Spring mvc拦截器实现登录验证拦截

首先需要在spring mvc的配置文件中写一个拦截器：

<!-- 拦截器 --><mvc:interceptors><mvc:interceptor><mvc:mapping path="/admin/**" /><bean id="adminInterceptor" class="com.message.interceptor.AdminInterceptor" /></mvc:interceptor></mvc:interceptors>  

这里过滤包含admin的请求，然后去写这个AdminInterceptor

package com.message.interceptor;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.web.servlet.HandlerInterceptor;import org.springframework.web.servlet.ModelAndView;import com.message.entity.User;import com.message.service.UserService;/** * 后台登录验证 *  * @author lolli * */public class AdminInterceptor implements HandlerInterceptor {@Autowiredprivate UserService userService;@Overridepublic void afterCompletion(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, Exception arg3)throws Exception {// TODO Auto-generated method stub}@Overridepublic void postHandle(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, ModelAndView arg3)throws Exception {// TODO Auto-generated method stub}/** * 拦截后台请求 */@Overridepublic boolean preHandle(HttpServletRequest req, HttpServletResponse res, Object arg2) throws Exception {String reqURL = req.getRequestURL().toString();System.out.println("后台请求的url: " + reqURL);if (!reqURL.contains("/admin/member")) {return true;}// 判断当前用户是否登录，且判断是否为管理员User user = (User) req.getSession().getAttribute("admin_user");if (user != null && user.getRole().getId() == 1) {// 每次请求刷新session中的数据req.getSession().setAttribute("admin_user", userService.findById(Long.valueOf(user.getId())));return true;} else {// 重定向到登录页面res.sendRedirect(req.getContextPath() + "/admin.jhtml?reqUrl=" + reqURL);return false;}}}

前提是我们登录的时候需要把“USER”放在session里。