SpringBoot(十三)-----实现登录拦截器

我们可以使用Springboot的登录拦截器进行登录验证，并完成登录跳转，错误的账户不进行跳转，正确的账户则跳转至success页面中。

同时添加登录拦截器，对于错误的账户不允许直接访问main.html页面。

实现步骤：

一.配置登录页面以及登录业务逻辑处理

1.首先建立一个springboot的项目，项目目录结构如下：

首先，我们需要导入Springboot相应的jar包，在pom.xml文件中进行添加：

pom.xml

<project xmlns="http://maven.apache.org/POM/4.0.0"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <groupId>com.zk.myspringboot_014</groupId>
    <artifactId>myspringboot_014</artifactId>
    <packaging>jar</packaging>
    <version>0.0.1-SNAPSHOT</version>
    <name>myspringboot_014 Maven Webapp</name>
    <url>http://maven.apache.org</url>
    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-configuration-processor</artifactId>
            <optional>true</optional>
        </dependency>
        <!-- 继承父包 -->
        <dependency>
            <groupId>org.webjars</groupId>
            <artifactId>jquery</artifactId>
            <version>3.3.1-1</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-thymeleaf</artifactId>
        </dependency>
        <dependency>
            <groupId>net.sourceforge.nekohtml</groupId>
            <artifactId>nekohtml</artifactId>
        </dependency>
    </dependencies>
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>1.4.3.RELEASE</version>
    </parent>
    <build>
        <finalName>myspringboot_014</finalName>
    </build>
</project>

接下来，建立我们的登录页面以及登录跳转页面login.html和main.html

<!DOCTYPE html>
<html lang="en"  xmlns:th="http://www.thymeleaf.org">
    <head>
    <meta charset="UTF-8">
    <title>用户登录</title>
</head>
<body>
    <form action="/user/login" method="post">
        用户名:<input name="username" type="text"/><br>
        密码:<input name="password" type="password"> <br>
        <input type="submit" value="登录">
    </form>
</body>
</html>

main.html

<!DOCTYPE html>
<html lang="en"  xmlns:th="http://www.thymeleaf.org">
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
        <meta name="description" content="">
        <meta name="author" content="">
    </head>
    <body class="text-center">
        success
    </body>
 
</html>

可以看到，登录login.html页面中表单返回的action为/user/login，所以需要构建一个返回的LoginController.java

LoginController.java

package com.zk.myspringboot;
 
import org.springframework.stereotype.Controller;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.*;
import javax.servlet.http.HttpSession;
import java.util.Map;
 
@Controller
public class LoginController {
 
//    @DeleteMapping
//    @PutMapping
//    @GetMapping
 
    //@RequestMapping(value = "/user/login",method = RequestMethod.POST)
    @PostMapping(value = "/user/login")
    public String login(@RequestParam("username") String username,
                        @RequestParam("password") String password,
                        Map<String,Object> map, HttpSession session){
        if(!StringUtils.isEmpty(username) && "123456".equals(password)){
            //登陆成功，防止表单重复提交，可以重定向到主页
            session.setAttribute("loginUser",username);
            return "redirect:/main.html";
        }else{
            //登陆失败
 
            map.put("msg","用户名密码错误");
            return  "login";
        }
 
    }
}

　(1)这里使用发送post请求，使用@PostMapping代替了RequestMapping（value="/login", method="post"）

(2)跳转页面时使用 return ”redirect:/ main.html“，而不是 return ”main“ 。这里会直接调用controller

最后加上启动项DemoApplication.java

DemoApplication.java

package com.zk.myspringboot;
 
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
 
@SpringBootApplication
public class DemoApplication {
 
    public static void main(String[] args) {
        SpringApplication.run(DemoApplication.class, args);
    }
}

二. 配置拦截器

当我们未在login.html页面输入用户名和密码时，直接访问main.html，此时也是可以访问到main.html文件的。这种操作不应当被允许，所以需要配置拦截器，当用户名与密码不正确时，页面无权跳转main.html，而直接跳转login.html

1.添加HandlerInterceptor拦截器

LoginHandlerInterceptor.java

package com.zk.myspringboot;
 
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
 
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
 
/**
 * 登陆检查，
 */
public class LoginHandlerInterceptor implements HandlerInterceptor {
    //目标方法执行之前
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        Object user = request.getSession().getAttribute("loginUser");
        if(user == null){
            //未登陆，返回登陆页面
            request.setAttribute("msg","没有权限请先登陆");
            request.getRequestDispatcher("/index.html").forward(request,response);
            return false;
        }else{
            //已登陆，放行请求
            return true;
        }
 
    }
 
    @Override
    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
 
    }
 
    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
 
    }
 
}

在此拦截器中，需要取出LoginController.java中放在loginUser属性中的值进行判断，如果这个值为null，则未登录，返回原始登陆页面，否则放行请求。

2.配置WebMvcConfigurer 拦截器

需要让登录有个拦截器的功能，意思是除了访问首页我们可以，其他未登录的全部拦截下来，所以需要配置一个WebMvcConfigurer 拦截器：

MyMvcConfig.java

package com.zk.myspringboot;
 
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.LocaleResolver;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
 
//使用WebMvcConfigurerAdapter可以来扩展SpringMVC的功能
//@EnableWebMvc   //不要接管SpringMVC
@Configuration
public class MyMvcConfig extends WebMvcConfigurerAdapter {
 
 
 
    @Override
    public void addViewControllers(ViewControllerRegistry registry) {
       // super.addViewControllers(registry);
        //浏览器发送 /index 请求来到 login
        registry.addViewController("/index").setViewName("login");
    }
 
    //所有的WebMvcConfigurerAdapter组件都会一起起作用
    @Bean //将组件注册在容器
    public WebMvcConfigurerAdapter webMvcConfigurerAdapter(){
        WebMvcConfigurerAdapter adapter = new WebMvcConfigurerAdapter() {
            @Override
            public void addViewControllers(ViewControllerRegistry registry) {
                registry.addViewController("/").setViewName("login");
                registry.addViewController("/index.html").setViewName("login");
                registry.addViewController("/main.html").setViewName("main");
            }
 
            //注册拦截器
            @Override
            public void addInterceptors(InterceptorRegistry registry) {
                //super.addInterceptors(registry);
                //静态资源；  *.css , *.js
                //SpringBoot已经做好了静态资源映射
                registry.addInterceptor(new LoginHandlerInterceptor()).addPathPatterns("/**")
                        .excludePathPatterns("/index.html","/","/user/login");
            }
        };
        return adapter;
    }
}