spring mvc 拦截器怎么拦截jsp页面
1个回答
推荐于2016-07-02 · 知道合伙人数码行家
huanglenzhi
知道合伙人数码行家
采纳数:117538
获赞数:517181
长期从事计算机组装,维护,网络组建及管理。对计算机硬件、操作系统安装、典型网络设备具有详细认知。
向TA提问 私信TA
关注
![]()
展开全部
spring mvc 拦截器怎么拦截jsp页面
<mvc:interceptor>
<mvc:mapping path="/**" />
<bean class="net.techfinger.yoyoapp.interceptor.AuthInterceptor" />
</mvc:interceptor>
你这个 是拦截带 /jsp 的 .do请求
解决方案
用spring 的拦截器 去拦截 所有的 .do 请求,
然后写一个 过滤器去拦截 所有的.jsp 的请求
这样才能防止循环过滤
<!-- <servlet-mapping>
<servlet-name>Spring-Servlet</servlet-name>
<url-pattern>*.jsp</url-pattern>
</servlet-mapping> -->
这种会把所有jsp请求过滤不推荐。
<filter>
<filter-name> loginFilter</filter-name>
<filter-class>
net.techfinger.yoyoapp.interceptor.CheckLoginFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>loginFilter</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<servlet-mapping>
<servlet-name>Spring-Servlet</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
public class CheckLoginFilter implements Filter{
@Override
public void destroy() {
// TODO Auto-generated method stub
}
@Override
public void doFilter(ServletRequest servletRequest,
ServletResponse servletResponse, FilterChain filterChain)
throws IOException, ServletException {
// TODO Auto-generated method stub
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
HttpSession session = request.getSession();
// 获得用户请求的URI
String path = request.getRequestURI();
String contextPath = request.getContextPath();
String url = path.substring(contextPath.length());
Person person =SessionUtils.getPerson(request);
if (person == null) {
response.sendRedirect(contextPath+"/person.do?method=tologin");
return;
}
if (person.getId()!=null&&person.getPassword()!=null) {
filterChain.doFilter(servletRequest, servletResponse);
return;
}
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
}
public class AuthInterceptor extends HandlerInterceptorAdapter {
private final static Logger log= Logger.getLogger(AuthInterceptor.class);
@Override
public boolean preHandle(HttpServletRequest request,
HttpServletResponse response, Object handler) throws Exception {
HandlerMethod method = (HandlerMethod)handler;
Auth auth = method.getMethod().getAnnotation(Auth.class);
////验证登陆超时问题 auth = null,默认验证
if( auth == null || auth.verifyLogin()){
String baseUri = request.getContextPath();
String path = request.getServletPath();
Person person =SessionUtils.getPerson(request);
if(person == null){
if(path.endsWith(".jsp")){
response.setStatus(response.SC_GATEWAY_TIMEOUT);
response.sendRedirect(baseUri+"/person.do?method=tologin");
return false;
}else{
response.setStatus(response.SC_GATEWAY_TIMEOUT);
Map<String, Object> result = new HashMap<String, Object>();
/* result.put("success", false);
result.put("logoutFlag", true);//登录标记 true 退出
result.put("msg", "登录超时.");
XmlUtil.sendMsg(response, result);*/
response.sendRedirect(baseUri+"/person.do?method=tologin");
return false;
}
}
}
//验证URL权限
if( auth == null || auth.verifyURL()){/*
//判断请求的url,是否包含在该角色的url里
String methodName=request.getParameter("method");
String menuUrl = StringUtils.remove(request.getRequestURI(),request.getContextPath())+"?method="+methodName;
System.out.println(menuUrl);
if(!SessionUtils.isAccessUrl(request, StringUtils.trim(menuUrl))){
//日志记录
String userMail = SessionUtils.getPerson(request).getLoginName();
String msg ="URL权限验证不通过:[url="+menuUrl+"][email ="+ userMail+"]" ;
log.error(msg);
response.setStatus(response.SC_FORBIDDEN);
Map<String, Object> result = new HashMap<String, Object>();
result.put("success", false);
result.put("msg", "没有权限访问,请联系管理员.");
XmlUtil.sendMsg(response, result);
return false;
}
*/}
return super.preHandle(request, response, handler);
}
<mvc:interceptor>
<mvc:mapping path="/**" />
<bean class="net.techfinger.yoyoapp.interceptor.AuthInterceptor" />
</mvc:interceptor>
你这个 是拦截带 /jsp 的 .do请求
解决方案
用spring 的拦截器 去拦截 所有的 .do 请求,
然后写一个 过滤器去拦截 所有的.jsp 的请求
这样才能防止循环过滤
<!-- <servlet-mapping>
<servlet-name>Spring-Servlet</servlet-name>
<url-pattern>*.jsp</url-pattern>
</servlet-mapping> -->
这种会把所有jsp请求过滤不推荐。
<filter>
<filter-name> loginFilter</filter-name>
<filter-class>
net.techfinger.yoyoapp.interceptor.CheckLoginFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>loginFilter</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<servlet-mapping>
<servlet-name>Spring-Servlet</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
public class CheckLoginFilter implements Filter{
@Override
public void destroy() {
// TODO Auto-generated method stub
}
@Override
public void doFilter(ServletRequest servletRequest,
ServletResponse servletResponse, FilterChain filterChain)
throws IOException, ServletException {
// TODO Auto-generated method stub
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
HttpSession session = request.getSession();
// 获得用户请求的URI
String path = request.getRequestURI();
String contextPath = request.getContextPath();
String url = path.substring(contextPath.length());
Person person =SessionUtils.getPerson(request);
if (person == null) {
response.sendRedirect(contextPath+"/person.do?method=tologin");
return;
}
if (person.getId()!=null&&person.getPassword()!=null) {
filterChain.doFilter(servletRequest, servletResponse);
return;
}
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
}
public class AuthInterceptor extends HandlerInterceptorAdapter {
private final static Logger log= Logger.getLogger(AuthInterceptor.class);
@Override
public boolean preHandle(HttpServletRequest request,
HttpServletResponse response, Object handler) throws Exception {
HandlerMethod method = (HandlerMethod)handler;
Auth auth = method.getMethod().getAnnotation(Auth.class);
////验证登陆超时问题 auth = null,默认验证
if( auth == null || auth.verifyLogin()){
String baseUri = request.getContextPath();
String path = request.getServletPath();
Person person =SessionUtils.getPerson(request);
if(person == null){
if(path.endsWith(".jsp")){
response.setStatus(response.SC_GATEWAY_TIMEOUT);
response.sendRedirect(baseUri+"/person.do?method=tologin");
return false;
}else{
response.setStatus(response.SC_GATEWAY_TIMEOUT);
Map<String, Object> result = new HashMap<String, Object>();
/* result.put("success", false);
result.put("logoutFlag", true);//登录标记 true 退出
result.put("msg", "登录超时.");
XmlUtil.sendMsg(response, result);*/
response.sendRedirect(baseUri+"/person.do?method=tologin");
return false;
}
}
}
//验证URL权限
if( auth == null || auth.verifyURL()){/*
//判断请求的url,是否包含在该角色的url里
String methodName=request.getParameter("method");
String menuUrl = StringUtils.remove(request.getRequestURI(),request.getContextPath())+"?method="+methodName;
System.out.println(menuUrl);
if(!SessionUtils.isAccessUrl(request, StringUtils.trim(menuUrl))){
//日志记录
String userMail = SessionUtils.getPerson(request).getLoginName();
String msg ="URL权限验证不通过:[url="+menuUrl+"][email ="+ userMail+"]" ;
log.error(msg);
response.setStatus(response.SC_FORBIDDEN);
Map<String, Object> result = new HashMap<String, Object>();
result.put("success", false);
result.put("msg", "没有权限访问,请联系管理员.");
XmlUtil.sendMsg(response, result);
return false;
}
*/}
return super.preHandle(request, response, handler);
}
本回答被提问者和网友采纳
已赞过
已踩过<
评论
收起
你对这个回答的评价是?
推荐律师服务:
若未解决您的问题,请您详细描述您的问题,通过百度律临进行免费专业咨询
