spring mvc 拦截器怎么拦截jsp页面
你这个 是拦截带 /jsp 的 .do请求
解决方案
用spring 的拦截器 去拦截 所有的 .do 请求,
然后写一个 过滤器去拦截 所有的.jsp 的请求
这样才能防止循环过滤
这种会把所有jsp请求过滤不推荐。
<filter>
<filter-name>loginFilter</filter-name>
<filter-class>
net.techfinger.yoyoapp.interceptor.CheckLoginFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>loginFilter</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<servlet-mapping>
<servlet-name>Spring-Servlet</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
publicclassCheckLoginFilter implementsFilter{
@Override
publicvoid destroy(){
//TODO Auto-generated method stub
}
@Override
publicvoid doFilter(ServletRequest servletRequest,
ServletResponse servletResponse,FilterChain filterChain)
throws IOException,ServletException{
//TODO Auto-generated method stub
HttpServletRequest request=(HttpServletRequest)servletRequest;
HttpServletResponse response=(HttpServletResponse)servletResponse;
HttpSession session=request.getSession();
//获得用户请求的URI
Stringpath=request.getRequestURI();
StringcontextPath=request.getContextPath();
Stringurl=path.substring(contextPath.length());
Person person=SessionUtils.getPerson(request);
if(person==null){
response.sendRedirect(contextPath+"/person.do?method=tologin");
return;
}
if(person.getId()!=null&&person.getPassword()!=null){
filterChain.doFilter(servletRequest,servletResponse);
return;
}
}
@Override
publicvoid init(FilterConfig filterConfig)throws ServletException{
}
}
publicclassAuthInterceptor extends HandlerInterceptorAdapter{
privatefinal static Loggerlog=Logger.getLogger(AuthInterceptor.class);
@Override
publicboolean preHandle(HttpServletRequest request,
HttpServletResponse response,Object handler)throws Exception{
HandlerMethod method=(HandlerMethod)handler;
Auth auth=method.getMethod().getAnnotation(Auth.class);
////验证登陆超时问题 auth=null,默认验证
if(auth==null||auth.verifyLogin()){
StringbaseUri=request.getContextPath();
Stringpath=request.getServletPath();
Person person=SessionUtils.getPerson(request);
if(person==null){
if(path.endsWith(".jsp")){
response.setStatus(response.SC_GATEWAY_TIMEOUT);
response.sendRedirect(baseUri+"/person.do?method=tologin");
returnfalse;
}else{
response.setStatus(response.SC_GATEWAY_TIMEOUT);
Map<String,Object>result=new HashMap<String,Object>();
/*result.put("success",false);
result.put("logoutFlag",true);//登录标记true退出
result.put("msg","登录超时.");
XmlUtil.sendMsg(response,result);*/
response.sendRedirect(baseUri+"/person.do?method=tologin");
returnfalse;
}
}
}
//验证URL权限
if(auth==null||auth.verifyURL()){/*
//判断请求的url,是否包含在该角色的url里
StringmethodName=request.getParameter("method");
StringmenuUrl=StringUtils.remove(request.getRequestURI(),request.getContextPath())+"?method="+methodName;
System.out.println(menuUrl);
if(!SessionUtils.isAccessUrl(request,StringUtils.trim(menuUrl))){
//日志记录
StringuserMail=SessionUtils.getPerson(request).getLoginName();
Stringmsg="URL权限验证不通过:[url="+menuUrl+"][email ="+userMail+"]";
log.error(msg);
response.setStatus(response.SC_FORBIDDEN);
Map<String,Object>result=new HashMap<String,Object>();
result.put("success",false);
result.put("msg","没有权限访问,请联系管理员.");
XmlUtil.sendMsg(response,result);
returnfalse;
}
*/}
return super.preHandle(request,response,handler);
}
