使用拦截器,两步走即可:
- 自定义拦截器,实现HandlerInterceptor接口;将拦截器放入容器,实现WebMvcConfigurer的addInterceptors方法,并指定拦截规则、放行规则。
HandlerInterceptor接口定义如下。
public interface HandlerInterceptor {
default boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
return true;
}
default void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
@Nullable ModelAndView modelAndView) throws Exception {
}
default void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler,
@Nullable Exception ex) throws Exception {
}
}
实现HandlerInterceptor的这3个方法即可。其中,
preHandle,在控制器方法执行前调用;
postHandle,在控制器方法执行完成之后调用;
afterCompletion,在视图渲染完成之后调用。
- 新建Spring项目:demo6,添加依赖:Spring Web、Spring Configuration Processor、Lombok和Thymeleaf。
Group:com.example
Artifact:demo6
Package name:com.example.bootcom.example.boot下新建类:bean.User。
package com.example.boot.bean;
import lombok.AllArgsConstructor;
import lombok.Data;
import lombok.NoArgsConstructor;
import lombok.ToString;
@Data
@NoArgsConstructor
@AllArgsConstructor
@ToString
public class User {
private String username;
private String password;
}
- com.example.boot下新建控制器:controller.IndexController。
package com.example.boot.controller;
import com.example.boot.bean.User;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import javax.servlet.http.HttpSession;
@Controller
public class IndexController {
@GetMapping(value = {"/","/login"})
public String index(){
return "login";
}
@PostMapping(value = "/login")
public String login(User user, HttpSession session, Model model){
if("zhangsan".equals(user.getUsername()) && "test@123".equals(user.getPassword())){
session.setAttribute("loginUser",user);
return "redirect:/main";
}else{
model.addAttribute("msg","账号或密码错误");
return "login";
}
}
@GetMapping("/main")
public String main(){
return "main";
}
}
用户是zhangsan/test@123,才能登录进入主页面。
用户登录成功后,用户信息会保存在会话中。
4. resources.static下新建视图文件:登录页面login.html、主页面main.html。
登录
登录
[[${session.loginUser.username}]],欢迎您的到来!
- com.example.boot下新建拦截器:interceptor.IndexInterceptor。
package com.example.boot.interceptor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
@Slf4j
public class IndexInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
log.info("Enter preHandler,请求 {} 被拦截!",request.getRequestURI());
HttpSession session = request.getSession();
Object loginUser = session.getAttribute("loginUser");
if(loginUser != null){
return true;
}
request.setAttribute("msg","请重新登录");
request.getRequestDispatcher("/").forward(request,response);
return false;
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
log.info("Enter postHandler,请求 {} 被拦截!",request.getRequestURI());
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
log.info("Enter afterCompletion,请求 {} 被拦截!",request.getRequestURI());
}
}
如果会话中含有用户信息,表示该用户已经登录,可访问主页面。
如果会话中不包含用户信息,表示该用户未登录,则被拦截,无法访问主页面,将直接返回到登录页面。
6. com.example.boot下新建配置器:config.MyConfig。
package com.example.boot.config;
import com.example.boot.interceptor.IndexInterceptor;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@Configuration
public class MyConfig implements WebMvcConfigurer {
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(new IndexInterceptor())
.addPathPatterns("/**")
.excludePathPatterns("/","/login");
}
}
- 启动应用并测试。
用户未登录,直接访问主页面(localhost://8080/main),将被拦截,并重新跳转至登录页面。
用户登录成功了,方可访问主页面。
