详解Spring MVC拦截器实现session控制

详解Spring MVC拦截器实现session控制

未登录，不允许访问background文件夹内的页面，那如何判断是否登录呢？background是关键目录，每个操作该目录的人都需要写在日志表中，如何实现呢？拦截器是实现方案之一。

(1) 在com.geloin.spring.interceptor包中添加SystemInterceptor，并使其继承HandlerInterceptor

/**

*

* @author geloin

*/

package com.geloin.spring.interceptor;

import java.io.PrintWriter;

import java.util.Iterator;

import java.util.Map;

import javax.annotation.Resource;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

import org.springframework.stereotype.Repository;

import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

import com.embest.ruisystem.form.SystemLoggerForm;

import com.embest.ruisystem.form.SystemUserForm;

import com.embest.ruisystem.service.SystemLoggerService;

import com.embest.ruisystem.util.Constants;

import com.embest.ruisystem.util.DataUtil;

/**

*

* @author geloin

*/

@Repository

public class SystemInterceptor extends HandlerInterceptorAdapter {

@Resource(name = "systemLoggerService")

private SystemLoggerService systemLoggerService;

/*

* (non-Javadoc)

*

* @see

* org.springframework.web.servlet.handler.HandlerInterceptorAdapter#preHandle

* (javax.servlet.http.HttpServletRequest,

* javax.servlet.http.HttpServletResponse, java.lang.Object)

*/

@SuppressWarnings({ "rawtypes", "unchecked" })

@Override

public boolean preHandle(HttpServletRequest request,

HttpServletResponse response, Object handler) throws Exception {

request.setCharacterEncoding("UTF-8");

response.setCharacterEncoding("UTF-8");

response.setContentType("text/html;charset=UTF-8");

// 后台session控制

String[] noFilters = new String[] { "login.html", "veriCode.html",

"index.html", "logout.html" };

String uri = request.getRequestURI();

if (uri.indexOf("background") != -1) {

boolean beFilter = true;

for (String s : noFilters) {

if (uri.indexOf(s) != -1) {

beFilter = false;

break;

}

}

if (beFilter) {

Object obj = request.getSession().getAttribute(

Constants.LOGINED);

if (null == obj) {

// 未登录

PrintWriter out = response.getWriter();

StringBuilder builder = new StringBuilder();

builder.append("");

out.print(builder.toString());

out.close();

return false;

} else {

// 添加日志

String operateContent = Constants.operateContent(uri);

if (null != operateContent) {

String url = uri.substring(uri.indexOf("background"));

String ip = request.getRemoteAddr();

Integer userId = ((SystemUserForm) obj).getId();

SystemLoggerForm form = new SystemLoggerForm();

form.setUserId(userId);

form.setIp(ip);

form.setOperateContent(operateContent);

form.setUrl(url);

this.systemLoggerService.edit(form);

}

}

}

}

Map paramsMap = request.getParameterMap();

for (Iterator it = paramsMap.entrySet().iterator(); it

.hasNext();) {

Map.Entry entry = it.next();

Object[] values = (Object[]) entry.getValue();

for (Object obj : values) {

if (!DataUtil.isValueSuccessed(obj)) {

throw new RuntimeException("有非法字符：" + obj);

}

}

}

return super.preHandle(request, response, handler);

}

}

(2) 修改context-dispatcher.xml，让spring管理拦截器

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。