因为项目用到自定义的登录而且是前后端分离,接口都需要登录后才能访问,同时在做数据的增加、删除、修改的时候需要传进当前账户ID,因此自定义的一个公共方法和拦截器。代码如下:
定义公共方法:
它的作用就是在各个地方都可以通过UserContext .getUserSession获取当前session
public class UserContext implements Serializable {
/**
* @Fields serialVersionUID : TODO(用一句话描述这个变量表示什么)
*/
private static final long serialVersionUID = 1L;
private static ThreadLocal<SecurityAccountLoginModel> loginEntityThreadLocal = new ThreadLocal<>();
public static SecurityAccountLoginModel getUserSession() {
return loginEntityThreadLocal.get();
}
public static void setUserSession(SecurityAccountLoginModel entity) {
loginEntityThreadLocal.set(entity);
}
public static void removeUserSession() {
loginEntityThreadLocal.remove();
}
}
拦截器:
public class LoginInterceptor implements HandlerInterceptor {
// 首先会执行的方法
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object object) throws Exception {
boolean flag = false;
// 从session中获取对象
SecurityAccountLoginModel model = (SecurityAccountLoginModel) request.getSession().getAttribute("user");
if (model == null) {
response.setCharacterEncoding("UTF-8");
response.setContentType("application/json; charset=utf-8");
PrintWriter out = null;
try {
JSONObject res = new JSONObject();
res.put("code", "error");
res.put("message", "用户未登录!");
out = response.getWriter();
out.append(res.toString());
return false;
} catch (Exception e) {
response.sendError(500);
return false;
}
finally {
if (out != null) {
out.close();
}
}
} else {
UserContext.setUserSession(model);
return true;
}
}
// 返回ModelAndView之前执行的方法,面向切面编程中的体现,已经进入了controller
@Override
public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object object, ModelAndView modelAndView) throws Exception {
}
// 执行Handle完成之后执行的方法
@Override
public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object object, Exception exceptio) throws Exception {
UserContext.removeUserSession();
}
}
spring-mvc.xml配置:
<!-- 配置拦截器 -->
<mvc:interceptors>
<mvc:interceptor>
<!-- 拦截所有mvc控制器 -->
<mvc:mapping path="/**"/>
<!-- mvc:exclude-mapping是另外一种拦截,它可以在你后来的测试中对某个页面进行不拦截,这样就不用在
LoginInterceptor的preHandler方法里面获取不拦截的请求uri地址了(优选) -->
<mvc:exclude-mapping path="/oms/login.json" />
<mvc:exclude-mapping path="/web/**" />
<bean class="com.lemeida.retrace.commons.interceptor.LoginInterceptor"></bean>
</mvc:interceptor>
</mvc:interceptors>