发布到外网的web工程必须添加登录过滤器来阻挡一些非法的请求,即只有登录的用户才能对web工程进行请求,否则无论请求什么资源都需要调整到登录页面进行登录操作。这时就需要用到过滤器,其实非常简单,只需要在spring配置文件中加入你自己写的java过滤器即可。我这里的例子是无论请求什么资源都需要运行java过滤器来验证是否已登录,如果未登录则跳转到登录页面。
1、spring需要添加的配置代码
<!-- 登录拦截器 -->
<mvc:interceptors>
<mvc:interceptor>
<mvc:mapping path="/**" />
<mvc:exclude-mapping path="/loginController/*" />
<mvc:exclude-mapping path="/js/**" />
<mvc:exclude-mapping path="/script/**" />
<mvc:exclude-mapping path="/css/**" />
<mvc:exclude-mapping path="/img/**" />
<bean class="com.lnjh.contractlock.interceptor.LoginInterceptor" />
</mvc:interceptor>
</mvc:interceptors>
<mvc:exclude-mapping path="/img/**" />表示访问该路径下的资源时不使用过滤器,如访问http://localhost:8080/yourWeb/img/eye.png这时就不会走过滤器方法。
2、 bean节点配置的就是你自己写的过滤器类路径,代码如下:
import javax.servlet.ServletContext; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import com.lnjh.contractlock.entity.User;
/** * 登录拦截器 * * @author Administrator * */
public class LoginInterceptor implements HandlerInterceptor {
@Override
public void afterCompletion(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, Exception arg3) throws Exception { }
@Override public void postHandle(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, ModelAndView arg3) throws Exception { }
//在方法调用前执行此方法,如果未登录则跳转到登录页面
@Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object obj) throws Exception {
User user = (User) request.getSession().getAttribute("user");
if (user != null) {
return true;
} else {
ServletContext context = request.getSession().getServletContext();
response.sendRedirect(context.getContextPath() + "/loginController/login");
return false; }
}
}