SpringMVC拦截器实现登录认证

当使用到springmvc的做网页工程的时候，总会遇到需要判断登陆权限的，一般的做法是每次登陆的话，发送给后台，后台返回一个唯一的token，以便标识用户每一次请求的权限，如果没有登陆成功，则token为空，访问任意网址都会跳到登陆界面.      
注意： 不过我发现了网上所有的登陆权限认证，都忽略了一个问题，如果你的项目中有js/css等其他代码的话，是会都拦截到，就会一直陷入死循环中，导致无法进入主界面，需要把这些js和css等界面的所需的文件，也进行判断才能顺利拦截。（还有访问登陆界面的路径、点击登陆按钮访问后台的路径，都需要判断），其他的路径的话，如果没有token就返回主界面.

pom.xml :

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"><modelVersion>4.0.0</modelVersion><groupId>ldns</groupId><artifactId>springmvc</artifactId><packaging>war</packaging><version>0.0.1-SNAPSHOT</version><name>springmvc Maven Webapp</name><url>http://maven.apache.org</url><properties><!-- spring版本号 --><spring.version>4.3.3.RELEASE</spring.version></properties><dependencies><dependency><groupId>junit</groupId><artifactId>junit</artifactId><version>4.11</version><!-- 表示开发的时候引入，发布的时候不会加载此包 --><scope>test</scope></dependency><!-- spring核心包 --><dependency><groupId>org.springframework</groupId><artifactId>spring-core</artifactId><version>${spring.version}</version></dependency><dependency><groupId>org.springframework</groupId><artifactId>spring-web</artifactId><version>${spring.version}</version></dependency><dependency><groupId>org.springframework</groupId><artifactId>spring-oxm</artifactId><version>${spring.version}</version></dependency><dependency><groupId>org.springframework</groupId><artifactId>spring-tx</artifactId><version>${spring.version}</version></dependency><dependency><groupId>org.springframework</groupId><artifactId>spring-jdbc</artifactId><version>${spring.version}</version></dependency><dependency><groupId>org.springframework</groupId><artifactId>spring-webmvc</artifactId><version>${spring.version}</version></dependency><dependency><groupId>org.springframework</groupId><artifactId>spring-aop</artifactId><version>${spring.version}</version></dependency><dependency><groupId>org.springframework</groupId><artifactId>spring-context-support</artifactId><version>${spring.version}</version></dependency><dependency><groupId>org.springframework</groupId><artifactId>spring-test</artifactId><version>${spring.version}</version></dependency><!-- JSTL标签类 --><dependency><groupId>jstl</groupId><artifactId>jstl</artifactId><version>1.2</version></dependency><dependency><groupId>javax.servlet</groupId><artifactId>javax.servlet-api</artifactId><version>3.1.0</version></dependency></dependencies><build><finalName>springmvc</finalName></build></project>

web.xml:

<?xml version="1.0" encoding="UTF-8"?><web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"version="3.0"><display-name>springmvc</display-name><context-param><param-name>contextConfigLocation</param-name><param-value></param-value></context-param><listener><listener-class>org.springframework.web.context.ContextLoaderListener</listener-class></listener><listener><listener-class>org.springframework.web.util.IntrospectorCleanupListener</listener-class></listener><filter><filter-name>encodingFilter</filter-name><filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class><async-supported>true</async-supported><init-param><param-name>encoding</param-name><param-value>UTF-8</param-value></init-param></filter><filter-mapping><filter-name>encodingFilter</filter-name><url-pattern>/*</url-pattern></filter-mapping><servlet><servlet-name>SpringMVC</servlet-name><servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class><init-param><param-name>contextConfigLocation</param-name><param-value>classpath:springmvc.xml</param-value></init-param><load-on-startup>1</load-on-startup></servlet><servlet-mapping><servlet-name>SpringMVC</servlet-name><url-pattern>/</url-pattern></servlet-mapping><welcome-file-list><welcome-file>/WEB-INF/jsp/login.jsp</welcome-file></welcome-file-list></web-app>

springmvc.xml:

<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"xmlns:tx="http://www.springframework.org/schema/tx" xmlns:mvc="http://www.springframework.org/schema/mvc"xsi:schemaLocation="http://www.springframework.org/schema/beans        http://www.springframework.org/schema/beans/spring-beans-4.3.xsd        http://www.springframework.org/schema/context        http://www.springframework.org/schema/context/spring-context.xsd        http://www.springframework.org/schema/tx        http://www.springframework.org/schema/tx/spring-tx.xsd          http://www.springframework.org/schema/mvc       http://www.springframework.org/schema/mvc/spring-mvc.xsd"><!-- 自动扫描该包，使SpringMVC认为包下用了@controller注解的类是控制器 --><context:component-scan base-package="com.test.controller" /><!-- 访问静态资源 --><mvc:default-servlet-handler /><!-- 视图解析器 --><beanclass="org.springframework.web.servlet.view.InternalResourceViewResolver"><property name="prefix" value="/WEB-INF/jsp/"></property><property name="suffix" value=".jsp"></property></bean><!-- 拦截器 --><mvc:interceptors><mvc:interceptor><mvc:mapping path="/**" /><bean class="com.test.interceptor.LoginInterceptor"></bean></mvc:interceptor></mvc:interceptors></beans>

logincontrol.java:

package com.test.controller;import javax.servlet.http.HttpSession;@Controllerpublic class LoginControl {@RequestMapping(value = "/login")public String login(HttpSession session, String username, String password) throws Exception {System.out.println("-----login------");// 在Session里保存信息session.setAttribute("username", username);// 重定向return "hello";}@RequestMapping(value = "/logout")public String logout(HttpSession session) throws Exception {// 清除Sessionsession.invalidate();return "hello";}}

LoginInterceptor.java：

package com.test.interceptor;import javax.servlet.http.HttpServletRequest;public class LoginInterceptor implements HandlerInterceptor {@Overridepublic void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object arg2, Exception arg3)throws Exception {// TODO Auto-generated method stub}@Overridepublic void postHandle(HttpServletRequest request, HttpServletResponse response, Object arg2, ModelAndView arg3)throws Exception {// TODO Auto-generated method stub}@Overridepublic boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {System.out.println("------LoginInterceptor-------");// 获取请求的URLString url = request.getRequestURI();// URL:login.jsp是公开的;这个demo是除了login.jsp是可以公开访问的，其它的URL都进行拦截控制// 注意：一些静态文件不能拦截，否则会死循环，知道内存耗尽if (url.indexOf("login") >= 0) {return true;}// 获取SessionHttpSession session = request.getSession();String username = (String) session.getAttribute("username");if (username != null) {return true;}// 不符合条件的，跳转到登录界面// request.getRequestDispatcher("/WEB-INF/jsp/login.jsp").forward(request, response);response.sendRedirect("/test/login");return false;}}

login.jsp:

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%><%@taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><title>My JSP 'login.jsp' starting page</title><meta http-equiv="pragma" content="no-cache"><meta http-equiv="cache-control" content="no-cache"><meta http-equiv="expires" content="0"><meta http-equiv="keywords" content="keyword1,keyword2,keyword3"><meta http-equiv="description" content="This is my page"><!--     <link rel="stylesheet" type="text/css" href="styles.css">     --></head><body><form action="login" method="post">用户名:<input type="text" name="username" /><br> 密码:<input type="text" name="password" /><br> <input type="submit" value="登录" /></form></body></html>

hello.jsp:

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%><%@taglib uri="http://www.springframework.org/tags" prefix="spring"%><%@taglib uri="http://www.springframework.org/tags/form" prefix="form"%><%@taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><title>My JSP 'hello.jsp' starting page</title><meta http-equiv="pragma" content="no-cache"><meta http-equiv="cache-control" content="no-cache"><meta http-equiv="expires" content="0"><meta http-equiv="keywords" content="keyword1,keyword2,keyword3"><meta http-equiv="description" content="This is my page"><!--     <link rel="stylesheet" type="text/css" href="styles.css">     --></head><body>当前用户:${username}<c:if test="${username!=null}"><a href="logout">退出</a></c:if></body></html>

总体结构：