項目下載地址:http://download.csdn.NET/detail/aqsunkai/9805821 定義一個攔截器,判斷用戶是通過記住我登錄時,查詢資料庫後臺自動登錄,同時把用戶放入session中。 配置攔截器也很簡單,Spring 為此提供了基礎類WebMvcConfigurerAd ...
項目下載地址:http://download.csdn.NET/detail/aqsunkai/9805821
定義一個攔截器,判斷用戶是通過記住我登錄時,查詢資料庫後臺自動登錄,同時把用戶放入session中。
配置攔截器也很簡單,Spring 為此提供了基礎類WebMvcConfigurerAdapter ,我們只需要重寫addInterceptors 方法添加註冊攔截器。
實現自定義攔截器只需要3步:
1、創建我們自己的攔截器類並實現 HandlerInterceptor 介面。
2、創建一個Java類繼承WebMvcConfigurerAdapter,並重寫 addInterceptors 方法。
3、實例化我們自定義的攔截器,然後將對像手動添加到攔截器鏈中(在addInterceptors方法中添加)。
package com.sun.configuration; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.core.Ordered; import org.springframework.core.io.support.PropertiesLoaderUtils; import org.springframework.web.servlet.config.annotation.InterceptorRegistry; import org.springframework.web.servlet.config.annotation.ViewControllerRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter; import java.io.IOException; import java.util.Enumeration; import java.util.Properties; /** * Created by sun on 2017-3-21. */ @Configuration public class WebMvcConfig extends WebMvcConfigurerAdapter { /** * 此方法把該攔截器實例化成一個bean,否則在攔截器里無法註入其它bean * @return */ @Bean SessionInterceptor sessionInterceptor() { return new SessionInterceptor(); } /** * 配置攔截器 * @param registry */ public void addInterceptors(InterceptorRegistry registry) { registry.addInterceptor(sessionInterceptor()) .addPathPatterns("/**") .excludePathPatterns("/login","/permission/userInsert", "/error","/tUser/insert","/gif/getGifCode"); } }
package com.sun.configuration; import com.sun.permission.model.User; import com.sun.permission.service.PermissionService; import org.apache.log4j.Logger; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.session.Session; import org.apache.shiro.subject.Subject; import org.springframework.web.servlet.HandlerInterceptor; import org.springframework.web.servlet.ModelAndView; import javax.annotation.Resource; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; /** * Created by sun on 2017-4-9. */ public class SessionInterceptor implements HandlerInterceptor{ private final Logger logger = Logger.getLogger(SessionInterceptor.class); @Resource private PermissionService permissionService; @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object o) throws Exception { logger.info("---preHandle---"); System.out.println(request.getContextPath()); Subject currentUser = SecurityUtils.getSubject(); //判斷用戶是通過記住我功能自動登錄,此時session失效 if(!currentUser.isAuthenticated() && currentUser.isRemembered()){ try { User user = permissionService.findByUserEmail(currentUser.getPrincipals().toString()); //對密碼進行加密後驗證 UsernamePasswordToken token = new UsernamePasswordToken(user.getEmail(), user.getPswd(),currentUser.isRemembered()); //把當前用戶放入session currentUser.login(token); Session session = currentUser.getSession(); session.setAttribute("currentUser",user); //設置會話的過期時間--ms,預設是30分鐘,設置負數表示永不過期 session.setTimeout(-1000l); }catch (Exception e){ //自動登錄失敗,跳轉到登錄頁面 response.sendRedirect(request.getContextPath()+"/login"); return false; } if(!currentUser.isAuthenticated()){ //自動登錄失敗,跳轉到登錄頁面 response.sendRedirect(request.getContextPath()+"/login"); return false; } } return true; } @Override public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception { logger.info("---postHandle---"); } @Override public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception { logger.info("---afterCompletion---"); } }
