定義一個攔截器(Spring自帶有個攔截器),判斷用戶是通過記住我登錄時,查詢數據庫后台自動登錄,同時把用戶放入session中。
配置攔截器也很簡單,spring為此提供了基礎類WebMvcConfigurerAdapter ,我們只需要重寫addInterceptors 方法添加注冊攔截器。
實現自定義攔截器只需要3步:
1、創建我們自己的攔截器類並實現 HandlerInterceptor 接口。
2、創建一個java類繼承WebMvcConfigurerAdapter,並重寫 addInterceptors 方法。
3、實例化我們自定義的攔截器,然后將對像手動添加到攔截器鏈中(在addInterceptors方法中添加)。
1 package com.sun.configuration; 2 3 import org.springframework.context.annotation.Bean; 4 import org.springframework.context.annotation.Configuration; 5 import org.springframework.core.Ordered; 6 import org.springframework.core.io.support.PropertiesLoaderUtils; 7 import org.springframework.web.servlet.config.annotation.InterceptorRegistry; 8 import org.springframework.web.servlet.config.annotation.ViewControllerRegistry; 9 import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter; 10 11 import java.io.IOException; 12 import java.util.Enumeration; 13 import java.util.Properties; 14 15 /** 16 * Created by sun on 2017-3-21. 17 */ 18 @Configuration 19 public class WebMvcConfig extends WebMvcConfigurerAdapter { 20 21 /** 22 * 此方法把該攔截器實例化成一個bean,否則在攔截器里無法注入其它bean 23 * @return 24 */ 25 @Bean 26 SessionInterceptor sessionInterceptor() { 27 return new SessionInterceptor(); 28 } 29 /** 30 * 配置攔截器 31 * @param registry 32 */ 33 public void addInterceptors(InterceptorRegistry registry) { 34 registry.addInterceptor(sessionInterceptor()) 35 .addPathPatterns("/**") 36 .excludePathPatterns("/login","/permission/userInsert", 37 "/error","/tUser/insert","/gif/getGifCode"); 38 } 39 40 }
1 package com.sun.configuration; 2 3 import com.sun.permission.model.User; 4 import com.sun.permission.service.PermissionService; 5 import org.apache.log4j.Logger; 6 import org.apache.shiro.SecurityUtils; 7 import org.apache.shiro.authc.UsernamePasswordToken; 8 import org.apache.shiro.session.Session; 9 import org.apache.shiro.subject.Subject; 10 import org.springframework.web.servlet.HandlerInterceptor; 11 import org.springframework.web.servlet.ModelAndView; 12 13 import javax.annotation.Resource; 14 import javax.servlet.http.HttpServletRequest; 15 import javax.servlet.http.HttpServletResponse; 16 17 /** 18 * Created by sun on 2017-4-9. 19 */ 20 public class SessionInterceptor implements HandlerInterceptor{ 21 private final Logger logger = Logger.getLogger(SessionInterceptor.class); 22 @Resource 23 private PermissionService permissionService; 24 @Override 25 public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object o) throws Exception { 26 logger.info("---preHandle---"); 27 System.out.println(request.getContextPath()); 28 Subject currentUser = SecurityUtils.getSubject(); 29 //判斷用戶是通過記住我功能自動登錄,此時session失效 30 if(!currentUser.isAuthenticated() && currentUser.isRemembered()){ 31 try { 32 User user = permissionService.findByUserEmail(currentUser.getPrincipals().toString()); 33 //對密碼進行加密后驗證 34 UsernamePasswordToken token = new UsernamePasswordToken(user.getEmail(), user.getPswd(),currentUser.isRemembered()); 35 //把當前用戶放入session 36 currentUser.login(token); 37 Session session = currentUser.getSession(); 38 session.setAttribute("currentUser",user); 39 //設置會話的過期時間--ms,默認是30分鍾,設置負數表示永不過期 40 session.setTimeout(-1000l); 41 }catch (Exception e){ 42 //自動登錄失敗,跳轉到登錄頁面 43 response.sendRedirect(request.getContextPath()+"/login"); 44 return false; 45 } 46 if(!currentUser.isAuthenticated()){ 47 //自動登錄失敗,跳轉到登錄頁面 48 response.sendRedirect(request.getContextPath()+"/login"); 49 return false; 50 } 51 } 52 return true; 53 } 54 55 @Override 56 public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception { 57 logger.info("---postHandle---"); 58 } 59 60 @Override 61 public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception { 62 logger.info("---afterCompletion---"); 63 } 64 }