springMVC盗链接详解
程序员文章站
2022-03-21 10:31:59
目录springmvc配置文件登录的拦截器logininterceptor:springmvc配置文件
springmvc配置文件
<?xml version="1.0" encoding="utf-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/xmlschema-instance" xmlns:context="http://www.springframework.org/schema/context" xmlns:mvc="http://www.springframework.org/schema/mvc" xsi:schemalocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd"> <!--自动扫描包--> <!-- 开启ioc 注解事务支持--> <context:component-scan base-package="cn"></context:component-scan> <!--开启spiring mvc注解支持--> <mvc:annotation-driven></mvc:annotation-driven> <!--配置spring 中的视图解析器--> <bean class="org.springframework.web.servlet.view.internalresourceviewresolver" id="resolver"> <property name="prefix" value="/"></property> <property name="suffix" value=".jsp"></property> </bean> <mvc:interceptors> <mvc:interceptor> <mvc:mapping path="/**"/> <bean id="logininterceptor" class="cn.hp.interceptor.logininterceptor"></bean> </mvc:interceptor> </mvc:interceptors> </beans>
web.xml文件在我上一篇文章中拦截器https://blog.csdn.net/best_p1/article/details/118637785
登陆验证
package cn.hp.action; import org.springframework.stereotype.controller; import org.springframework.ui.model; import org.springframework.web.bind.annotation.requestmapping; import javax.servlet.http.httpsession; @controller public class useraction { @requestmapping("/test1.do") public string test01(){ system.out.println("正在执行test1这个业务逻辑"); return "index"; } @requestmapping("/test2.do") public string test02(){ system.out.println("正在执行test2这个业务逻辑"); return "index"; } @requestmapping("/login.do") public string login(string username, string pwd, model model,httpsession session){ if (username.equals("zs")&&pwd.equals("123")){ session.setattribute("user",username); return "redirect:/main.do"; }else { model.addattribute("msg","用户名和密码错误"); return "login"; } } @requestmapping("/main.do") public string main(){ return "main"; } @requestmapping("/loginout.do") public string loginout(httpsession session){ session.invalidate(); return "login"; } }
登录的拦截器logininterceptor:
package cn.hp.interceptor; import org.springframework.web.servlet.handlerinterceptor; import org.springframework.web.servlet.modelandview; import javax.servlet.http.httpservletrequest; import javax.servlet.http.httpservletresponse; public class logininterceptor implements handlerinterceptor { @override public boolean prehandle(httpservletrequest request, httpservletresponse response, object handler) throws exception { string path= request.getrequesturi(); if(path.indexof("login.do")>0){ return true; } object obj= request.getsession().getattribute("user"); if (obj!=null){ return true; }else { request.setattribute("msg","别想歪心思!请登录!"); request.getrequestdispatcher("login.jsp").forward(request,response); return false; } } @override public void posthandle(httpservletrequest request, httpservletresponse response, object handler, modelandview modelandview) throws exception { } @override public void aftercompletion(httpservletrequest request, httpservletresponse response, object handler, exception ex) throws exception { } }
jsp页面: login.jsp
<%@ page contenttype="text/html;charset=utf-8" language="java" %> <html> <head> <title>title</title> </head> <body> <form action="login.do" method="post"> 账号:<input type="text" name="username"><br/> 密码:<input type="password" name="pwd"><br/> <input type="submit" value="登录"> </form> ${msg} </body> </html>
main.jsp
<%@ page contenttype="text/html;charset=utf-8" language="java" %> <html> <head> <title>title</title> </head> <body> ${user} <a href="loginout.do">退出</a> </body> </html>
验证账号密码
进行拦截 登录才能访问
登录成功 可以访问test1.do test2.do
点击退出清除session
总结
本篇文章就到这里了,希望能给你带来帮助,也希望能够您能够关注的更多内容!