【Spring MVC】教程——使用拦截器实现权限控制

来源：互联网发布：津桥留学知乎编辑：程序博客网时间：2024/05/22 14:46

之前一直都在用mvc的拦截器权限控制，后来上网也研究了一些这方面的知识，下面就直接分享下我对mvc的拦截器的理解，通过项目来分析吧。。。

1、首先准备对应的架包

2、看看项目的架构

3、基本的web.xml文件

<?xml version="1.0" encoding="UTF-8"?><web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"><display-name>shiro</display-name><!-- 加载springmvc --><servlet><servlet-name>SpringMVC</servlet-name><servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class><init-param><param-name>contextConfigLocation</param-name><param-value>classpath:mvc.xml</param-value></init-param><load-on-startup>1</load-on-startup></servlet><!-- 以.htm结尾的都被mvc拦截 --><servlet-mapping><servlet-name>SpringMVC</servlet-name><url-pattern>*.htm</url-pattern></servlet-mapping><!-- 启动spring 加载   需要加载其他的spring时 需启动该监听器<listener><listener-class>org.springframework.web.context.ContextLoaderListener</listener-class></listener> --></web-app>

3、配置classpath下的mvc.xml文件

<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"xmlns:context="http://www.springframework.org/schema/context"xmlns:mvc="http://www.springframework.org/schema/mvc"xsi:schemaLocation="http://www.springframework.org/schema/beanshttp://www.springframework.org/schema/beans/spring-beans-3.0.xsdhttp://www.springframework.org/schema/contexthttp://www.springframework.org/schema/context/spring-context-3.0.xsd http://www.springframework.org/schema/mvchttp://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd"><mvc:annotation-driven /><!-- 自动扫描包 --><context:component-scan base-package="com.cat.spring.controller" /><!--  配置mvc的拦截器 可以配置多个 --><mvc:interceptors><mvc:interceptor><!--  需要被拦截的路径 --><mvc:mapping path="/member/**" /><!-- 拦截处理的interceptor --><bean class="com.cat.interceptor.MemberInterceptor" /></mvc:interceptor></mvc:interceptors><!-- mvc返回页面的配置 --><bean id="viewResolver"class="org.springframework.web.servlet.view.InternalResourceViewResolver"><!-- 模板路径为WEB-INF/pages/ --><property name="prefix"><value>/WEB-INF/pages/</value></property><!-- 视图模板后缀为.JSP --><property name="suffix"><value>.jsp</value></property></bean></beans>

4、接着就要配置拦截器了MemberInterceptor.java

/** *  */package com.cat.interceptor;import java.net.URLEncoder;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import javax.servlet.http.HttpSession;import org.apache.commons.lang.StringUtils;import org.springframework.web.servlet.HandlerInterceptor;import org.springframework.web.servlet.ModelAndView;/** * @author chenlf *  *         2014-3-25 */public class MemberInterceptor implements HandlerInterceptor {public final static String SEESION_MEMBER = "seesion_member";/* * (non-Javadoc) *  * @see org.springframework.web.servlet.HandlerInterceptor#afterCompletion(javax.servlet.http.HttpServletRequest, * javax.servlet.http.HttpServletResponse, java.lang.Object, java.lang.Exception) */public void afterCompletion(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2,Exception arg3) throws Exception {// TODO Auto-generated method stub}/* * (non-Javadoc) *  * @see org.springframework.web.servlet.HandlerInterceptor#postHandle(javax.servlet.http.HttpServletRequest, * javax.servlet.http.HttpServletResponse, java.lang.Object, org.springframework.web.servlet.ModelAndView) */public void postHandle(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2,ModelAndView arg3) throws Exception {// TODO Auto-generated method stub}/* * (non-Javadoc) * 拦截mvc.xml配置的/member/**路径的请求 * @see org.springframework.web.servlet.HandlerInterceptor#preHandle(javax.servlet.http.HttpServletRequest, * javax.servlet.http.HttpServletResponse, java.lang.Object) */public boolean preHandle(HttpServletRequest request, HttpServletResponse response,Object handler) throws Exception {//请求的路径String contextPath=request.getContextPath();Stringurl=request.getServletPath().toString();HttpSession session = request.getSession();String user = (String) session.getAttribute(SEESION_MEMBER);//这里可以根据session的用户来判断角色的权限，根据权限来重定向不同的页面，简单起见，这里只是做了一个重定向if (StringUtils.isEmpty(user)) {//被拦截，重定向到login界面response.sendRedirect(contextPath+"/login.htm?redirectURL="+ URLEncoder.encode(url));return false;}return true;}}

这样拦截器的核心就配置完了，接下来就是一些登陆的处理操作

5、LoginController.java文件

/** *  */package com.cat.spring.controller;import java.net.URLDecoder;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpSession;import org.apache.commons.lang.StringUtils;import org.springframework.stereotype.Controller;import org.springframework.web.bind.annotation.RequestMapping;import org.springframework.web.bind.annotation.RequestMethod;import org.springframework.web.servlet.ModelAndView;import com.cat.interceptor.MemberInterceptor;/** * @author chenlf *  *         2014-3-24 */@Controllerpublic class LoginController {@RequestMapping(value = "/login", method = RequestMethod.GET)public ModelAndView login(String redirectURL, HttpServletRequest request) {ModelAndView view = new ModelAndView();//把拦截前路径存下来，以便登入成功可以直接请求到登录前的页面view.addObject("redirectURL", redirectURL);view.setViewName("/login");return view;}@RequestMapping(value = "/submit", method = RequestMethod.POST)public String submit(String username, String password, String redirectURL,HttpServletRequest request) {//模拟登陆成功 用户admin 密码admin的用户if (StringUtils.isNotBlank(username) && StringUtils.isNotBlank(password)&& username.equals("admin") && password.equals("admin")) {//当登陆成功是，将用户信息存放到session中去HttpSession session = request.getSession();session.setAttribute(MemberInterceptor.SEESION_MEMBER, "admin");if (StringUtils.isNotBlank(redirectURL)) {return "redirect:" + URLDecoder.decode(redirectURL);}return "redirect:/member/index.htm";} else {if (StringUtils.isNotBlank(redirectURL)) {return "redirect:/login.htm?" + URLDecoder.decode(redirectURL);}return "redirect:/login.htm";}}}

6、下面就是login.jsp文件

<%@ page language="java" contentType="text/html; charset=UTF-8"pageEncoding="utf-8"%><!DOCTYPE html><html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>mvc权限登陆login</title></head><body><h3>mvc权限登陆login</h3><form action="submit.htm" method="post"><!-- 记录重定向的url --><input type="hidden" name="redirectURL" value="${redirectURL}" /><table><tr><td>账号</td><td><input type="text" name="username" /></td><td>密码</td><td><input type="password" name="password" /></td></tr><tr><td colspan="2" align="center"><input type="submit" value="提交" /></td></tr></table></form></body></html>

7、剩下的就是一些正常的mvc请求处理的文件，这里就不赘诉了

8、到这里看看效果吧

a、当非登陆状态的时候，请求localhost:8010/demo-mvc/member/list.htm时，被拦截拦截，重定向到login页面，并携带了当前的这个路径（/member/list.htm）作为参数传到页面

b、输入正确的用户名admin 密码admin后登陆，会跳转到拦截前的页面

c、当登陆完成后，输入地址为http://localhost:8010/demo-mvc/member/index.htm，session中记录着当前用户的信息，不需要重新登陆了

9、因为篇幅问题，一些不重要的文件没有一一贴出来，有需要的可以到http://download.csdn.net/detail/a124753561/7098925下载源代码。

1 0