方法一使用servlet自帶的HttpSession
注意點: HttpSession應該作為方法的參數
//登入
public boolean customerLogin(HttpSession httpSession) { httpSession.setAttribute( "customer" , customer); }
// 退出 public String customerOut(HttpSession httpSession) { httpSession.removeAttribute( "customer" ); return "login" ; }
方法二:使用spring的@SessionAttributes("logincustomer")
//登入
@Controller @SessionAttributes("logincustomer") public classCustomerController { publicJSONObject customerLogin(@RequestBody JSONObject json, ModelMap model,HttpServletResponse response) { model.addAttribute( "logincustomer" , logincustomer); } }
// 退出 @RequestMapping(value = "customerout" ) public String customerOut(SessionStatus sessionStatus) { sessionStatus.setComplete(); // 只對@SessionAttributes("customer")有用,對HttpSession沒用 // 使用sessionStatus.setComplete( );會將所有的session全部清掉, return "login" ; }
攔截器(interceptor)
注意:攔截器跟ajax結合用的話使用這條語句response.sendRedirect(request. getContextPath()+"/login.jsp");實現不了調轉,要把結果傳給前端,再在前端上實現跳轉
因此要判斷請求是否是ajax請求
package com.dessert.interceptor; import java.io.OutputStream; import java.io.PrintStream; import javax.servlet.ServletOutputStream; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import org.springframework.web.servlet.ModelAndView; import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; public class CommonInterceptor extends HandlerInterceptorAdapter { /* *在攔截器中中有三個方法: * preHandler:在進入Handler方法之前執行了,使用於身份認證,身份授權,登陸校驗等,比如身份認證,用戶沒有登陸,攔截不再向下執行, *返回值為false,即可實現攔截;否則,返回true時,攔截不進行執行; postHandler * :進入Handler方法之后,返回ModelAndView之前執行,使用場景從ModelAndView參數出發,比如,將公用的模型數據在這里傳入到視圖, *也可以統一指定顯示的視圖等; afterHandler :在執行Handler完成后執行此方法,使用於統一的異常處理,統一的日志處理等; */ @ Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { HttpSession session =request.getSession(); if (session.getAttribute("logincustomer") != null ) { // System.out.println(session.getAttribute("costomer")); return true ; } // 如果是ajax請求,請求頭會有x-requested-with String requestWith = request.getHeader("x-requested-with" ); if (requestWith != null && requestWith.equalsIgnoreCase("XMLHttpRequest" )){ if (session.getAttribute("logincustomer") == null ) { return false ; } else if (session.getAttribute("logincustomer") != null ) { return true ; } } else { response.sendRedirect(request. getContextPath() +"/login.jsp" ); } return false ; } @Override public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception { } @Override public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception { } }
springmvc中對攔截器的配置
< mvc:interceptors > < mvc:interceptor > <!-- 匹配的是url路徑,如果不配置或/**,將攔截所有的Controller --> < mvc:mapping path ="/**" /> < !-- <mvc:exclude-mapping path="/index.jsp" /> --> < mvc:exclude-mapping path ="/*login" /> < mvc:exclude-mapping path ="/forgotpwd" / > < mvc:exclude-mapping path ="/customerregister" /> < mvc:exclude-mapping path ="/vaildtel" /> <mvc:exclude-mapping path ="/css/**" /> < mvc:exclude-mapping path ="/js/**" /> < mvc:exclude-mapping path ="/myutil/**" /> < mvc:exclude- mapping path ="/images/**" /> <!-- <mvc:exclude-mapping path="/*.html" /> --> < bean class ="com.dessert.interceptor .CommonInterceptor" > < / bean > </ mvc:interceptor > <!-- 當設置多個攔截器時,先按順序調用preHandle方法,然后逆序調用每個攔截器的postHandle和afterCompletion方法--> </ mvc:interceptors >