未登录,不允许访问background文件夹内的页面,那如何判断是否登录呢?background是关键目录,每个操作该目录的人都需要写在日志表中,如何实现呢?拦截器是实现方案之一。
(1) 在com.geloin.spring.interceptor包中添加SystemInterceptor,并使其继承HandlerInterceptor
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
|
/** * * @author geloin */package com.geloin.spring.interceptor; import java.io.PrintWriter; import java.util.Iterator; import java.util.Map; import javax.annotation.Resource; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.springframework.stereotype.Repository; import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; import com.embest.ruisystem.form.SystemLoggerForm; import com.embest.ruisystem.form.SystemUserForm; import com.embest.ruisystem.service.SystemLoggerService; import com.embest.ruisystem.util.Constants; import com.embest.ruisystem.util.DataUtil; /** * * @author geloin */@Repositorypublic class SystemInterceptor extends HandlerInterceptorAdapter { @Resource(name = "systemLoggerService") private SystemLoggerService systemLoggerService; /* * (non-Javadoc) * * @see * org.springframework.web.servlet.handler.HandlerInterceptorAdapter#preHandle * (javax.servlet.http.HttpServletRequest, * javax.servlet.http.HttpServletResponse, java.lang.Object) */ @SuppressWarnings({ "rawtypes", "unchecked" }) @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { request.setCharacterEncoding("UTF-8"); response.setCharacterEncoding("UTF-8"); response.setContentType("text/html;charset=UTF-8"); // 后台session控制 String[] noFilters = new String[] { "login.html", "veriCode.html", "index.html", "logout.html" }; String uri = request.getRequestURI(); if (uri.indexOf("background") != -1) { boolean beFilter = true; for (String s : noFilters) { if (uri.indexOf(s) != -1) { beFilter = false; break; } } if (beFilter) { Object obj = request.getSession().getAttribute( Constants.LOGINED); if (null == obj) { // 未登录 PrintWriter out = response.getWriter(); StringBuilder builder = new StringBuilder(); builder.append("<script type=\"text/javascript\" charset=\"UTF-8\">"); builder.append("alert(\"页面过期,请重新登录\");"); builder.append("window.top.location.href=\""); builder.append(Constants.basePath); builder.append("/background/index.html\";</script>"); out.print(builder.toString()); out.close(); return false; } else { // 添加日志 String operateContent = Constants.operateContent(uri); if (null != operateContent) { String url = uri.substring(uri.indexOf("background")); String ip = request.getRemoteAddr(); Integer userId = ((SystemUserForm) obj).getId(); SystemLoggerForm form = new SystemLoggerForm(); form.setUserId(userId); form.setIp(ip); form.setOperateContent(operateContent); form.setUrl(url); this.systemLoggerService.edit(form); } } } } Map paramsMap = request.getParameterMap(); for (Iterator<Map.Entry> it = paramsMap.entrySet().iterator(); it .hasNext();) { Map.Entry entry = it.next(); Object[] values = (Object[]) entry.getValue(); for (Object obj : values) { if (!DataUtil.isValueSuccessed(obj)) { throw new RuntimeException("有非法字符:" + obj); } } } return super.preHandle(request, response, handler); } } |
(2) 修改context-dispatcher.xml,让spring管理拦截器
|
1
2
3
|
<mvc:interceptors> <bean class="com.geloin.spring.interceptor.SystemInterceptor" /> </mvc:interceptors> |
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持服务器之家。
原文链接:http://blog.csdn.net/geloin/article/details/7537070
