详解Spring MVC拦截器实现session控制
发布时间:2020-12-14 14:34:17 所属栏目:Java 来源:网络整理
导读:未登录,不允许访问background文件夹内的页面,那如何判断是否登录呢?background是关键目录,每个操作该目录的人都需要写在日志表中,如何实现呢?拦截器是实现方案之一。 (1) 在com.geloin.spring.interceptor包中添加SystemInterceptor,并使其继承Handle
|
未登录,不允许访问background文件夹内的页面,那如何判断是否登录呢?background是关键目录,每个操作该目录的人都需要写在日志表中,如何实现呢?拦截器是实现方案之一。 (1) 在com.geloin.spring.interceptor包中添加SystemInterceptor,并使其继承HandlerInterceptor
/**
*
* @author geloin
*/
package com.geloin.spring.interceptor;
import java.io.PrintWriter;
import java.util.Iterator;
import java.util.Map;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.stereotype.Repository;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import com.embest.ruisystem.form.SystemLoggerForm;
import com.embest.ruisystem.form.SystemUserForm;
import com.embest.ruisystem.service.SystemLoggerService;
import com.embest.ruisystem.util.Constants;
import com.embest.ruisystem.util.DataUtil;
/**
*
* @author geloin
*/
@Repository
public class SystemInterceptor extends HandlerInterceptorAdapter {
@Resource(name = "systemLoggerService")
private SystemLoggerService systemLoggerService;
/*
* (non-Javadoc)
*
* @see
* org.springframework.web.servlet.handler.HandlerInterceptorAdapter#preHandle
* (javax.servlet.http.HttpServletRequest,* javax.servlet.http.HttpServletResponse,java.lang.Object)
*/
@SuppressWarnings({ "rawtypes","unchecked" })
@Override
public boolean preHandle(HttpServletRequest request,HttpServletResponse response,Object handler) throws Exception {
request.setCharacterEncoding("UTF-8");
response.setCharacterEncoding("UTF-8");
response.setContentType("text/html;charset=UTF-8");
// 后台session控制
String[] noFilters = new String[] { "login.html","veriCode.html","index.html","logout.html" };
String uri = request.getRequestURI();
if (uri.indexOf("background") != -1) {
boolean beFilter = true;
for (String s : noFilters) {
if (uri.indexOf(s) != -1) {
beFilter = false;
break;
}
}
if (beFilter) {
Object obj = request.getSession().getAttribute(
Constants.LOGINED);
if (null == obj) {
// 未登录
PrintWriter out = response.getWriter();
StringBuilder builder = new StringBuilder();
builder.append("<script type="text/javascript" charset="UTF-8">");
builder.append("alert("页面过期,请重新登录");");
builder.append("window.top.location.href="");
builder.append(Constants.basePath);
builder.append("/background/index.html";</script>");
out.print(builder.toString());
out.close();
return false;
} else {
// 添加日志
String operateContent = Constants.operateContent(uri);
if (null != operateContent) {
String url = uri.substring(uri.indexOf("background"));
String ip = request.getRemoteAddr();
Integer userId = ((SystemUserForm) obj).getId();
SystemLoggerForm form = new SystemLoggerForm();
form.setUserId(userId);
form.setIp(ip);
form.setOperateContent(operateContent);
form.setUrl(url);
this.systemLoggerService.edit(form);
}
}
}
}
Map paramsMap = request.getParameterMap();
for (Iterator<Map.Entry> it = paramsMap.entrySet().iterator(); it
.hasNext();) {
Map.Entry entry = it.next();
Object[] values = (Object[]) entry.getValue();
for (Object obj : values) {
if (!DataUtil.isValueSuccessed(obj)) {
throw new RuntimeException("有非法字符:" + obj);
}
}
}
return super.preHandle(request,response,handler);
}
}
(2) 修改context-dispatcher.xml,让spring管理拦截器 <mvc:interceptors> <bean class="com.geloin.spring.interceptor.SystemInterceptor" /> </mvc:interceptors> 以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持编程小技巧。 (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |