Stringboot 拦截器Filter实现登录认证

Posted dbutil

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Stringboot 拦截器Filter实现登录认证相关的知识,希望对你有一定的参考价值。

一.首先新建一个SessionFilter类,实现Filter 。需要注意,如果使用iframe。跳转到登录页面时需要拼接html,使其跳转到父页面。

package com.insurance.filter;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.ArrayList;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;

@WebFilter(filterName = "sessionFilter",urlPatterns = {"/*"})
public class SessionFilter implements Filter {

    private static final org.slf4j.Logger logger = LoggerFactory.getLogger(SessionFilter.class);

    @Value("$(serverurl)")
    private String serverurl;
    /**
     * 封装,不需要过滤的list列表
     */
    protected static List<Pattern> patterns = new ArrayList<Pattern>();
    
    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
        //patterns.add(Pattern.compile("login/index.html"));
        patterns.add(Pattern.compile("login.html"));
        patterns.add(Pattern.compile("login"));
        //patterns.add(Pattern.compile("main/autoFillty_rj_situation.*"));
       // patterns.add(Pattern.compile("main/post.*"));
        patterns.add(Pattern.compile(".*[(\.js)||(\.css)||(\.png)]"));
    }

    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException {
        HttpServletRequest httpRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpResponse = (HttpServletResponse) servletResponse;
        String url = httpRequest.getRequestURI().substring(httpRequest.getContextPath().length());
        if (url.startsWith("/") && url.length() > 1) {
            url = url.substring(1);
        }
        if (isInclude(url)){
            chain.doFilter(httpRequest, httpResponse);
            return;
        } else {
            HttpSession session = httpRequest.getSession();
            if (session.getAttribute("admin") != null){
                // session存在
                chain.doFilter(httpRequest, httpResponse);
                return;
            } else {
                // session不存在 准备跳转     如果管理系统使用了html使用了iframe  需要拼接html代码跳转到父页面  如果没有使用iframe将使用httpResponse.sendRedirect("/login.html")直接跳转
                
                //httpResponse.sendRedirect("/login.html");
                PrintWriter out = httpResponse.getWriter();
                out.println("<html>");    
                out.println("<script>");    
                out.println("window.open (‘"+httpRequest.getContextPath()+"/login.html‘,‘_top‘)");    
                out.println("</script>");    
                out.println("</html>"); 
            }
        }
    }

    @Override
    public void destroy() {

    }

    /**
     * 是否需要过滤
     * @param url
     * @return
     */
    private boolean isInclude(String url) {
        for (Pattern pattern : patterns) {
            Matcher matcher = pattern.matcher(url);
            if (matcher.matches()) {
                return true;
            }
        }
        return false;
    }


    
}

二.过滤器的配置

         配置过滤器有两种方式,第一种是纯注解方式,第二种是写过滤器注册配置类

         1.纯注解方式配置过滤器  :需要在过滤器上添加WebFilter ,在springboot启动类上面加上ServletComponentScan注解

           

@WebFilter(filterName = "sessionFilter",urlPatterns = {"/*"})
public class SessionFilter implements Filter {
}

 

@SpringBootApplication
@ServletComponentScan
public class LinkInsuranceApplication {

    public static void main(String[] args) {
        SpringApplication.run(LinkInsuranceApplication.class, args);
    }
}

  2.通过过滤器注册配置类使用过滤器

import javax.servlet.Filter;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import com.ty.tyzxtj.fiter.SessionFilter;

/**
 * 过滤器配置
 * @author wangjiping
 *
 */
@Configuration
public class FilterConfig {
    /**
     * 配置过滤器
     * @return
     */
    @Bean
    public FilterRegistrationBean someFilterRegistration() {
        FilterRegistrationBean registration = new FilterRegistrationBean();
        registration.setFilter(sessionFilter());
        registration.addUrlPatterns("/*");
        registration.addInitParameter("paramName", "paramValue");
        registration.setName("sessionFilter");
        return registration;
    }

    /**
     * 创建一个bean
     * @return
     */
    @Bean(name = "sessionFilter")
    public Filter sessionFilter() {
        return new SessionFilter();
    }
}

 

            

以上是关于Stringboot 拦截器Filter实现登录认证的主要内容,如果未能解决你的问题,请参考以下文章

Spring Security 自定义拦截器Filter实现登录认证

判断用户登录是用springmvc 拦截器还是filter

spring filter拦截器

StringBoot整合Mytais登录案例

判断用户登录是用springmvc 拦截器还是filter

Filter——拦截请求保护页面安全