前言
作为主修Java的我竟然没有发布过一篇有关Java的文章,这究竟是道德的沦丧还是人性的扭曲!额,其实是我太菜了,怕被喷:@(无奈)……
事情是这样的,为了系统的安全,配置了一个拦截器来拦截未登录或session过期的用户,结果把登录页和静态资源也给拦截了:@(大囧),为解决这个问题,配置了mvc:resources和mvc:exclude-mapping后问题仍然存在,于是我就对判断是否拦截下手了。
部分代码
UserController.java:
package com.ddkjt.controller;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import com.ddkjt.po.User;
import com.ddkjt.service.UserService;
@Controller("userController")
@RequestMapping("/")
public class UserController {
@Resource(name="userService")
private UserService userService;
public UserService getUserService() {
return userService;
}
public void setUserService(UserService userService) {
this.userService = userService;
}
//登录
@RequestMapping(value = "/login", method = RequestMethod.GET)
public String login() {
return "login";
}
@RequestMapping(value = "/login", method = RequestMethod.POST)
public String login(User u,Model model,HttpServletResponse response,HttpServletRequest request) {
User user = userService.login(u);
//判断用户是否存在
if(user != null){
request.getSession().setAttribute("user", user);
//判断用户是否点击了登录保留一周
if(request.getParameter("login_time") == "on"){
request.getSession().setMaxInactiveInterval(7*24*60*60);
}else{
request.getSession().setMaxInactiveInterval(2*60*60);
}
return "redirect:index";
}else{
model.addAttribute("msg","账号和密码不匹配,请重新输入");
return "login";
}
}
//退出登录
@RequestMapping("/logout")
public String logout(HttpSession session) {
session.invalidate();
return "redirect:login";
}
}
SecurityInterceptor.java:
package com.ddkjt.tool;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
public class SecurityInterceptor implements HandlerInterceptor{
@Override
public void afterCompletion(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, Exception arg3) throws Exception {
}
@Override
public void postHandle(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, ModelAndView arg3) throws Exception {
}
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object o) throws Exception {
String basePath = request.getScheme() + "://" + request.getServerName() + ":" + request.getServerPort() + request.getContextPath() + "/";
//判断session是否存在、是否是login页面,访问路径是否包含static
if(request.getSession().getAttribute("user") == null && !request.getRequestURL().toString().equals(basePath+"login") && !request.getRequestURL().toString().contains("static")) {
response.sendRedirect(request.getContextPath()+"/login");
return false;
}
return true;
}
}
spring_mvc.xml:
<mvc:interceptors>
<mvc:interceptor>
<mvc:mapping path="/**"/>
<bean class="com.ddkjt.tool.SecurityInterceptor"/>
</mvc:interceptor>
</mvc:interceptors>
login.jsp:
<form class="layui-form" method="post" action="./login">
<div class="layui-form-item">
<input type="text" name="user_name" placeholder="账号" class="layui-input">
</div>
<div class="layui-form-item">
<input type="password" name="user_pwd" placeholder="密码" class="layui-input">
</div>
<div class="layui-form-item">
<input type="checkbox" name="login_time" title="登录保留一周" checked>
</div>
<div class="layui-form-item">
<input type="submit" class="layui-btn layui-btn-normal layui-btn-fluid" value="登录" />
</div>
</form>
<script src="static/layui/layui.js" charset="utf-8"></script>
<script src="static/pear/pear.js"></script>
<script type="text/javascript">
layui.use(['toast','jquery'],function() {
var $ = layui.jquery;
var toast = layui.toast;
if('${msg}' != ''){
toast.error({title: '错误信息',message: '${msg}',position: 'topCenter'});
}
$(".layui-btn").click(function(){
if($('input[name="user_name"]').val() == '' || $('input[name="user_pwd"]').val() == ''){
toast.error({title: '错误信息',message: '账号和密码不能为空,请输入',position: 'topCenter'});
return false;
}
});
});
</script>
结语
本来是用的Ajax提交登录,但返回的结果乱码,就懒得解决了。