【攔截器、過濾器實現單使用者登入】
阿新 • • 發佈:2018-12-04
1、攔截器
package com.wkrj.interceptor; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; import wkrjsystem.user.bean.WkrjUser; import wkrjsystem.wkrjlogin.service.WkrjLonginService; //繼承HandlerInterceptorAdapter public class Singleuserlogin extends HandlerInterceptorAdapter { @Autowired private WkrjLonginService wkrjLonginService; @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { String url=request.getRequestURI(); //如果攔截到的是登入的頁面的話放行 if(url.indexOf("wkrjlogin/checkLogin")>=0||url.indexOf("wkrjlogin/login")>=0 ||url.indexOf("/img/tx.png")>0){ return true; } //如果使用者名稱存在放心(即登入放行) WkrjUser user = (WkrjUser) request.getSession().getAttribute("user"); WkrjUser userDev = (WkrjUser) request.getSession().getAttribute("userDev"); if(userDev !=null){ } if(user!=null){ String id=request.getSession().getId(); String sessionid = wkrjLonginService.getSessionByUserid(user.getUser_id()); if(sessionid.equals(request.getSession().getId())){ return true; } else{ //獲取完整路徑 String basePath = request.getScheme() + "://" + request.getServerName() + ":" + request.getServerPort()+request.getContextPath(); //判斷ajax請求 if("XMLHttpRequest".equals(request.getHeader("X-Requested-With"))){ //告訴ajax我是重定向 response.setHeader("REDIRECT", "REDIRECT"); //告訴ajax我重定向的路徑 response.setHeader("CONTENTPATH", basePath+"/system/login.jsp"); response.setStatus(HttpServletResponse.SC_FORBIDDEN); return false; }else{ response.sendRedirect(basePath + "/system/login.jsp"); return false; } } } return super.preHandle(request, response, handler); } }
配置
spring-mvc.xml
<mvc:interceptors>
<mvc:interceptor>
<mvc:mapping path="/**"/>
<bean id="Singleuserlogin" class="com.wkrj.interceptor.Singleuserlogin"></bean>
</mvc:interceptor>
</mvc:interceptors>
2、過濾器
package com.wkrj.interceptor; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.jdbc.core.JdbcTemplate; import org.springframework.web.context.WebApplicationContext; import org.springframework.web.context.support.WebApplicationContextUtils; import wkrjsystem.user.bean.WkrjUser; import wkrjsystem.wkrjlogin.service.WkrjLonginService; public class LoginFilter implements Filter{ private String unauthorizedUrl = "/unauthorized.jsp"; private String loginUrl = "/system/login.jsp"; @Autowired private JdbcTemplate jdbcTemplate; @Autowired private WkrjLonginService wkrjLonginService; @Override public void init(FilterConfig filterConfig) throws ServletException { } @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest req = (HttpServletRequest)request; //HttpServletResponse resq = (HttpServletResponse)response; ServletContext context = request.getServletContext(); WebApplicationContext ctx = WebApplicationContextUtils.getWebApplicationContext(context); WkrjLonginService LonginService = ctx.getBean(WkrjLonginService.class); /*String contextPath = req.getContextPath(); String requestURI = req.getRequestURI(); HttpSession session = req.getSession(false);*/ String url=req.getRequestURI(); //如果攔截到的是登入的頁面的話放行 if(url.indexOf(loginUrl)>=0||url.indexOf("wkrjlogin/login")>=0 ){ //return true; chain.doFilter(request, response); return; } //如果使用者名稱存在放心(即登入放行) WkrjUser user = (WkrjUser) req.getSession().getAttribute("user"); WkrjUser userDev = (WkrjUser) req.getSession().getAttribute("userDev"); if(userDev !=null){ } if(user!=null){ String id=user.getUser_id(); //Map<String, Object> user1 = jdbcTemplate.queryForMap("select * from wkrj_sys_user where user_id ='"+id+"'"); String sessionid = LonginService.getSessionByUserid(id); //String sessionid=user1.get("sessionid")+""; if(sessionid.equals(req.getSession().getId())){ // return true; chain.doFilter(request, response); return; } else{ request.getRequestDispatcher("/system/login.jsp").forward(req, response); //resq.sendRedirect("/system/login.jsp"); //return false; } } } @Override public void destroy() { } /*@Override protected boolean isAccessAllowed(ServletRequest arg0, ServletResponse arg1, Object arg2) throws Exception { // TODO Auto-generated method stub return false; } @Override protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception { HttpServletRequest req = (HttpServletRequest)request; String url=req.getRequestURI(); //如果攔截到的是登入的頁面的話放行 if(url.indexOf(loginUrl)>=0||url.indexOf(unauthorizedUrl)>=0 ){ return true; } //如果使用者名稱存在放心(即登入放行) WkrjUser user = (WkrjUser) req.getSession().getAttribute("user"); WkrjUser userDev = (WkrjUser) req.getSession().getAttribute("userDev"); if(userDev !=null){ } if(user!=null){ String id=req.getSession().getId(); String sessionid = user.getSessionid(); if(sessionid.equals(req.getSession().getId())){ return true; } else{ request.getRequestDispatcher("/system/login.jsp").forward(req, response); //return false; } } return false; }*/ }
配置
web.xml
<filter> <filter-name> loginFilter</filter-name> <filter-class> com.wkrj.interceptor.LoginFilter </filter-class> </filter> <filter-mapping> <filter-name>loginFilter</filter-name> <url-pattern>*.jsp</url-pattern> </filter-mapping>