Try   HackMD

登入判斷驗證

tags: 攔截器介紹

loginController

@Controller public class loginController { @RequestMapping("/main") public String main(){ return "main"; } @RequestMapping("/goLogin") public String login(){ return "login"; } @RequestMapping("/login") public String login(HttpSession session,String username, String password){ //把用戶的信息存在session中 session.setAttribute("userLoginInfo",username); return "main"; } }

index.jsp

<h1><a href="${pageContext.request.contextPath}/goLogin">登入頁面</a></h1> <h1><a href="${pageContext.request.contextPath}/main">首頁</a></h1>

login.jsp

<%--在web-inf下的所有頁面或資源,只能通過controller或者servlet進行訪問--%> <h1>登入頁面</h1> <form action="${pageContext.request.contextPath}/login" method="post"> 用戶名:<input type="text" name="username"/> 密碼:<input type="text" name="password"/> <input type="submit" value="提交">

進入index頁面

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

點擊登入頁面
Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

輸入完用戶名、密碼後,返回到首頁
Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

成功!


但這裡直接點擊首頁,也會跳到首頁,如果想要讓只有透過登入頁面進行認證後,才能跳到首頁,該怎麼做?

編寫登入用的攔截器

public class LoginInterceptor implements HandlerInterceptor { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { HttpSession session = request.getSession(); //放行:判斷什麼情況下登入 //登入頁面也會放行 if(request.getRequestURI().contains("goLogin")){ return true; } //說明我在提交登入 if(request.getRequestURI().contains("login")){ return true; } //第一次登入,也是沒有session的 if(session.getAttribute("userLoginInfo") != null){ return true; } //判斷什麼情況下沒有登入 request.getRequestDispatcher("/WEB-INF/jsp/login.jsp").forward(request,response); return false; } }

配置攔截器

<mvc:interceptor> <!--包括這個請求下面的所有請求--> <mvc:mapping path="/user/**"/> <bean class="com.kuang.config.LoginInterceptor"/> </mvc:interceptor>

為了讓相關頁面能經過登入攔截器,新增/user路徑

loginController

@Controller @RequestMapping("/user") public class loginController { @RequestMapping("/main") public String main(){ return "main"; } @RequestMapping("/goLogin") public String login(){ return "login"; } @RequestMapping("/login") public String login(HttpSession session,String username, String password){ //把用戶的信息存在session中 session.setAttribute("userLoginInfo",username); return "main"; } }

index.jsp

<h1><a href="${pageContext.request.contextPath}/user/goLogin">登入頁面</a></h1> <h1><a href="${pageContext.request.contextPath}/user/main">首頁</a></h1>

測試

不經過登入頁面,直接點擊首頁

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

經過攔截器判斷,因為沒有經過登入頁面,所以不傳到首頁,而是來到登入頁面
Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →


新增登入到主頁後可以註銷的功能

loginController增加註銷功能

@RequestMapping("/goOut") public String goOut(HttpSession session){ session.removeAttribute("userLoginInfo"); return "main"; }

首頁新增一個註銷連結的路經

<h1>首頁</h1> <span>${username}</span> <p> <a href="${pageContext.request.contextPath}/user/goOut">註銷</a> </p>

測試

進入登入頁面輸入帳密


進入首頁,顯示輸入的帳號,下方有註銷按鈕

點擊後回到首頁,原先的帳號已經被註銷掉消失

回到index,再次點擊首頁

因為帳號已經被註銷,所以被攔截器傳到登入頁面

成功!