详解Spring MVC拦截器实现session控制
程序员文章站
2024-03-08 13:10:52
未登录,不允许访问background文件夹内的页面,那如何判断是否登录呢?background是关键目录,每个操作该目录的人都需要写在日志表中,如何实现呢?拦截器是实现方...
未登录,不允许访问background文件夹内的页面,那如何判断是否登录呢?background是关键目录,每个操作该目录的人都需要写在日志表中,如何实现呢?拦截器是实现方案之一。
(1) 在com.geloin.spring.interceptor包中添加systeminterceptor,并使其继承handlerinterceptor
/** * * @author geloin */ package com.geloin.spring.interceptor; import java.io.printwriter; import java.util.iterator; import java.util.map; import javax.annotation.resource; import javax.servlet.http.httpservletrequest; import javax.servlet.http.httpservletresponse; import org.springframework.stereotype.repository; import org.springframework.web.servlet.handler.handlerinterceptoradapter; import com.embest.ruisystem.form.systemloggerform; import com.embest.ruisystem.form.systemuserform; import com.embest.ruisystem.service.systemloggerservice; import com.embest.ruisystem.util.constants; import com.embest.ruisystem.util.datautil; /** * * @author geloin */ @repository public class systeminterceptor extends handlerinterceptoradapter { @resource(name = "systemloggerservice") private systemloggerservice systemloggerservice; /* * (non-javadoc) * * @see * org.springframework.web.servlet.handler.handlerinterceptoradapter#prehandle * (javax.servlet.http.httpservletrequest, * javax.servlet.http.httpservletresponse, java.lang.object) */ @suppresswarnings({ "rawtypes", "unchecked" }) @override public boolean prehandle(httpservletrequest request, httpservletresponse response, object handler) throws exception { request.setcharacterencoding("utf-8"); response.setcharacterencoding("utf-8"); response.setcontenttype("text/html;charset=utf-8"); // 后台session控制 string[] nofilters = new string[] { "login.html", "vericode.html", "index.html", "logout.html" }; string uri = request.getrequesturi(); if (uri.indexof("background") != -1) { boolean befilter = true; for (string s : nofilters) { if (uri.indexof(s) != -1) { befilter = false; break; } } if (befilter) { object obj = request.getsession().getattribute( constants.logined); if (null == obj) { // 未登录 printwriter out = response.getwriter(); stringbuilder builder = new stringbuilder(); builder.append("<script type=\"text/javascript\" charset=\"utf-8\">"); builder.append("alert(\"页面过期,请重新登录\");"); builder.append("window.top.location.href=\""); builder.append(constants.basepath); builder.append("/background/index.html\";</script>"); out.print(builder.tostring()); out.close(); return false; } else { // 添加日志 string operatecontent = constants.operatecontent(uri); if (null != operatecontent) { string url = uri.substring(uri.indexof("background")); string ip = request.getremoteaddr(); integer userid = ((systemuserform) obj).getid(); systemloggerform form = new systemloggerform(); form.setuserid(userid); form.setip(ip); form.setoperatecontent(operatecontent); form.seturl(url); this.systemloggerservice.edit(form); } } } } map paramsmap = request.getparametermap(); for (iterator<map.entry> it = paramsmap.entryset().iterator(); it .hasnext();) { map.entry entry = it.next(); object[] values = (object[]) entry.getvalue(); for (object obj : values) { if (!datautil.isvaluesuccessed(obj)) { throw new runtimeexception("有非法字符:" + obj); } } } return super.prehandle(request, response, handler); } }
(2) 修改context-dispatcher.xml,让spring管理拦截器
<mvc:interceptors> <bean class="com.geloin.spring.interceptor.systeminterceptor" /> </mvc:interceptors>
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持。
上一篇: 详解Java反射各种应用
下一篇: Redis构建分布式锁