定义一个拦截器(Spring自带有个拦截器),判断用户是通过记住我登录时,查询数据库后台自动登录,同时把用户放入session中。
配置拦截器也很简单,spring为此提供了基础类WebMvcConfigurerAdapter ,我们只需要重写addInterceptors 方法添加注册拦截器。
实现自定义拦截器只需要3步:
1、创建我们自己的拦截器类并实现 HandlerInterceptor 接口。
2、创建一个java类继承WebMvcConfigurerAdapter,并重写 addInterceptors 方法。
3、实例化我们自定义的拦截器,然后将对像手动添加到拦截器链中(在addInterceptors方法中添加)。
1 package com.sun.configuration; 2 3 import org.springframework.context.annotation.Bean; 4 import org.springframework.context.annotation.Configuration; 5 import org.springframework.core.Ordered; 6 import org.springframework.core.io.support.PropertiesLoaderUtils; 7 import org.springframework.web.servlet.config.annotation.InterceptorRegistry; 8 import org.springframework.web.servlet.config.annotation.ViewControllerRegistry; 9 import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter; 10 11 import java.io.IOException; 12 import java.util.Enumeration; 13 import java.util.Properties; 14 15 /** 16 * Created by sun on 2017-3-21. 17 */ 18 @Configuration 19 public class WebMvcConfig extends WebMvcConfigurerAdapter { 20 21 /** 22 * 此方法把该拦截器实例化成一个bean,否则在拦截器里无法注入其它bean 23 * @return 24 */ 25 @Bean 26 SessionInterceptor sessionInterceptor() { 27 return new SessionInterceptor(); 28 } 29 /** 30 * 配置拦截器 31 * @param registry 32 */ 33 public void addInterceptors(InterceptorRegistry registry) { 34 registry.addInterceptor(sessionInterceptor()) 35 .addPathPatterns("/**") 36 .excludePathPatterns("/login","/permission/userInsert", 37 "/error","/tUser/insert","/gif/getGifCode"); 38 } 39 40 }
1 package com.sun.configuration; 2 3 import com.sun.permission.model.User; 4 import com.sun.permission.service.PermissionService; 5 import org.apache.log4j.Logger; 6 import org.apache.shiro.SecurityUtils; 7 import org.apache.shiro.authc.UsernamePasswordToken; 8 import org.apache.shiro.session.Session; 9 import org.apache.shiro.subject.Subject; 10 import org.springframework.web.servlet.HandlerInterceptor; 11 import org.springframework.web.servlet.ModelAndView; 12 13 import javax.annotation.Resource; 14 import javax.servlet.http.HttpServletRequest; 15 import javax.servlet.http.HttpServletResponse; 16 17 /** 18 * Created by sun on 2017-4-9. 19 */ 20 public class SessionInterceptor implements HandlerInterceptor{ 21 private final Logger logger = Logger.getLogger(SessionInterceptor.class); 22 @Resource 23 private PermissionService permissionService; 24 @Override 25 public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object o) throws Exception { 26 logger.info("---preHandle---"); 27 System.out.println(request.getContextPath()); 28 Subject currentUser = SecurityUtils.getSubject(); 29 //判断用户是通过记住我功能自动登录,此时session失效 30 if(!currentUser.isAuthenticated() && currentUser.isRemembered()){ 31 try { 32 User user = permissionService.findByUserEmail(currentUser.getPrincipals().toString()); 33 //对密码进行加密后验证 34 UsernamePasswordToken token = new UsernamePasswordToken(user.getEmail(), user.getPswd(),currentUser.isRemembered()); 35 //把当前用户放入session 36 currentUser.login(token); 37 Session session = currentUser.getSession(); 38 session.setAttribute("currentUser",user); 39 //设置会话的过期时间--ms,默认是30分钟,设置负数表示永不过期 40 session.setTimeout(-1000l); 41 }catch (Exception e){ 42 //自动登录失败,跳转到登录页面 43 response.sendRedirect(request.getContextPath()+"/login"); 44 return false; 45 } 46 if(!currentUser.isAuthenticated()){ 47 //自动登录失败,跳转到登录页面 48 response.sendRedirect(request.getContextPath()+"/login"); 49 return false; 50 } 51 } 52 return true; 53 } 54 55 @Override 56 public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception { 57 logger.info("---postHandle---"); 58 } 59 60 @Override 61 public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception { 62 logger.info("---afterCompletion---"); 63 } 64 }