后台管理页面往往需要登录才可以进行操作,这时就需要Seession来记录登录状态
要实现起来也是非常简单,只需要自定义一个HandlerInterceptor就行了
自定义的HandlerInterceptor也只有短短几行代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
public class LoginInterceptor implements HandlerInterceptor {
@Override
public void afterCompletion(HttpServletRequest request,
HttpServletResponse response, Object obj, Exception err)
throws Exception {
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response,
Object obj, ModelAndView mav) throws Exception {
}
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response,
Object obj) throws Exception {
//获取session里的登录状态值
//如果登录状态不为空则返回true,返回true则会执行相应controller的方法
if (str!= null ){
return true ;
}
//如果登录状态为空则重定向到登录页面,并返回false,不执行原来controller的方法
response.sendRedirect( "/backend/loginPage" );
return false ;
}
}
|
Controller代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
@Controller
@RequestMapping ( "/backend" )
public class BackendController {
@RequestMapping (value = "/loginPage" , method = {RequestMethod.GET})
public String loginPage(HttpServletRequest request,String account, String password){
return "login" ;
}
@RequestMapping (value = "/login" , method = {RequestMethod.POST})
public String login(HttpServletRequest request,RedirectAttributes model, String account, String password){
//验证账号密码,如果符合则改变session里的状态,并重定向到主页
if ( "jack" .equals(account)&& "jack2017" .equals(password)){
request.getSession().setAttribute( "isLogin" , "yes" );
return "redirect:IndexPage" ;
} else {
//密码错误则重定向回登录页,并返回错误,因为是重定向所要要用到RedirectAttributes
model.addFlashAttribute( "error" , "密码错误" );
return "redirect:loginPage" ;
}
}
//登出,移除登录状态并重定向的登录页
@RequestMapping (value = "/loginOut" , method = {RequestMethod.GET})
public String loginOut(HttpServletRequest request) {
request.getSession().removeAttribute( "isLogin" );
return "redirect:loginPage" ;
}
@RequestMapping (value = "/IndexPage" , method = {RequestMethod.GET})
public String IndexPage(HttpServletRequest request){
return "Index" ;
}
}
|
spring的配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
<!--省略其他基本配置-->
<!-- 配置拦截器 -->
< mvc:interceptors >
<!-- 配置登陆拦截器 -->
< mvc:interceptor >
<!--拦截后台页面的请求-->
< mvc:mapping path = "/backend/**" />
<!--不拦截登录页和登录的请求-->
< mvc:exclude-mapping path = "/backend/loginPage" />
< mvc:exclude-mapping path = "/backend/login" />
< bean class = "com.ima.Interceptor.LoginInterceptor" ></ bean >
</ mvc:interceptor >
</ mvc:interceptors >
|
一个简单的Session实现登录认证系统就这样完成了,如果想登录状态退出浏览器后仍保留一段时间的可以将Session改为Cookie
一般情况下我们都会使用Cookie
Cookie和Session的方法差不多
使用Cookie的自定义HandlerInterceptor
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
public class LoginInterceptor implements HandlerInterceptor {
@Override
public void afterCompletion(HttpServletRequest request,
HttpServletResponse response, Object obj, Exception err)
throws Exception {
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response,
Object obj, ModelAndView mav) throws Exception {
}
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response,
Object obj) throws Exception {
// 获取request的cookie
Cookie[] cookies = request.getCookies();
if ( null ==cookies) {
System.out.println( "没有cookie==============" );
} else {
// 遍历cookie如果找到登录状态则返回true执行原来controller的方法
for (Cookie cookie : cookies){
if (cookie.getName().equals( "isLogin" )){
return true ;
}
}
}
// 没有找到登录状态则重定向到登录页,返回false,不执行原来controller的方法
response.sendRedirect( "/backend/loginPage" );
return false ;
}
}
|
Controller的变化也不大
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
@Controller
@RequestMapping ( "/backend" )
public class BackendController {
@RequestMapping (value = "/loginPage" , method = {RequestMethod.GET})
public String loginPage(HttpServletRequest request, String account, String password) {
return "login" ;
}
@RequestMapping (value = "/login" , method = {RequestMethod.POST})
public String login(HttpServletRequest request, HttpServletResponse response, RedirectAttributes model, String account, String password) {
if ( "edehou" .equals(account) && "aidou2017" .equals(password)) {
Cookie cookie = new Cookie( "isLogin" , "yes" );
cookie.setMaxAge( 30 * 60 ); // 设置为30min
cookie.setPath( "/" );
response.addCookie(cookie);
return "redirect:IndexPage" ;
} else {
model.addFlashAttribute( "error" , "密码错误" );
return "redirect:loginPage" ;
}
}
@RequestMapping (value = "/logOut" , method = {RequestMethod.GET})
public String loginOut(HttpServletRequest request, HttpServletResponse response) {
Cookie[] cookies = request.getCookies();
for (Cookie cookie : cookies) {
if (cookie.getName().equals( "isLogin" )) {
cookie.setValue( null );
cookie.setMaxAge( 0 ); // 立即销毁cookie
cookie.setPath( "/" );
response.addCookie(cookie);
break ;
}
}
return "redirect:loginPage" ;
}
@RequestMapping (value = "/IndexPage" , method = {RequestMethod.GET})
public String IndexPage(HttpServletRequest request) {
return "Index" ;
}
}
|
spring的配置和之前的一模一样
注意
这里只是演示,建议在实际项目中Cookie的键和值要经过特殊处理,否则会引发安全问题
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持服务器之家。
原文链接:http://www.jianshu.com/p/587c56ed9dfa