Spring+Session+interceptor+ajax(拦截器)的登陆和退出
Posted 七月蜀葵
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Spring+Session+interceptor+ajax(拦截器)的登陆和退出相关的知识,希望对你有一定的参考价值。
方法一使用servlet自带的HttpSession
注意点: HttpSession应该作为方法的参数
//登入
public boolean customerLogin(HttpSession httpSession) { httpSession.setAttribute( "customer" , customer); }
// 退出 public String customerOut(HttpSession httpSession) { httpSession.removeAttribute( "customer" ); return "login" ; }
方法二:使用spring的@SessionAttributes("logincustomer")
//登入
@Controller @SessionAttributes("logincustomer") public class CustomerController { public JSONObject customerLogin(@RequestBody JSONObject json, ModelMap model,HttpServletResponse response) { model.addAttribute("logincustomer", logincustomer); } }
//退出 @RequestMapping(value = "customerout") public String customerOut(SessionStatus sessionStatus) { sessionStatus.setComplete();// 只对@SessionAttributes("customer")有用,对HttpSession没用 // 使用sessionStatus.setComplete();会将所有的session全部清掉, return "login"; }
拦截器(interceptor)
注意:拦截器跟ajax结合用的话使用这条语句response.sendRedirect(request. getContextPath()+"/login.jsp");实现不了调转,要把结果传给前端,再在前端上实现跳转
因此要判断请求是否是ajax请求
package com.dessert.interceptor; import java.io.OutputStream; import java.io.PrintStream; import javax.servlet.ServletOutputStream; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import org.springframework.web.servlet.ModelAndView; import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; public class CommonInterceptor extends HandlerInterceptorAdapter { /* * 在拦截器中中有三个方法: * preHandler:在进入Handler方法之前执行了,使用于身份认证,身份授权,登陆校验等,比如身份认证,用户没有登陆,拦截不再向下执行, * 返回值为false,即可实现拦截;否则,返回true时,拦截不进行执行; postHandler * :进入Handler方法之后,返回ModelAndView之前执行,使用场景从ModelAndView参数出发,比如,将公用的模型数据在这里传入到视图, * 也可以统一指定显示的视图等; afterHandler : 在执行Handler完成后执行此方法,使用于统一的异常处理,统一的日志处理等; */ @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { HttpSession session = request.getSession(); if (session.getAttribute("logincustomer") != null) { // System.out.println(session.getAttribute("costomer")); return true; } // 如果是ajax请求,请求头会有x-requested-with String requestWith = request.getHeader("x-requested-with"); if (requestWith != null && requestWith.equalsIgnoreCase("XMLHttpRequest")){ if(session.getAttribute("customer") == null) { return false; } else if (session.getAttribute("logincustomer") != null) { return true; } } else { response.sendRedirect(request. getContextPath()+"/login.jsp"); } return false; } @Override public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception { } @Override public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception { } }
springmvc中对拦截器的配置
<mvc:interceptors> <mvc:interceptor> <!-- 匹配的是url路径, 如果不配置或/**,将拦截所有的Controller --> <mvc:mapping path="/**" /> <!-- <mvc:exclude-mapping path="/index.jsp" /> --> <mvc:exclude-mapping path="/*login" /> <mvc:exclude-mapping path="/forgotpwd" /> <mvc:exclude-mapping path="/customerregister" /> <mvc:exclude-mapping path="/vaildtel" /> <mvc:exclude-mapping path="/css/**" /> <mvc:exclude-mapping path="/js/**" /> <mvc:exclude-mapping path="/myutil/**" /> <mvc:exclude-mapping path="/images/**" /> <!-- <mvc:exclude-mapping path="/*.html" /> --> <bean class="com.dessert.interceptor.CommonInterceptor"> </bean> </mvc:interceptor> <!-- 当设置多个拦截器时,先按顺序调用preHandle方法,然后逆序调用每个拦截器的postHandle和afterCompletion方法 --> </mvc:interceptors>
以上是关于Spring+Session+interceptor+ajax(拦截器)的登陆和退出的主要内容,如果未能解决你的问题,请参考以下文章
使用 Spring-Session 时更新 Session 中的 Principal
Spring中自定义Session管理,Spring Session源码解析