SpringMVC框架是一个非常强大的java web框架,目前最主流的也是spring mvc的框架今天我们学习下springMVCd的登录拦截器Filter
首先呢,SpringMVC具有统一的入口DIspatcherServlet,所有请求都会通过DIspatcherServlet来进行处理
dispatcherServlet是前置控制器,配置在web.xml中,主要是用来拦截对应的请求,然后将请求根据对应的规则发送到Controller来进行处理
首先在web.xml中进行配置拦截请求
<!--filter登录拦截器--> <filter> <!--拦截请求做处理的类--> <filter-name>SecurityServlet</filter-name> <filter-class> org.andy.shop.utils.SecurityServlet</filter-class> </filter> <filter-mapping> <filter-name>SecurityServlet</filter-name> <url-pattern>*.jsp</url-pattern> </filter-mapping> <filter-mapping> <!--拦截格式.do--> <filter-name>SecurityServlet</filter-name> <url-pattern>*.do</url-pattern> </filter-mapping>
这里我们用的是.do拦截格式,就是说所有请求中有.do的请求都会被我们拦截下来做登录处理,这里如果将.do写成“/”的话,就会拦截所有请求,会导致 js文件、css文件等文件无法访问
这里我们写的是继承HttpServlet类实现Filter接口
package org.andy.shop.utils; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; /** * Filter 登录拦截器 * @author lyy * @date 2016-05-05 */ public class SecurityServlet extends HttpServlet implements Filter{ /** * */ private static final long serialVersionUID = 1L; public void init(FilterConfig filterConfig) throws ServletException { } public void doFilter(ServletRequest srequest, ServletResponse sresponse, FilterChain chain) throws IOException, ServletException { HttpServletRequest request=(HttpServletRequest)srequest; HttpServletResponse response =(HttpServletResponse) sresponse; HttpSession session = request.getSession(true); String usercode = (String) request.getRemoteUser();// 登录人 String user_role = (String)session.getAttribute(Constants.USERID);//登录人角色 String url=request.getRequestURI();//获取的请求路径 System.out.println(url); if(user_role == null || "".equals(user_role)) {//如果登录标识为空 //判断获取的路径不为空且不是访问登录页面或执行登录操作时跳转 if(url!=null && !url.equals("") && (url.contains("userDetail.do") )) {//如果请求url不为空且请求的url包含userDetail.do请求 response.sendRedirect(request.getContextPath() + "/login.do"); return; } } chain.doFilter(srequest, sresponse);//跳转 return; } }
当我们访问localhost:8080/test/userDetai.do时如果没有登录的验证就会跳转到对应的login页面
