欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  IT编程

springMVC盗链接详解

程序员文章站 2022-03-21 10:31:59
目录springmvc配置文件登录的拦截器logininterceptor:springmvc配置文件

springmvc配置文件

<?xml version="1.0" encoding="utf-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/xmlschema-instance"
       xmlns:context="http://www.springframework.org/schema/context"
       xmlns:mvc="http://www.springframework.org/schema/mvc"
       xsi:schemalocation="
       http://www.springframework.org/schema/beans
       http://www.springframework.org/schema/beans/spring-beans.xsd
       http://www.springframework.org/schema/context
       http://www.springframework.org/schema/context/spring-context.xsd
       http://www.springframework.org/schema/mvc
       http://www.springframework.org/schema/mvc/spring-mvc.xsd">
    <!--自动扫描包-->
    <!-- 开启ioc   注解事务支持-->
    <context:component-scan base-package="cn"></context:component-scan>
    <!--开启spiring mvc注解支持-->
    <mvc:annotation-driven></mvc:annotation-driven>
    <!--配置spring 中的视图解析器-->
    <bean class="org.springframework.web.servlet.view.internalresourceviewresolver" id="resolver">
        <property name="prefix" value="/"></property>
        <property name="suffix" value=".jsp"></property>
    </bean>

    <mvc:interceptors>

        <mvc:interceptor>
            <mvc:mapping path="/**"/>
            <bean id="logininterceptor" class="cn.hp.interceptor.logininterceptor"></bean>
        </mvc:interceptor>
    </mvc:interceptors>

</beans>

web.xml文件在我上一篇文章中拦截器https://blog.csdn.net/best_p1/article/details/118637785

登陆验证

package cn.hp.action;
import org.springframework.stereotype.controller;
import org.springframework.ui.model;
import org.springframework.web.bind.annotation.requestmapping;
import javax.servlet.http.httpsession;
@controller
public class useraction {
    @requestmapping("/test1.do")
    public  string test01(){
        system.out.println("正在执行test1这个业务逻辑");
        return "index";
    }
    @requestmapping("/test2.do")
    public  string test02(){
        system.out.println("正在执行test2这个业务逻辑");
        return "index";
    }
    @requestmapping("/login.do")
    public  string login(string username, string pwd, model model,httpsession session){
      if (username.equals("zs")&&pwd.equals("123")){
          session.setattribute("user",username);
          return "redirect:/main.do";
      }else {
          model.addattribute("msg","用户名和密码错误");
          return "login";
      }
    }
    @requestmapping("/main.do")
    public string main(){
        return "main";
    }
    @requestmapping("/loginout.do")
    public string loginout(httpsession session){
        session.invalidate();
        return "login";
    }
}

登录的拦截器logininterceptor:

package cn.hp.interceptor;
import org.springframework.web.servlet.handlerinterceptor;
import org.springframework.web.servlet.modelandview;
import javax.servlet.http.httpservletrequest;
import javax.servlet.http.httpservletresponse;
public class logininterceptor implements handlerinterceptor {
    @override
    public boolean prehandle(httpservletrequest request, httpservletresponse response, object handler) throws exception {
     string path= request.getrequesturi();
     if(path.indexof("login.do")>0){
         return true;
     }
    object obj= request.getsession().getattribute("user");
     if (obj!=null){
         return  true;
     }else {
          request.setattribute("msg","别想歪心思!请登录!");
          request.getrequestdispatcher("login.jsp").forward(request,response);
         return false;
     }

    }
    @override
    public void posthandle(httpservletrequest request, httpservletresponse response, object handler, modelandview modelandview) throws exception {
    }
    @override
    public void aftercompletion(httpservletrequest request, httpservletresponse response, object handler, exception ex) throws exception {
    }
}

jsp页面: login.jsp

<%@ page contenttype="text/html;charset=utf-8" language="java" %>
<html>
<head>
    <title>title</title>
</head>
<body>
<form action="login.do" method="post">
    账号:<input type="text" name="username"><br/>
    密码:<input type="password" name="pwd"><br/>
    <input type="submit" value="登录">
</form>
${msg}
</body>
</html>

main.jsp

<%@ page contenttype="text/html;charset=utf-8" language="java" %>
<html>
<head>
    <title>title</title>
</head>
<body>
${user}
<a href="loginout.do">退出</a>
</body>
</html>

springMVC盗链接详解

验证账号密码

springMVC盗链接详解

进行拦截 登录才能访问

springMVC盗链接详解

登录成功 可以访问test1.do test2.do

点击退出清除session

springMVC盗链接详解

总结

本篇文章就到这里了,希望能给你带来帮助,也希望能够您能够关注的更多内容!

相关标签: springMVC 盗链接