SpringBoot(六):攔截器--只允許進入登入註冊頁面,沒登入不允許檢視其它頁面
阿新 • • 發佈:2019-02-09
SpringBoot註冊登入(一):User表的設計點選開啟連結
SpringBoot註冊登入(二):註冊---驗證碼kaptcha的實現點選開啟連結
SpringBoot註冊登入(三):註冊--驗證賬號密碼是否符合格式及後臺完成註冊功能點選開啟連結
SpringBoot註冊登入(四):登入功能--密碼錯誤三次,需要等待2分鐘才能登入,固定時間內不能登入點選開啟連結
SpringBoot註冊登入(五):登入功能--Scheduling Tasks定時作業,用於某個時間段允許/不允許使用者登入點選開啟連結
SpringBoot--mybatis--ajax--模態框--log:註冊、登入、攔截器、檔案系統原始碼 點選開啟連結
直接執行程式,就會載入攔截器了。這個攔截器在沒登入前只會放行登入註冊、驗證碼的請求
一、先在啟動類加上註解(如果使用了下面步驟的程式碼程式執行失敗的話)
@ComponentScan
@EnableAutoConfiguration
@EnableScheduling
@Configuration
二、定義兩個類
1、LoginInterceptor
package com.fxy.interceptor; import com.fxy.bean.User; import com.fxy.service.UserService; import org.apache.log4j.Logger; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Component; import org.springframework.stereotype.Controller; import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import java.util.ArrayList; import java.util.HashSet; import java.util.List; import java.util.Set; /** * 登入驗證攔截 * */ @Controller @Component public class LoginInterceptor extends HandlerInterceptorAdapter { Logger log = Logger.getLogger(LoginInterceptor.class); /*@Autowired UserService userService;*/ /*@Value("${IGNORE_LOGIN}") Boolean IGNORE_LOGIN;*/ @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { String basePath = request.getContextPath(); String path = request.getRequestURI(); // log.info("basePath:"+basePath); // log.info("path:"+path); if(!doLoginInterceptor(path, basePath) ){//是否進行登陸攔截 return true; } // HttpSession session = request.getSession(); // int userID = 2; // UserInfo userInfo = sysUserService.getUserInfoByUserID(userID); // System.out.println(JsonUtil.toJson(userInfo)); // session.setAttribute(Constants.SessionKey.USER, userInfo); //如果登入了,會把使用者資訊存進session HttpSession session = request.getSession(); List<User> users = (List<User>) session.getAttribute("userList"); /*User userInfo = new User(); userInfo.setId(users.get(0).getId()); userInfo.setName(users.get(0).getName()); userInfo.setPassword(users.get(0).getPassword());*/ //開發環節的設定,不登入的情況下自動登入 /*if(userInfo==null && IGNORE_LOGIN){ userInfo = sysUserService.getUserInfoByUserID(2); session.setAttribute(Constants.SessionKey.USER, userInfo); }*/ if(users==null){ /*log.info("尚未登入,跳轉到登入介面"); response.sendRedirect(request.getContextPath()+"signin");*/ String requestType = request.getHeader("X-Requested-With"); // System.out.println(requestType); if(requestType!=null && requestType.equals("XMLHttpRequest")){ response.setHeader("sessionstatus","timeout"); // response.setHeader("basePath",request.getContextPath()); response.getWriter().print("LoginTimeout"); return false; } else { log.info("尚未登入,跳轉到登入介面"); response.sendRedirect(request.getContextPath()+"signin"); } return false; } // log.info("使用者已登入,userName:"+userInfo.getSysUser().getUserName()); return true; } /** * 是否進行登陸過濾 * @param path * @param basePath * @return */ private boolean doLoginInterceptor(String path,String basePath){ path = path.substring(basePath.length()); Set<String> notLoginPaths = new HashSet<>(); //設定不進行登入攔截的路徑:登入註冊和驗證碼 //notLoginPaths.add("/"); notLoginPaths.add("/index"); notLoginPaths.add("/signin"); notLoginPaths.add("/login"); notLoginPaths.add("/register"); notLoginPaths.add("/kaptcha.jpg"); notLoginPaths.add("/kaptcha"); //notLoginPaths.add("/sys/logout"); //notLoginPaths.add("/loginTimeout"); if(notLoginPaths.contains(path)) return false; return true; } }
2、WebConfig
package com.fxy.interceptor; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.web.servlet.config.annotation.DefaultServletHandlerConfigurer; import org.springframework.web.servlet.config.annotation.InterceptorRegistry; import org.springframework.web.servlet.config.annotation.ViewControllerRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter; import org.springframework.web.servlet.view.InternalResourceViewResolver; import org.springframework.web.servlet.view.JstlView; @Configuration public class WebConfig extends WebMvcConfigurerAdapter { //@Autowired //LogInterceptor logInterceptor; @Autowired LoginInterceptor loginInterceptor; /** * 不需要登入攔截的url:登入註冊和驗證碼 */ final String[] notLoginInterceptPaths = {"/signin","/login/**","/index/**","/register/**","/kaptcha.jpg/**","/kaptcha/**"};//"/", "/login/**", "/person/**", "/register/**", "/validcode", "/captchaCheck", "/file/**", "/contract/htmltopdf", "/questions/**", "/payLog/**", "/error/**" }; @Override public void addInterceptors(InterceptorRegistry registry) { // 日誌攔截器 //registry.addInterceptor(logInterceptor).addPathPatterns("/**"); // 登入攔截器 registry.addInterceptor(loginInterceptor).addPathPatterns("/**").excludePathPatterns(notLoginInterceptPaths); } @Override public void configureDefaultServletHandling(DefaultServletHandlerConfigurer configurer) { configurer.enable(); } @Bean public InternalResourceViewResolver viewResolver() { InternalResourceViewResolver resolver = new InternalResourceViewResolver(); resolver.setPrefix("/templates/"); resolver.setSuffix(".html"); resolver.setViewClass(JstlView.class); return resolver; } @Override public void addViewControllers(ViewControllerRegistry registry) { } }