SpringMVC拦截器配置详解

最近在做SSM(Spring+SpringMVC+MyBatis)项目中有关拦截器的问题上,踩了很多坑,记录下,避免再次踩坑!

一,拦截器的用途

拦截器可以用于验证用户是否登录,是否有权限进行相关操作

二,拦截器的配置

1,添加servlet-context-interceptor.xml配置文件

<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"       xmlns:mvc="http://www.springframework.org/schema/mvc"       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd    http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd"       default-autowire="byName">    <!-- 防范CSRF攻击 -->    <bean id="globalInterceptor" class="com.jd.ecc.workorder.interceptor.GlobalInterceptor">    </bean>    <!-- checkLogin -->    <bean id="checkLoginInterceptor" class="类的具体路径">        <property name="cookieName" value="${passport.checkLogin.cookieName}" />        <property name="authenticationKey" value="${passport.checkLogin.authenticationKey}" />        <property name="loginUrl" value="${passport.checkLogin.loginUrl}"></property>        <property name="charsetName" value="${passport.checkLogin.charsetName}"></property>        <property name="URIEncoding" value="${passport.checkLogin.uriEncoding}"></property>        <property name="mConsoleSecretKey" value="${m.console.secret.key}"></property>    </bean>    <mvc:interceptors>        <mvc:interceptor>            <mvc:mapping path="/**" />            <ref bean="globalInterceptor"/>        </mvc:interceptor>        <mvc:interceptor>            <mvc:mapping path="/**"/>            <mvc:exclude-mapping path="/"/>            <mvc:exclude-mapping path="/index.html"/>            <ref bean="checkLoginInterceptor"/>        </mvc:interceptor>    </mvc:interceptors></beans>

2,相关的处理类

public class GlobalInterceptor extends HandlerInterceptorAdapter {    private static final Logger logger = Logger.getLogger(GlobalInterceptor.class);    @Override    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {        logger.debug("---------GlobalInterceptor----------");        String referrer = request.getHeader("referer");        return true;    }}

public class CheckLoginInterceptor extends SpringMvcInterceptor {    private static final Logger logger = LoggerFactory.getLogger(CheckLoginInterceptor.class);    private String mConsoleSecretKey;    private static final String OPERATE_SOURCE = "M_CONSOLE";    private static final int HTTP_STATUS_400 = 400;    private static final long TIMESSTAMPS_EFFECTIVE_TIME = 30000L;    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {        String operateSource = request.getHeader("operateSource");        logger.info("operateSource:" + operateSource);        // 判断提交工单是否来源于M端控制台，若不是，则执行登录校验程序        if(!OPERATE_SOURCE.equals(operateSource)){            return super.preHandle(request,response,handler);        }        // 若工单提交来源于M端控制台，则校验签名是否正确        request.setCharacterEncoding("utf8");        String pin = request.getHeader("pin");        pin = URLDecoder.decode(pin, "utf8");        Long timestamps = Long.valueOf(request.getHeader("timestamps"));        Long nowTime = System.currentTimeMillis();        logger.info("timestamps:{},nowTime:{}", new Object[] { timestamps, nowTime });        // 时间戳有效时间为30s        if (nowTime - timestamps >= TIMESSTAMPS_EFFECTIVE_TIME) {            logger.info("nowTime - timestamps >= 30000");            response.setStatus(HTTP_STATUS_400);            return false;        }        String sign = request.getHeader("sign");        logger.info("pin:{},timestamps:{},operateSource:{},sign:{}", new Object[] { pin, timestamps, operateSource, sign });        if(StringUtils.isBlank(pin) || timestamps == null || StringUtils.isBlank(sign)){            response.setStatus(HTTP_STATUS_400);            return false;        }        String tempSign = MD5Utils.GetMD5Code(pin + timestamps + operateSource + mConsoleSecretKey);        logger.info("tempSign:{},sign:{}", new Object[] { tempSign, sign });        if(tempSign.equals(sign)){            request.setAttribute(JdLoginUtils.PIN, pin);            request.setAttribute("pin", pin);            return true;        }else{            logger.info("!tempSign.equals(sign)");            response.setStatus(HTTP_STATUS_400);            return false;        }    }    @Override    protected boolean isOpenRemoteCheck() {        //不开启远程session校验        return false;    }    public void setmConsoleSecretKey(String mConsoleSecretKey) {        this.mConsoleSecretKey = mConsoleSecretKey;    }    }