一、登陆检查

1. 目标:

将部分资源保护起来,让没有登录的请求不能访问

2. 思路: (看图)

未命名图片.png

3. 代码:

1) 创建自定义异常类 【资源禁止访问异常】

  1. package com.yixuexi.crowd.exception;
  3. /**
  4.  * @date: 2021/1/12   21:06
  5.  * @author: 易学习
  6.  * 资源禁止访问异常,表示用户没有登录就访问受保护资源时抛出的异常
  7.  */
  8. public class AccessBiddenException extends RuntimeException {
  9.     public AccessBiddenException() {
  10.         super();
  11.     }
  13.     public AccessBiddenException(String message) {
  14.         super(message);
  15.     }
  16. }

2) 创建拦截器类

/**
 * @date: 2021/1/12   21:00
 * @author: 易学习
 * 登录拦截
 */
public class LoginInterceptor implements HandlerInterceptor {
    @Override
    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o) throws Exception {
        // 1.通过request对象获取session对象
        HttpSession session = httpServletRequest.getSession();
        // 2.尝试从Session域中获取admin
        Admin admin = (Admin)session.getAttribute(CrowdConstant.ATTR_NAME_LOGIN_ADMIN);
        // 3.判断admin对象是否为空
        if (admin == null) {
            // 4.如果没有则抛出异常
            throw new AccessForbiddenException(CrowdConstant.MESSAGE_ACCESS_FORBIDDEN);
        }

        // 5.如果执行到这里说明不为空,放行
        return true;
    }

    @Override
    public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception {
    }

    @Override
    public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception {
    }
}

3) 注册拦截器类

<!--注册拦截器-->
    <mvc:interceptors>
        <mvc:interceptor>
            <!--要拦截的资源  /*对应的是一层路径, /**对应多层路径 -->
            <mvc:mapping path="/**"/>
            <!--不拦截的资源-->
            <mvc:exclude-mapping path="/admin/do/login.html"/>
            <mvc:exclude-mapping path="/admin/to/login/page.html"/>
            <!-- 注:退出登录也要写上,因为如果页面长时间不动session清除了,没法退出登录了-->
            <mvc:exclude-mapping path="/admin/do/logout.html"/>
            <bean class="com.yixuexi.crowd.mvc.interceptor.LoginInterceptor"/>
        </mvc:interceptor>
    </mvc:interceptors>

4) 基于异常的处理映射

/**
     * 用户名不存在异常
     * @param exception
     * @param request
     * @param response
     * @return 恶意登录,回到登录页面
     * @throws IOException
     */
    @ExceptionHandler(AccessForbiddenException.class)
    public ModelAndView resolverAccessForbiddenException(AccessForbiddenException exception,
                                                    HttpServletRequest request,
                                                    HttpServletResponse response)throws IOException {
        // 恶意登录回到登录页面
        String viewError = "admin-login";
        ModelAndView modelAndView = commonResolve(viewError, exception, request, response);
        return modelAndView;
    }