SpringMVC拦截器配置详解
来源:互联网 发布:网络机顶盒那个牌子的好 编辑:程序博客网 时间:2024/06/05 08:09
最近在做SSM(Spring+SpringMVC+MyBatis)项目中有关拦截器的问题上,踩了很多坑,记录下,避免再次踩坑!
一,拦截器的用途
拦截器可以用于验证用户是否登录,是否有权限进行相关操作
二,拦截器的配置
1,添加servlet-context-interceptor.xml配置文件
<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mvc="http://www.springframework.org/schema/mvc" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd" default-autowire="byName"> <!-- 防范CSRF攻击 --> <bean id="globalInterceptor" class="com.jd.ecc.workorder.interceptor.GlobalInterceptor"> </bean> <!-- checkLogin --> <bean id="checkLoginInterceptor" class="类的具体路径"> <property name="cookieName" value="${passport.checkLogin.cookieName}" /> <property name="authenticationKey" value="${passport.checkLogin.authenticationKey}" /> <property name="loginUrl" value="${passport.checkLogin.loginUrl}"></property> <property name="charsetName" value="${passport.checkLogin.charsetName}"></property> <property name="URIEncoding" value="${passport.checkLogin.uriEncoding}"></property> <property name="mConsoleSecretKey" value="${m.console.secret.key}"></property> </bean> <mvc:interceptors> <mvc:interceptor> <mvc:mapping path="/**" /> <ref bean="globalInterceptor"/> </mvc:interceptor> <mvc:interceptor> <mvc:mapping path="/**"/> <mvc:exclude-mapping path="/"/> <mvc:exclude-mapping path="/index.html"/> <ref bean="checkLoginInterceptor"/> </mvc:interceptor> </mvc:interceptors></beans>2,相关的处理类
public class GlobalInterceptor extends HandlerInterceptorAdapter { private static final Logger logger = Logger.getLogger(GlobalInterceptor.class); @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { logger.debug("---------GlobalInterceptor----------"); String referrer = request.getHeader("referer"); return true; }}
public class CheckLoginInterceptor extends SpringMvcInterceptor { private static final Logger logger = LoggerFactory.getLogger(CheckLoginInterceptor.class); private String mConsoleSecretKey; private static final String OPERATE_SOURCE = "M_CONSOLE"; private static final int HTTP_STATUS_400 = 400; private static final long TIMESSTAMPS_EFFECTIVE_TIME = 30000L; public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { String operateSource = request.getHeader("operateSource"); logger.info("operateSource:" + operateSource); // 判断提交工单是否来源于M端控制台,若不是,则执行登录校验程序 if(!OPERATE_SOURCE.equals(operateSource)){ return super.preHandle(request,response,handler); } // 若工单提交来源于M端控制台,则校验签名是否正确 request.setCharacterEncoding("utf8"); String pin = request.getHeader("pin"); pin = URLDecoder.decode(pin, "utf8"); Long timestamps = Long.valueOf(request.getHeader("timestamps")); Long nowTime = System.currentTimeMillis(); logger.info("timestamps:{},nowTime:{}", new Object[] { timestamps, nowTime }); // 时间戳有效时间为30s if (nowTime - timestamps >= TIMESSTAMPS_EFFECTIVE_TIME) { logger.info("nowTime - timestamps >= 30000"); response.setStatus(HTTP_STATUS_400); return false; } String sign = request.getHeader("sign"); logger.info("pin:{},timestamps:{},operateSource:{},sign:{}", new Object[] { pin, timestamps, operateSource, sign }); if(StringUtils.isBlank(pin) || timestamps == null || StringUtils.isBlank(sign)){ response.setStatus(HTTP_STATUS_400); return false; } String tempSign = MD5Utils.GetMD5Code(pin + timestamps + operateSource + mConsoleSecretKey); logger.info("tempSign:{},sign:{}", new Object[] { tempSign, sign }); if(tempSign.equals(sign)){ request.setAttribute(JdLoginUtils.PIN, pin); request.setAttribute("pin", pin); return true; }else{ logger.info("!tempSign.equals(sign)"); response.setStatus(HTTP_STATUS_400); return false; } } @Override protected boolean isOpenRemoteCheck() { //不开启远程session校验 return false; } public void setmConsoleSecretKey(String mConsoleSecretKey) { this.mConsoleSecretKey = mConsoleSecretKey; } }
阅读全文
0 0
- SpringMVC拦截器配置详解
- springmvc配置拦截器及测试详解
- SpringMVC拦截器详解
- SpringMVC拦截器详解
- SpringMVC 拦截器 详解
- springmvc拦截器详解
- SpringMVC拦截器详解
- SpringMVC拦截器详解
- springmvc 拦截器配置
- springMVC拦截器配置
- springMvc拦截器配置
- SpringMvc拦截器配置
- SpringMvc配置拦截器
- springmvc拦截器配置
- SpringMvc拦截器配置
- springmvc拦截器配置
- springmvc拦截器配置
- springMVC拦截器配置
- 多线程之编程面试题
- 写好的验证界面(四位数数据随机组合)
- shell相关命令(一)
- C++中关于无法无法解析外部错误的解决方案
- spring整合activemq
- SpringMVC拦截器配置详解
- android中ViewPager+Picasso 实现轮播本地和网络图片源码
- 1.3概念和术语
- struts2中的常用s标签应用
- java如何获取服务器地址&端口
- Ubuntu16.04如果设置开机启动
- C++ Class 构造时由于LazyMode 和 Copy Constructor导致的问题
- 求最大公约数,最大公倍数问题
- STM32外部中断步骤