SpringMVC注解实现登录验证

拦截器抽象类继承spring的HandlerInterceptorAdapter

package com.hsr.component.auth;import com.hsr.core.annotations.AuthAdmin;import org.springframework.web.method.HandlerMethod;import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import java.io.IOException;public abstract class AuthAdminInterceptorDefault extends HandlerInterceptorAdapter {    @Override    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {        //认证用户        if(handler == null || !handler.getClass().isAssignableFrom(HandlerMethod.class)){            return true;        }        HandlerMethod handlerMethod = (HandlerMethod) handler;        Class beanType = handlerMethod.getBeanType();        AuthAdmin classLevelAuthAnnotation = null;        AuthAdmin methodLevelAuthAnnotation = null;        if(beanType != null){            classLevelAuthAnnotation = (AuthAdmin) beanType.getAnnotation(AuthAdmin.class);        }        methodLevelAuthAnnotation = handlerMethod.getMethodAnnotation(AuthAdmin.class);        //先判断方法级别的限制        if(methodLevelAuthAnnotation != null){            if(methodLevelAuthAnnotation.validate() == false){                return true;            }            else{                return _validateUser(request, response);            }        }        //如果方法级别没有注解在判断类级别的        if(classLevelAuthAnnotation != null){            if(classLevelAuthAnnotation.validate() == false){                return true;            }            else{                return _validateUser(request, response);            }        }        return true;    }    private boolean _validateUser(HttpServletRequest request,HttpServletResponse response)  throws IOException {        //所有的请求都是要进行登陆认的        Object obj = ensureCurrentUser(request,response);        if(obj == null){            //判断请求是否是ajax请求            String requestType = request.getHeader("X-Requested-With");            if(requestType != null && !"".equals(requestType.trim())){                if("XMLHttpRequest".toUpperCase().equals(requestType.toUpperCase())){                    //getOutputStream与getWriter调用的问题                    if(!response.isCommitted()) {                        response.reset();                    }                    //告诉浏览器用UTF-8的编码格式                    response.setHeader("Content-type", "application/html;charset=UTF-8");                    //是告诉servlet用UTF-8转码                    response.setCharacterEncoding("UTF-8");                    response.getWriter().write("LOGIN_TIME_OUT");                }            }            else{                response.sendRedirect(ensureRedirectLoginUrl(request,response));            }            return false;        }else{            return true;        }    }    protected abstract Object ensureCurrentUser(HttpServletRequest request,HttpServletResponse response);    protected abstract String ensureRedirectLoginUrl(HttpServletRequest request,HttpServletResponse response);}

package com.edu.admin.base;import com.hsr.component.auth.AuthAdminInterceptorDefault;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;public class AdminAuth extends AuthAdminInterceptorDefault {    @Override    protected Object ensureCurrentUser(HttpServletRequest request, HttpServletResponse response) {        return AdminUtil.getCurrentUser();    }    @Override    protected String ensureRedirectLoginUrl(HttpServletRequest request, HttpServletResponse response) {        return "login";    }}
注解代码

package com.hsr.core.annotations;import java.lang.annotation.*;/** 认证管理端用户 */@Documented@Inherited@Target({ElementType.METHOD, ElementType.TYPE})@Retention(RetentionPolicy.RUNTIME)public @interface AuthAdmin {    boolean validate() default true;}
springmvc的xml文件配置

<mvc:interceptors>   <bean class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor"/>      <mvc:interceptor>         <mvc:mapping path="/admin/**"/>      <bean class="com.edu.admin.base.AdminAuth"/>   </mvc:interceptor></mvc:interceptors>
然后在需要验证登录的controller上使用注解就行了