一、登錄
JSP程序:
......
<script>
$("#loginbt").click(function(){
var username = $("[name=username]").val();
var password = $("[name=password]").val();
//登錄>>寫入session>>進入主頁面
if(username!="" && password!=""){
$.ajax({
url :"/user/login",
type : "post",
data : {UserName:username, PassWord:password},
dataType:"json",
contentType :"application/x-www-form-urlencoded; charset=UTF-8",
success : function(data){
if(data.status == 200){
window.location.href="/";
}
else if(data.status == 400){
$.messager.alert('提示',data.msg);
}
},
error : function(e){
$.messager.alert('提示',"用戶登錄失敗!");
},
});
}
});
</script>
......
登錄controller:
......
@Controller
public class AdminController {
@Autowired
private AdminService adminService;
//登錄controller
@RequestMapping("/user/login")
@ResponseBody
public Warehouse login(HttpServletRequest request, String UserName ,String PassWord)
throws IOException, ServletException
{
TbUser user = adminService.userLogin(UserName,PassWord);
if (user != null) {
HttpSession session = request.getSession(true);
//將數據存儲到session中
session.setAttribute("id", user.getId());
session.setAttribute("username", user.getUsername());
session.setAttribute("name", user.getName());
session.setAttribute("role", user.getRoleid());
session.setMaxInactiveInterval(0); //單位秒
adminService.updateLoginTime(user);
return Warehouse.build(200, "登錄成功!");
}
else {
return Warehouse.build(400, "登錄失敗,請輸入正確的用戶名和密碼!");
}
}
......
A、先比對用戶名和密碼是否正確,正確則返回該用戶名所對應的對象;
B、將登錄對象的部分屬性值寫入session。
二、登錄攔截
1、SprinMVC資源攔截
注:由於登錄界面涉及到一些靜態資源,所以不僅需要配置登錄相關的請求URL不攔截,對應的靜態資源也不應該攔截。
2、攔截方法
public class LoginInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
// 在攔截點執行前攔截,如果返回true則不執行攔截點後的操作(攔截成功)
HttpSession session = request.getSession();
String uri = request.getRequestURI(); // 獲取登錄的uri,這個URL是不被攔截的
if(session.getAttribute("username")==null ) {
// 攔截,重定向到登錄頁面
if("XMLHttpRequest".equals(request.getHeader("X-Requested-With"))){
//是Ajax請求
return true;
}
response.sendRedirect(request.getContextPath()+"/Login");
return false;
}
//不攔截
return true;
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
ModelAndView modelAndView) throws Exception {
// TODO Auto-generated method stub
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
throws Exception {
// TODO Auto-generated method stub
}
}
注:
登錄成功不執行攔截,登錄的請求類型若屬於Ajax也不執行攔截。
request.getHeader("X-Requested-With") 涉及到Ajax的同步、異步請求方式。
三、註銷退出
JSP頁面:
<script type="text/javascript">
......
function logOut(){
$.messager.confirm('確認','確認退出系統嗎?',function(r){
if (r){
$.ajax({
type : "post",
url : "/person/logout",
cache : false,
contentType : false,
processData : false,
success: function(data) {
if(data.status == 200){
window.location.href="/Login";
};
},
error:function(){
$.messager.alert("提示","退出失敗");
}
});
}
});
};
</script>
退出controller,清空session:
//person退出系統
@RequestMapping("/person/logout")
@ResponseBody
public Warehouse logout(HttpServletRequest request) {
HttpSession session = request.getSession();
session.invalidate();
return Warehouse.build(200, "清空session");
}