1.创建 AuthIntercepter并实现spring的HandlerInterceptor接口
public class AuthIntercepter implements HandlerInterceptor { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse httpServletResponse, Object o) throws Exception { Map<String, String[]> map = request.getParameterMap(); map.forEach((k,v) -> { if (k.equals(“errorMsg”) || k.equals(“successMsg”) || k.equals(“target”)) { request.setAttribute(k, Joiner.on(",").join(v)); } }); String requestUri = request.getRequestURI();//获取请求路径 if (requestUri.startsWith("/static") || requestUri.startsWith("/error")) {//如果访问的是静态资源 不拦截请求 return true; } //获取当前用户 HttpSession session = request.getSession(true); User user = (User) session.getAttribute(CommonConstants.USER_ATTRIBUTE); if (user != null) { UserContext.setUser(user); } return true; } @Override public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception { } @Override public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception { UserContext.remove(); } }该拦截器主要是拦截除了静态资源的所有请求 把用户信息保存在ThreadLocal里 2.创建AuthActionIntercepter并实现spring的HandlerInterceptor接口
public class AuthActionIntercepter implements HandlerInterceptor { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object o) throws Exception { User user = UserContext.getUser(); if(user==null){//重定向到登陆页面 并且记录当前页面路径 String msg= URLEncoder.encode(“请先登录”,“utf-8”); String target=URLEncoder.encode(request.getRequestURI(),“utf-8”); if(“GET”.equalsIgnoreCase(request.getMethod())){//get 请求参数以问号的形式存在 response.sendRedirect("/accounts/signin?errorMsg="+msg+"&target="+target); }else{ response.sendRedirect("/accounts/signin?errorMsg="+msg); } } return false; } @Override public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception { } @Override public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception { } } 该接口主要是拦截所有需要登录的请求 3.让拦截器生效起作用 @Configuration public class WebMvcConf extends WebMvcConfigurerAdapter { @Autowired private AuthIntercepter authIntercepter; @Autowired private AuthActionIntercepter authActionIntercepter; @Override public void addInterceptors(InterceptorRegistry registry) { //设置要拦截的路径 拦截除了/static的所有请求 registry.addInterceptor(authIntercepter).excludePathPatterns("/static").addPathPatterns("/**"); //拦截需要登录的请求 registry.addInterceptor(authActionIntercepter).addPathPatterns("/accounts/profile"); } }
