發布到外網的web工程必須添加登錄過濾器來阻擋一些非法的請求,即只有登錄的用戶才能對web工程進行請求,否則無論請求什么資源都需要調整到登錄頁面進行登錄操作。這時就需要用到過濾器,其實非常簡單,只需要在spring配置文件中加入你自己寫的java過濾器即可。我這里的例子是無論請求什么資源都需要運行java過濾器來驗證是否已登錄,如果未登錄則跳轉到登錄頁面。
1、spring需要添加的配置代碼
<!-- 登錄攔截器 -->
<mvc:interceptors>
<mvc:interceptor>
<mvc:mapping path="/**" />
<mvc:exclude-mapping path="/loginController/*" />
<mvc:exclude-mapping path="/js/**" />
<mvc:exclude-mapping path="/script/**" />
<mvc:exclude-mapping path="/css/**" />
<mvc:exclude-mapping path="/img/**" />
<bean class="com.lnjh.contractlock.interceptor.LoginInterceptor" />
</mvc:interceptor>
</mvc:interceptors>
<mvc:exclude-mapping path="/img/**" />表示訪問該路徑下的資源時不使用過濾器,如訪問http://localhost:8080/yourWeb/img/eye.png這時就不會走過濾器方法。
2、 bean節點配置的就是你自己寫的過濾器類路徑,代碼如下:
import javax.servlet.ServletContext; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import com.lnjh.contractlock.entity.User;
/** * 登錄攔截器 * * @author Administrator * */
public class LoginInterceptor implements HandlerInterceptor {
@Override
public void afterCompletion(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, Exception arg3) throws Exception { }
@Override public void postHandle(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, ModelAndView arg3) throws Exception { }
//在方法調用前執行此方法,如果未登錄則跳轉到登錄頁面
@Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object obj) throws Exception {
User user = (User) request.getSession().getAttribute("user");
if (user != null) {
return true;
} else {
ServletContext context = request.getSession().getServletContext();
response.sendRedirect(context.getContextPath() + "/loginController/login");
return false; }
}
}