使用SpirngMvc拦截器实现对登陆用户的身份验证

登陆成功则按returnUrl进行跳转，即跳转到登陆之前的页面，否则跳转到登陆页面，返回登陆错误信息。

1.SpringMVC.xml

<!-- 映射器 -->
<bean  class="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping">
   <property name="interceptors"> <!-- 在映射器拦截 -->
       <list>
            <bean class="cn.itcast.core.web.SpringMvcInterceptor"/>
       </list>
   </property>
</bean>

<!-- 适配器 -->
<bean class="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter"/>

2.SpringMvcInterceptor.java

public class SpringMvcInterceptor implements HandlerInterceptor{//转换拦截器
    @Autowired
    private SessionProvider sessionProvider;private static final String INTERCEPTOR_URL = "/buyer/";
    //方法前
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
            throws Exception {
        // TODO Auto-generated method stub
        Buyer buyer = (Buyer) sessionProvider.getAttribute(request, Constants.BUYER_SESSION);
        boolean flag = false;
        if(null!=buyer){
            flag = true;
        }
        request.setAttribute("isLogin", flag);
        String requestURI = request.getRequestURI();
        if(requestURI.startsWith(INTERCEPTOR_URL)){
            if(null==buyer){
                response.sendRedirect("/shopping/login.shtml?returnUrl="+request.getParameter("returnUrl"));
                return false;
            }
        }
        return true; //为true时后面方法才能继续
    }
//方法后
    @Override
    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
            ModelAndView modelAndView) throws Exception {
        // TODO Auto-generated method stub
    }
//页面渲染后
    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
            throws Exception {
        // TODO Auto-generated method stub 
    }
    public void setAdminId(Integer adminId) {
        this.adminId = adminId;
    }
   
}

3.登陆Controller

@Controller
public class ProfileController {
   @Autowired
   private SessionProvider sessionProvider;
   @Autowired
   private BuyerService buyerServicervice;
   @Autowired
   private Md5Pwd md5Pwd; //注入借口
   
    @RequestMapping(value= "/shopping/login.shtml", method=RequestMethod.GET)
    public String login(){ //登录跳转页面  携带returnUrl
          return "buyer/login";
      }
    @RequestMapping(value="/shopping/login.shtml",method= RequestMethod.POST)
    public String login(Buyer buyer,String captcha,String returnUrl,ModelMap model,HttpServletRequest request){
                    if(null!=buyer&&StringUtils.isNotBlank(buyer.getUsername())){
                        Buyer b = buyerServicervice.getBuyerByKey(buyer.getUsername());
                        if(b!=null){
                            if(b.getPassword().equals(md5Pwd.encode(buyer.getPassword()))){
                                 sessionProvider.setAttribute(request,Constants.BUYER_SESSION, b);
                                 if(StringUtils.isNotBlank(returnUrl)){
                                     return "redirect:"+returnUrl;
                                  //    return "redirect:/buyer/index.shtml";
                                 }else{
                                    return "redirect:/buyer/index.shtml"; 
                                 }
                                     
                            }else{
                                model.addAttribute("error","密码错误");
                            }
                        }else{
                            model.addAttribute("error","改用户不存在");
                        }
                    
                    }else{
                        model.addAttribute("error","用户名不能为空");
                        System.out.println("用户名为空");
                    }
        return "buyer/login";
    }
}

4.工具类SessionProvider

public class HttpSessionProvider implements SessionProvider{

    public void setAttribute(HttpServletRequest request, String name, Serializable value) {
        // TODO Auto-generated method stub
        HttpSession session = request.getSession();//ture表示 如果requst当中有session则不用创建，否则创建
        session.setAttribute(name, value);
    }

    public Serializable getAttribute(HttpServletRequest request, String name) {
        // TODO Auto-generated method stub
        HttpSession session = request.getSession(false);
        if(null!=session){
            return (Serializable) session.getAttribute(name);
        }
        return null;
    }

    public void logOut(HttpServletRequest request) {
        // TODO Auto-generated method stub
        HttpSession session = request.getSession(false);
        if(null!=session){
            session.invalidate();//session失效
        }
    }

    public String getSessionId(HttpServletRequest request) {
        // TODO Auto-generated method stub
         // request.getRequestedSessionId(); //通过url获取sessionId
        return request.getSession().getId();
    }

}

public interface SessionProvider {
  /**
   * session注入值
   * @param request
   * @param name
   * @param value
   * @param serializable
   */
    public void setAttribute(HttpServletRequest request,String name,Serializable value);
   /**
    * 从session中取值
    * @param request
    * @param name
    * @return
    */
    public Serializable getAttribute(HttpServletRequest request,String name);
    /**
     * session失效 退出登录
     * @param request
     */
    public void logOut(HttpServletRequest request);
    /**
     * 获取sessionId
     * @param request
     * @return
     */
    public String getSessionId(HttpServletRequest request);
    
}

5.jsp

    <li class="dev"><a href="javascript:void(0)" onclick="login()"  title="登陆">[登陆]</a></li>
function login(){
    window.location.href = "/shopping/login.shtml?returnUrl="+window.location.href;
}