1. 登錄頁面
大家可以在網上下載一個網站模板。例如百度一下bootstrap網站後臺模板,下載複製到自己的webapp目錄下。將登錄表單提交到userCheck,調用Controller層的方法來判斷用戶是否登錄。
<form action="/userCheck" method="get">
2. 登錄攔截器
登錄攔截器的功能是實現將所有訪問該web應用下的資源的請求重定向到登錄頁面。
2.1 寫一個登錄攔截器
實現了HandlerInterceptor方法
package com.cnpc.web;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class LoginInterceptor implements HandlerInterceptor{
/**
* 在請求之前執行
* @param httpServletRequest
* @param httpServletResponse
* @param o
* @return
* @throws Exception
*/
public boolean preHandle(HttpServletRequest httpServletRequest,
HttpServletResponse httpServletResponse,
Object o) throws Exception {
String url=httpServletRequest.getRequestURL().toString();
Object user=httpServletRequest.getSession().getAttribute("user");
if (user!=null){
return true;
}
if(httpServletRequest.getRequestURI().contains("login") || httpServletRequest.getRequestURI().contains("userCheck")
|| httpServletRequest.getRequestURI().contains("test")
) {
return true;
}
httpServletResponse.sendRedirect(httpServletRequest.getContextPath()+"/pages/samples/login.jsp");
return false;
}
public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse,
Object o, ModelAndView modelAndView) throws Exception {
}
public void afterCompletion(HttpServletRequest httpServletRequest,
HttpServletResponse httpServletResponse,
Object o, Exception e) throws Exception {
}
}
2.2 在spring-web.xml中配置登錄攔截器
<mvc:interceptors>
<mvc:interceptor>
<!--<mvc:mapping path="/**"/>
該路徑及其子路徑 -->
<mvc:mapping path="/**"/>
<mvc:exclude-mapping path="/**/*.css"/>
<mvc:exclude-mapping path="/**/*.js"/>
<mvc:exclude-mapping path="/**/*.png"/>
<mvc:exclude-mapping path="/**/*.gif"/>
<mvc:exclude-mapping path="/**/*.jpg"/>
<mvc:exclude-mapping path="/**/*.jpeg"/>
<mvc:exclude-mapping path="/pages/samples/login.html"/>
</mvc:interceptor>
</mvc:interceptors>
2.3 小結
問題1:無限重定向
是否配置了<mvc:exclude-mapping path="/pages/samples/login.html"/>,該配置表示不攔截登錄的頁面。登錄攔截器的執行是這樣的,先檢查request域中是否存在用戶,存在就放行,不存在則攔截,重定向至登錄界面,如果不配置exclude-mapping的話,就會一直:檢查用戶不存在,跳轉至登錄,登錄又被攔截繼續檢查用戶,如此往復。
問題2:用Postman等工具測試接口的時候,被攔截返回登錄頁面的html源碼
這個問題也可以通過配置exclude-mapping來解決,我是這樣解決的,通過request.getUrl()獲取請求的url,我進行測試的時候url一般會包含一個test,然後在登錄攔截器的preHandle裏面:
if(httpServletRequest.getRequestURI().contains("test")
) {
return true;
}
這樣表示包含了test的請求就不會攔截了。
3. web層之UserController
3.1 UserController
@Controller
public class UserController {
@Autowired
private UserService userService;
@RequestMapping("/login")
public String login(){
return "redirect:/pages/samples/login.jsp";
}
@RequestMapping("/userCheck")
public String checkUser(String username, String password, HttpSession session){
System.out.println("用戶:"+username+" "+password);
String loginstate= userService.checkUserState(username,password);
if (loginstate.equals("userNameNotExist")){
return "redirect:login.action";
}else if(loginstate.equals("passwordWrong")){
return "redirect:login.action";
}else {
User user=new User();
user.setUsername(username);
user.setPassword(password);
session.setAttribute("user",user);
String url=userService.getUrlByName(username);
return "redirect:"+url;
}
}
}
表單提交請求的URL是userCheck,通過調用userService裏的checkUserState檢查用戶是否存在,存在就往session中存入User對象,然後重定向到首頁。
4.Service層之UserService
自己添加一個字符串,再生成MD5碼,做一個簡單的加密,存入數據庫中。
@Service
public class UserServiceImpl implements UserService {
private static final String sort="encryption:fantast1cyue";
@Autowired
private UserDao userDao;
public String checkUserState(String username, String password) {
User user = userDao.getUserByName(username);
String passstr=password+sort;
String md5 = DigestUtils.md5DigestAsHex(passstr.getBytes());
if (user==null){
return "userNameNotExist";
}else if (!md5.equals(user.getPassword())){
return "passwordWrong";
}else {
return "success";
}
}
public String getUrlByName(String username){
String s = userDao.getUrlByName(username);
return s;
}
}
5.Dao層之UserDao
public interface UserDao {
User getUserByName(String username);
String getUrlByName(String username);
}
5.1 Mapper之UserDao.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE mapper
PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.cnpc.dao.UserDao">
<!--查詢用戶-->
<select id="getUserByName" resultType="com.cnpc.bean.User">
select username,password from user where username = #{username}
</select>
<select id="getUrlByName" resultType="java.lang.String">
select url from user where username = #{username}
</select>
</mapper>