**
2. db.properties
mysql.driver=com.mysql.jdbc.Driver
mysql.url=jdbc:mysql://127.0.0.1:3306/ssmStu
mysql.username=root
mysql.password=000
#定義初始連接數
mysql.initialSize=0
#定義最大連接數
mysql.maxActive=20
#定義最大空閒
mysql.maxIdle=20
#定義最小空閒
mysql.minIdle=1
#定義最長等待時間
mysql.maxWait=60000
3 log4j.properties ## (可以在控制檯顯示sql 縣市級別爲DEBUG)
#爲了方便調試,一般都會使用日誌來輸出信息,Log4j是Apache的一個開放源代碼項目,
#通過使用Log4j,我們可以控制日誌信息輸送的目的地是控制檯、文件、GUI組件,
#甚至是套接口服務器、NT的事件記錄器、UNIX Syslog守護進程等;
#們也可以控制每一條日誌的輸出格式;通過定義每一條日誌信息的級別,我們能夠更加細緻地控制日誌的生成過程。
#定義LOG輸出級別
log4j.rootLogger=DEBUG,Console,File
#定義日誌輸出目的地爲控制檯
log4j.appender.Console=org.apache.log4j.ConsoleAppender
log4j.appender.Console.Target=System.out
#可以靈活地指定日誌輸出格式,下面一行是指定具體的格式
log4j.appender.Console.layout = org.apache.log4j.PatternLayout
log4j.appender.Console.layout.ConversionPattern=[%c] - %m%n
log4j.logger.com.ibatis=DEBUG
log4j.logger.com.ibatis.common.jdbc.SimpleDataSource=DEBUG
log4j.logger.com.ibatis.common.jdbc.ScriptRunner=DEBUG
log4j.logger.com.ibatis.sqlmap.engine.impl.SqlMapClientDelegate=DEBUG
log4j.logger.java.sql.Connection=DEBUG
log4j.logger.java.sql.Statement=DEBUG
log4j.logger.java.sql.PreparedStatement=DEBUG
#文件大小到達指定尺寸的時候產生一個新的文件
log4j.appender.File = org.apache.log4j.RollingFileAppender
#指定輸出目錄
log4j.appender.File.File = logs/ssm.log
#定義文件最大大小
log4j.appender.File.MaxFileSize = 10MB
# 輸出所以日誌,如果換成DEBUG表示輸出DEBUG以上級別日誌
log4j.appender.File.Threshold = ALL
log4j.appender.File.layout = org.apache.log4j.PatternLayout
log4j.appender.File.layout.ConversionPattern =[%p] [%d{yyyy-MM-dd HH\:mm\:ss}][%c]%m%n
4.POM
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.wx</groupId>
<artifactId>loginFilter</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>war</packaging>
<properties>
<!-- spring版本號 -->
<spring.version>4.0.2.RELEASE</spring.version>
<!-- mybatis版本號 -->
<mybatis.version>3.2.6</mybatis.version>
<!-- log4j日誌文件管理包版本 -->
<slf4j.version>1.7.7</slf4j.version>
<log4j.version>1.2.17</log4j.version>
</properties>
<dependencies>
<!-- 導入java ee jar 包 -->
<dependency>
<groupId>javax</groupId>
<artifactId>javaee-api</artifactId>
<version>7.0</version>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.11</version>
<!-- 表示開發的時候引入,發佈的時候不會加載此包 -->
<scope>test</scope>
</dependency>
<!-- spring核心包 -->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-oxm</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-tx</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-aop</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context-support</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-test</artifactId>
<version>${spring.version}</version>
</dependency>
<!-- mybatis核心包 -->
<dependency>
<groupId>org.mybatis</groupId>
<artifactId>mybatis</artifactId>
<version>${mybatis.version}</version>
</dependency>
<!-- mybatis/spring包 -->
<dependency>
<groupId>org.mybatis</groupId>
<artifactId>mybatis-spring</artifactId>
<version>1.2.2</version>
</dependency>
<!-- 導入Mysql數據庫鏈接jar包 -->
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>5.1.30</version>
</dependency>
<!-- 導入dbcp的jar包,用來在applicationContext.xml中配置數據庫 -->
<dependency>
<groupId>commons-dbcp</groupId>
<artifactId>commons-dbcp</artifactId>
<version>1.2.2</version>
</dependency>
<!-- 日誌文件管理包 -->
<!-- log start -->
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>${log4j.version}</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>${slf4j.version}</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
<version>${slf4j.version}</version>
</dependency>
<!-- JSTL標籤類 -->
<dependency>
<groupId>jstl</groupId>
<artifactId>jstl</artifactId>
<version>1.2</version>
</dependency>
<!-- https://mvnrepository.com/artifact/taglibs/standard -->
<dependency>
<groupId>taglibs</groupId>
<artifactId>standard</artifactId>
<version>1.1.2</version>
</dependency>
<!-- https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-core -->
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-core</artifactId>
<version>2.8.6</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.module</groupId>
<artifactId>jackson-module-jaxb-annotations</artifactId>
<version>2.8.6</version>
</dependency>
<!-- 上傳組件包 -->
<dependency>
<groupId>commons-fileupload</groupId>
<artifactId>commons-fileupload</artifactId>
<version>1.3.1</version>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>2.4</version>
</dependency>
<dependency>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
<version>1.9</version>
</dependency>
<!-- 映入JSON -->
<dependency>
<groupId>org.codehaus.jackson</groupId>
<artifactId>jackson-mapper-asl</artifactId>
<version>1.9.13</version>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-validator</artifactId>
<version>5.2.4.Final</version>
</dependency>
</dependencies>
<build>
<finalName>loginFilter</finalName>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>2.3.2</version>
<configuration>
<source>1.7</source>
<target>1.7</target>
</configuration>
</plugin>
</plugins>
</build>
</project>
5.mapping 文件(主要是測試用 這裏只是用了最簡單的類User)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<!--注意 namespace一定要嚴格的與dao層接口名相同-->
<mapper namespace="com.wx.dao.UserDao">
<resultMap id="BaseResultMap" type="com.wx.entity.User">
<id column="ID" jdbcType="INTEGER" property="id" />
<result column="USER_NAME" jdbcType="VARCHAR" property="userName" />
<result column="PASSWORD" jdbcType="VARCHAR" property="password" />
<result column="AGE" jdbcType="INTEGER" property="age" />
<result column="LABELCODE" jdbcType="VARCHAR" property="labelcode" />
<result column="REPORTCODE" jdbcType="VARCHAR" property="reportcode" />
</resultMap>
<sql id="Base_Column_List">
ID, USER_NAME, PASSWORD, AGE, LABELCODE, REPORTCODE
</sql>
<select id="selectByslective" parameterType="com.wx.entity.User" resultMap="BaseResultMap">
select
<include refid="Base_Column_List" />
from user
where 1=1
<if test='id != null and id != ""'>
and ID = #{id,jdbcType=INTEGER}
</if>
<if test='userName != null and userName!= ""'>
and USER_NAME = #{userName,jdbcType=VARCHAR}
</if>
<if test='password != null and password!=""'>
and PASSWORD = #{password,jdbcType=VARCHAR}
</if>
</select>
</mapper>
6.dao層接口
package com.wx.dao;
import org.springframework.stereotype.Component;
import com.wx.entity.User;
@Component
public interface UserDao {
/**
* 主鍵查詢用戶信息
* @param user
* @return
*/
User selectByslective(User user);
}
7. service接口
package com.wx.service;
import com.wx.entity.User;
public interface UserService {
/**
* 判斷用戶名和密碼是否正確
* @return
*/
User checkUsernameAndPassword(User user);
}
8.service實現
package com.wx.serviceImpl;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import com.wx.dao.UserDao;
import com.wx.entity.User;
import com.wx.service.UserService;
@Service("userServiceImpl")
public class UserServiceImpl implements UserService {
@Autowired
private UserDao userDao;
public User checkUsernameAndPassword(User user) {
return userDao.selectByslective(user);
}
}
999999、寫到這裏就可以進行junit單元測試了 當然也可以使用mock測試
package com.wx.junit;
import org.apache.log4j.Logger;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import com.wx.entity.User;
import com.wx.service.UserService;
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration(locations = {"classpath:spring-mybatis.xml"})
public class UserServiceTest {
private static Logger logger = Logger.getLogger(UserServiceTest.class);
@Autowired
private UserService userService ;
@Test
public void test1() {
User user =new User();
user.setPassword("aa");
user.setUserName("aa");
User userRecord = userService.checkUsernameAndPassword(user);
logger.info(userRecord.toString());
}
}
10.web.xml配置
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0">
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring-mybatis.xml</param-value>
</context-param>
<servlet>
<servlet-name>SpringMvc</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring-mvc.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
<async-supported>true</async-supported>
</servlet>
<servlet-mapping>
<servlet-name>SpringMvc</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<filter>
<filter-name>encodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<async-supported>true</async-supported>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>encodingFilter</filter-name>
<url-pattern>/</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
</listener>
<!-- 自定義的session監聽器,怎麼自定義?寫個類實現HttpSessionListener,後邊詳細介紹 -->
<listener>
<listener-class>com.wx.common.Interceptor.HttpSessionUse</listener-class>
</listener>
<!-- session 維持時間1min -->
<session-config>
<session-timeout>1</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>/index.jsp</welcome-file>
</welcome-file-list>
</web-app>
11、spring-mvc.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-4.0.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc-4.0.xsd">
<!-- 自動掃描該包,使SpringMVC認爲包下用了@controller註解的類是控制器 -->
<context:component-scan base-package="com.wx">
<!-- 將Service註解給去掉 -->
<context:exclude-filter type="annotation"
expression="org.springframework.stereotype.Service"/>
</context:component-scan>
<!-- 擴充了註解驅動,可以將請求參數綁定到控制參數-->
<mvc:annotation-driven />
<!-- 靜態資源處理 css js images -->
<mvc:resources mapping="/js/**" location="js/" />
<!-- mvc攔截器,自定義的 攔截所有的 登錄頁面不攔截 在類裏邊定義 -->
<mvc:interceptors>
<mvc:interceptor>
<mvc:mapping path="/**"/>
<bean class="com.wx.common.Interceptor.AuthorizationInterceptor"></bean>
</mvc:interceptor>
</mvc:interceptors>
<!-- 避免IE執行AJAX時,返回JSON出現下載文件 -->
<bean id="mappingJacksonHttpMessageConverter"
class="org.springframework.http.converter.json.MappingJackson2HttpMessageConverter">
<property name="supportedMediaTypes">
<list>
<value>text/html;charset=UTF-8</value>
</list>
</property>
</bean>
<!-- 配置文件上傳,如果沒有使用文件上傳可以不用配置,當然如果不配,那麼配置文件中也不必引入上傳組件包 -->
<bean id="multipartResolver"
class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
<!-- 默認編碼 -->
<property name="defaultEncoding" value="utf-8" />
<!-- 上傳文件最大值 -->
<property name="maxUploadSize" value="10485760000"/>
<!-- 內存中的最大值 -->
<property name="maxInMemorySize" value="40960"/>
<!-- 啓用是爲了推遲文件解析,以便捕獲文件大小異常 -->
<property name="resolveLazily" value="true"/>
</bean>
<!-- 配置viewResolver。可以用多個viewResolver。使用order屬性排序。
InternalResourceViewResolver 放在最後 -->
<bean
class="org.springframework.web.servlet.view.ContentNegotiatingViewResolver">
<property name="order" value="1"></property>
<property name="mediaTypes">
<map>
<!-- 告訴視圖解析器,返回的類型爲json格式 -->
<entry key="json" value="application/json" />
<entry key="xml" value="application/xml" />
<entry key="htm" value="text/htm" />
</map>
</property>
<property name="defaultViews">
<list>
<!-- ModelAndView裏的數據變成JSON -->
<bean class="org.springframework.web.servlet.view.json.MappingJackson2JsonView" />
</list>
</property>
<property name="ignoreAcceptHeader" value="true"></property>
</bean>
<!-- 定義跳轉的文件的前後綴 ,視圖模式配置-->
<bean
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<!-- 這裏的配置我的理解是自動給後面action的方法return的字符串加上前綴和後綴,變成一個 可用的url地址 -->
<property name="prefix" value="/WEB-INF/jsp/" />
<property name="suffix" value=".jsp" />
</bean>
</beans>
12.controller層代碼介紹
package com.wx.controller;
import java.util.ArrayList;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.servlet.ModelAndView;
import com.wx.entity.Book;
import com.wx.entity.User;
import com.wx.service.UserService;
@Controller
@RequestMapping("/user")
public class UserController {
Logger logger=Logger.getLogger(UserController.class);
@Autowired
private UserService userService;
// @RequestMapping(value="")
// public String init(HttpServletRequest request,HttpServletResponse response,Model model){
// return "userIndex";
// }
@RequestMapping("/login")
public String login(User user,HttpSession session,Model model){
User userResult=userService.checkUsernameAndPassword(user);
if(userResult!=null){
// 登錄成功,將user對象設置到HttpSession作用範圍域
session.setAttribute("user", userResult);
// 轉發到main請求
// mv.setViewName("index");
model.addAttribute("message", "登錄名成功!");
// 模擬數據庫獲得所有圖書集合
List<Book> book_list=new ArrayList<Book>();
book_list.add(new Book("java.jpg","瘋狂Java講義(附光盤)","李剛 編著",74.2));
book_list.add(new Book("ee.jpg","輕量級Java EE企業應用實戰","李剛 編著",59.2));
book_list.add(new Book("android.jpg","瘋狂Android講義(附光盤)","李剛 編著",60.6));
book_list.add(new Book("ajax.jpg","瘋狂Ajax講義(附光盤)","李剛 編著",66.6));
// 將圖書集合添加到model當中
model.addAttribute("book_list", book_list);
return "index";
}else{
// mv.addObject("message", "登錄名或密碼錯誤,請重新輸入!");
// mv.setViewName("loginForm");
model.addAttribute("message", "登錄名或密碼錯誤,請重新輸入!");
return "loginForm";
}
}
}
13.login攔截器(大戲,主要驗證的就這玩意兒)
package com.wx.common.Interceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import com.mysql.jdbc.StringUtils;
import com.wx.entity.User;
/*
* 攔截器必須實現HandlerInterceptor接口
*/
public class AuthorizationInterceptor implements HandlerInterceptor {
// 不攔截"/loginForm" 登錄頁面 和"/login" 登錄驗證請求
private static String[] IGNORE_URI={"/loginForm","/user/login","/js"};
/*
* preHandle方法是進行處理器攔截用的,該方法將在Controller處理之前進行調用,
* 該方法的返回值爲true攔截器纔會繼續往下執行,該方法的返回值爲false的時候整個請求就結束了。
*/
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
System.out.println("AuthorizationInterceptor preHandle --> ");
// flag變量用於判斷用戶是否登錄,默認爲false
boolean flag = false;
//獲取請求的路徑進行判斷
String servletPath = request.getServletPath();
for (String string : IGNORE_URI) {
// if("/user/login".equals(string)){
// String userName=request.getParameter("userName");
// String password=request.getParameter("password");
// if(StringUtils.isEmptyOrWhitespaceOnly(userName)||StringUtils.isEmptyOrWhitespaceOnly(password)){
// break;
// }
// }
//若果是去往登陸頁面,不攔截
if(servletPath.contains(string)){
flag=true;
break;
}
}
// 攔截請求
if (!flag){
// 1.獲取session中的用戶
User user = (User) request.getSession().getAttribute("user");
// 2.判斷用戶是否已經登錄
if(user == null){
// 如果用戶沒有登錄,則設置提示信息,跳轉到登錄頁面
System.out.println("AuthorizationInterceptor攔截請求:");
request.setAttribute("message", "請先登錄再訪問網站");
request.getRequestDispatcher("loginForm").forward(request, response);
}
else{
// 如果用戶已經登錄,則驗證通過,放行
System.out.println("AuthorizationInterceptor放行請求:");
flag = true;
}
}
return flag;
}
/*
* 該方法將在Controller的方法調用之後執行, 方法中可以對ModelAndView進行操作 ,
* 該方法也只能在當前Interceptor的preHandle方法的返回值爲true時纔會執行。
*/
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
ModelAndView modelAndView) throws Exception {
System.out.println("AuthorizationInterceptor postHandle --> ");
}
/*
* 該方法將在整個請求完成之後執行, 主要作用是用於清理資源的,
* 該方法也只能在當前Interceptor的preHandle方法的返回值爲true時纔會執行。
*/
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
throws Exception {
System.out.println("AuthorizationInterceptor afterCompletion --> ");
}
}
14.session控制
package com.wx.common.Interceptor;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpSessionEvent;
import javax.servlet.http.HttpSessionListener;
public class HttpSessionUse implements HttpSessionListener{
public void sessionCreated(HttpSessionEvent se) {
// TODO 自動生成的方法存根
}
public void sessionDestroyed(HttpSessionEvent se) {
HttpSession session=se.getSession();
session.removeAttribute("userName");
session.removeAttribute("password");
session.invalidate();
System.out.println(">>>>>>>>>>>>>>>>>>>>>>>session失效>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>");
String userName=(String) session.getAttribute("userName");
}
}
15、頁面們
- index,jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>首頁</title>
<%@include file="/WEB-INF/jsp/taglib.jsp" %>
<style type="text/css">
table{border-collapse:collapse;border-spacing:0;border-left:1px solid #888;border-top:1px solid #888;background:#efefef;}
th,td{border-right:1px solid #888;border-bottom:1px solid #888;padding:5px 15px;}
th{font-weight:bold;background:#ccc;}
</style>
<script src="${basePath}/js/jquery-1.11.0.min.js" type="text/javascript"></script>
<script type="text/javascript">
$(document).ajaxComplete(function(event, xhr, settings) {
if(xhr.getResponseHeader("sessionstatus")=="timeOut"){
if(xhr.getResponseHeader("loginPath")){
alert("會話過期,請重新登陸!");
window.location.replace(xhr.getResponseHeader("/loginFilter/loginForm"));
}else{
alert("請求超時請重新登陸 !");
}
}
});
</script>
</head>
<body>
<!-- 提示信息 -->
<font color="red">${requestScope.message }</font>
<h3>歡迎[${sessionScope.user.userName }]訪問</h3>
<p>${basePath}</p>
<br>
<table border="1">
<tr>
<th>ID</th><th>姓名</th><th>密碼</th><th>年齡</th>
</tr>
<c:forEach items="${requestScope.book_list }" var="book">
<tr>
<td>${book.image}</td>
<td>${book.name }</td>
<td>${book.author }</td>
<td>${book.price }</td>
</tr>
</c:forEach>
</table>
</body>
</html>
2.loginForm.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>登錄頁面</title>
</head>
<body>
<h3>登錄頁面</h3>
<form action="/loginFilter/user/login" method="post">
<!-- 提示信息 -->
<font color="red">${requestScope.message }</font>
<table>
<tr>
<td><label>登錄名: </label></td>
<td><input type="text" id="userName" name="userName" ></td>
</tr>
<tr>
<td><label>密碼: </label></td>
<td><input type="password" id="password" name="password" ></td>
</tr>
<tr>
<td><input type="submit" value="登錄"></td>
</tr>
</table>
</form>
</body>
</html>
3.taglib.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<%@taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insert title here</title>
</head>
<body>
<%
String path=request.getContextPath();
int port=request.getServerPort();
String basePath = null;
if(port==80){
basePath = request.getScheme()+"://"+request.getServerName()+path;
}else{
basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path;
}
request.setAttribute("basePath", basePath);
// System.out.println(basePath);
// System.out.println(path);
%>
</body>
</html>
16.別忘記引入jquery-1.11.0.min.js在spring-mvc.xml中已經攔截了
最後,講解下自己的思考邏輯
首先是普通的ssm架子 什麼攔截 session都沒有 初步實現
其次加入攔截器 :使用攔截器步驟如下:
- 定義一個類實現HandlerInterceptor
- 在spring-mvc.xml中 定義攔截器:
<mvc:interceptors>
<mvc:interceptor>
<mvc:mapping path="/**"/>
<bean class="com.wx.common.Interceptor.AuthorizationInterceptor"></bean>
</mvc:interceptor>
</mvc:interceptors>
最後加入session管控:
- 定義一個類實現HttpSessionListener,在sessionDestroyed方法中session.invalidate();
- 在web.xml中定義這個session監聽器 和session失效時長
- 在jsp頁面配置session失效就轉向登錄頁面的js,如下下:
<!-- session監聽器 -->
<listener>
<listener-class>com.wx.common.Interceptor.HttpSessionUse</listener-class>
</listener>
<!-- session 維持時間1min -->
<session-config>
<session-timeout>1</session-timeout>
</session-config>
<script src="${basePath}/js/jquery-1.11.0.min.js" type="text/javascript"></script>
<script type="text/javascript">
$(document).ajaxComplete(function(event, xhr, settings) {
if(xhr.getResponseHeader("sessionstatus")=="timeOut"){
if(xhr.getResponseHeader("loginPath")){
alert("會話過期,請重新登陸!");
window.location.replace(xhr.getResponseHeader("/loginFilter/loginForm"));
}else{
alert("請求超時請重新登陸 !");
}
}
});
</script>
總體思路:
除了訪問靜態資源 或者訪問登錄頁面
或者登陸驗證url,其他的request均被自定義的AuthorizationInterceptor攔截(檢驗是否登陸,沒登錄的都先去登錄頁面)這是登陸攔截。session驗證需要在頁面和服務器端雙向配置
差不多就這些了,基本上這裏的配置文件很全乎,儘量講解的詳細點,還引用了一些別人的代碼,嘿嘿,祝君成功!
哦,對了,成果展示:
初始訪問:
登陸上去:
把本地時間往後該一天(當然也可以往後改1分鐘 我怕電腦時間組件壞掉 ) 即session失效,再次訪問index頁面: