详解Spring MVC拦截器实现session控制
程序员文章站
2024-03-08 13:10:52
未登录,不允许访问background文件夹内的页面,那如何判断是否登录呢?background是关键目录,每个操作该目录的人都需要写在日志表中,如何实现呢?拦截器是实现方...
未登录,不允许访问background文件夹内的页面,那如何判断是否登录呢?background是关键目录,每个操作该目录的人都需要写在日志表中,如何实现呢?拦截器是实现方案之一。
(1) 在com.geloin.spring.interceptor包中添加systeminterceptor,并使其继承handlerinterceptor
/**
*
* @author geloin
*/
package com.geloin.spring.interceptor;
import java.io.printwriter;
import java.util.iterator;
import java.util.map;
import javax.annotation.resource;
import javax.servlet.http.httpservletrequest;
import javax.servlet.http.httpservletresponse;
import org.springframework.stereotype.repository;
import org.springframework.web.servlet.handler.handlerinterceptoradapter;
import com.embest.ruisystem.form.systemloggerform;
import com.embest.ruisystem.form.systemuserform;
import com.embest.ruisystem.service.systemloggerservice;
import com.embest.ruisystem.util.constants;
import com.embest.ruisystem.util.datautil;
/**
*
* @author geloin
*/
@repository
public class systeminterceptor extends handlerinterceptoradapter {
@resource(name = "systemloggerservice")
private systemloggerservice systemloggerservice;
/*
* (non-javadoc)
*
* @see
* org.springframework.web.servlet.handler.handlerinterceptoradapter#prehandle
* (javax.servlet.http.httpservletrequest,
* javax.servlet.http.httpservletresponse, java.lang.object)
*/
@suppresswarnings({ "rawtypes", "unchecked" })
@override
public boolean prehandle(httpservletrequest request,
httpservletresponse response, object handler) throws exception {
request.setcharacterencoding("utf-8");
response.setcharacterencoding("utf-8");
response.setcontenttype("text/html;charset=utf-8");
// 后台session控制
string[] nofilters = new string[] { "login.html", "vericode.html",
"index.html", "logout.html" };
string uri = request.getrequesturi();
if (uri.indexof("background") != -1) {
boolean befilter = true;
for (string s : nofilters) {
if (uri.indexof(s) != -1) {
befilter = false;
break;
}
}
if (befilter) {
object obj = request.getsession().getattribute(
constants.logined);
if (null == obj) {
// 未登录
printwriter out = response.getwriter();
stringbuilder builder = new stringbuilder();
builder.append("<script type=\"text/javascript\" charset=\"utf-8\">");
builder.append("alert(\"页面过期,请重新登录\");");
builder.append("window.top.location.href=\"");
builder.append(constants.basepath);
builder.append("/background/index.html\";</script>");
out.print(builder.tostring());
out.close();
return false;
} else {
// 添加日志
string operatecontent = constants.operatecontent(uri);
if (null != operatecontent) {
string url = uri.substring(uri.indexof("background"));
string ip = request.getremoteaddr();
integer userid = ((systemuserform) obj).getid();
systemloggerform form = new systemloggerform();
form.setuserid(userid);
form.setip(ip);
form.setoperatecontent(operatecontent);
form.seturl(url);
this.systemloggerservice.edit(form);
}
}
}
}
map paramsmap = request.getparametermap();
for (iterator<map.entry> it = paramsmap.entryset().iterator(); it
.hasnext();) {
map.entry entry = it.next();
object[] values = (object[]) entry.getvalue();
for (object obj : values) {
if (!datautil.isvaluesuccessed(obj)) {
throw new runtimeexception("有非法字符:" + obj);
}
}
}
return super.prehandle(request, response, handler);
}
}
(2) 修改context-dispatcher.xml,让spring管理拦截器
<mvc:interceptors> <bean class="com.geloin.spring.interceptor.systeminterceptor" /> </mvc:interceptors>
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持。
上一篇: 详解Java反射各种应用
下一篇: Redis构建分布式锁