一、登陆检查
1. 目标:
将部分资源保护起来,让没有登录的请求不能访问
2. 思路: (看图)
3. 代码:
1) 创建自定义异常类 【资源禁止访问异常】
package com.yixuexi.crowd.exception;
/**
* @date: 2021/1/12 21:06
* @author: 易学习
* 资源禁止访问异常,表示用户没有登录就访问受保护资源时抛出的异常
*/
public class AccessBiddenException extends RuntimeException {
public AccessBiddenException() {
super();
}
public AccessBiddenException(String message) {
super(message);
}
}
2) 创建拦截器类
/**
* @date: 2021/1/12 21:00
* @author: 易学习
* 登录拦截
*/
public class LoginInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o) throws Exception {
// 1.通过request对象获取session对象
HttpSession session = httpServletRequest.getSession();
// 2.尝试从Session域中获取admin
Admin admin = (Admin)session.getAttribute(CrowdConstant.ATTR_NAME_LOGIN_ADMIN);
// 3.判断admin对象是否为空
if (admin == null) {
// 4.如果没有则抛出异常
throw new AccessForbiddenException(CrowdConstant.MESSAGE_ACCESS_FORBIDDEN);
}
// 5.如果执行到这里说明不为空,放行
return true;
}
@Override
public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception {
}
@Override
public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception {
}
}
3) 注册拦截器类
<!--注册拦截器-->
<mvc:interceptors>
<mvc:interceptor>
<!--要拦截的资源 /*对应的是一层路径, /**对应多层路径 -->
<mvc:mapping path="/**"/>
<!--不拦截的资源-->
<mvc:exclude-mapping path="/admin/do/login.html"/>
<mvc:exclude-mapping path="/admin/to/login/page.html"/>
<!-- 注:退出登录也要写上,因为如果页面长时间不动session清除了,没法退出登录了-->
<mvc:exclude-mapping path="/admin/do/logout.html"/>
<bean class="com.yixuexi.crowd.mvc.interceptor.LoginInterceptor"/>
</mvc:interceptor>
</mvc:interceptors>
4) 基于异常的处理映射
/**
* 用户名不存在异常
* @param exception
* @param request
* @param response
* @return 恶意登录,回到登录页面
* @throws IOException
*/
@ExceptionHandler(AccessForbiddenException.class)
public ModelAndView resolverAccessForbiddenException(AccessForbiddenException exception,
HttpServletRequest request,
HttpServletResponse response)throws IOException {
// 恶意登录回到登录页面
String viewError = "admin-login";
ModelAndView modelAndView = commonResolve(viewError, exception, request, response);
return modelAndView;
}