本文共 9375 字,大约阅读时间需要 31 分钟。
Spring MVC实现访问拦截功能 前言
在上一篇文章中,我们手写了一个简单的MVC框架,今天我们要在Spring MVC框架基础上实现访问拦截功能。这个功能的实现主要包含以下几点:定义一个@Security注解,用于标注需要权限的控制器方法;通过拦截器来验证用户权限;以及在URL中直接传递用户名进行权限验证。
1、项目依赖
项目依赖文件在pom.xml中配置如下:
<?xml version="1.0" encoding="UTF-8"?<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemalocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelversion>4.0.0</modelversion> <groupid>com.hardy.edu</groupid> <artifactid>springmvc-demo</artifactid> <version>1.0-SNAPSHOT</version> <packaging>war</packaging> <name>springmvc-demo Maven Webapp</name> <url>http://www.example.com</url> <properties> <project.build.sourceencoding>UTF-8</project.build.sourceencoding> <maven.compiler.source>11</maven.compiler.source> <maven.compiler.target>11</maven.compiler.target> </properties> <dependencies> <!--引入Spring Web MVC依赖--> <dependency> <groupid>org.springframework</groupid> <artifactid>spring-webmvc</artifactid> <version>5.1.12.RELEASE</version> </dependency> <!--引入Javax Servlet API--> <dependency> <groupid>javax.servlet</groupid> <artifactid>javax.servlet-api</artifactid> <version>3.1.0</version> <scope>provided</scope> </dependency> <!--引入JSON处理依赖--> <dependency> <groupid>org.json</groupid> <artifactid>json</artifactid> <version>20140107</version> </dependency> </dependencies> <build> <plugins> <plugin> <groupid>org.apache.tomcat.maven</groupid> <artifactid>tomcat7-maven-plugin</artifactid> <version>2.2</version> <configuration> <port>8080</port> <path>/</path> </configuration> </plugin> </plugins> </build>
2、注解开发
定义Security注解:
package com.hardy.edu.annotation;import java.lang.annotation.ElementType;import java.lang.annotation.Retention;import java.lang.annotation.RetentionPolicy;import java.lang.annotation.Target;@Target(ElementType.METHOD)@Retention(RetentionPolicy.RUNTIME)public @interface Security { String[] value() default {};}
3、拦截器开发
实现SecurityInterceptor拦截器:
package com.hardy.edu.interceptor;import com.hardy.edu.annotation.Security;import org.json.JSONObject;import org.springframework.web.method.HandlerMethod;import org.springframework.web.servlet.HandlerInterceptor;import org.springframework.web.servlet.ModelAndView;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import java.io.IOException;import java.io.PrintWriter;public class SecurityInterceptor implements HandlerInterceptor { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { System.out.println("SecurityInterceptor preHandle......"); String username = request.getParameter("username"); HandlerMethod method = (HandlerMethod) handler; Security annotation = method.getMethod().getAnnotation(Security.class); String[] value = annotation.value(); boolean isHavePermissionName = false; if (value != null) { for (int i = 0; i < value.length; i++) { if (username.equals(value[i])) { isHavePermissionName = true; break; } } } if (!isHavePermissionName) { JSONObject jsonObject = new JSONObject(); jsonObject.append("error", "没有访问权限"); System.out.println("该用户没有访问权限!"); response.setCharacterEncoding("UTF-8"); response.setContentType("application/json;charset=utf-8"); PrintWriter out = null; try { out = response.getWriter(); out.append(jsonObject.toString()); } catch (IOException e) { e.printStackTrace(); } finally { if (out != null) { out.close(); } } } return true; } @Override public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception { System.out.println("SecurityInterceptor postHandle......"); } @Override public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception { System.out.println("SecurityInterceptor afterCompletion......"); }}
4、类型转换器开发
自定义日期转换器:
package com.hardy.edu.converter;import org.springframework.core.convert.converter.Converter;import java.text.ParseException;import java.text.SimpleDateFormat;import java.util.Date;public class DateConverter implements Converter { @Override public Date convert(String source) { SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd"); try { Date parse = simpleDateFormat.parse(source); return parse; } catch (ParseException e) { e.printStackTrace(); } return null; }}
5、控制器开发
实现DemoController:
package com.hardy.edu.controller;import com.hardy.edu.annotation.Security;import org.springframework.stereotype.Controller;import org.springframework.web.bind.annotation.*;import org.springframework.web.servlet.ModelAndView;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import javax.servlet.http.HttpSession;import java.text.SimpleDateFormat;import java.util.Date;@Controller@RequestMapping("/demo")public class DemoController { @Security(value = {"hardy", "zhangsan", "lisi"}) @RequestMapping("/testSecurity") public ModelAndView testSecurity(HttpServletRequest request, HttpServletResponse response, HttpSession session) { String username = request.getParameter("username"); ModelAndView modelAndView = new ModelAndView(); Date date = new Date(); SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss"); modelAndView.addObject("date", simpleDateFormat.format(date)); modelAndView.addObject("username", username); modelAndView.setViewName("success"); return modelAndView; }}
6、配置文件
Web.xml配置:
<?xml version="1.0" encoding="UTF-8"?<web-app> <!-- springmvc 提供的针对post请求的编码过滤器--> <filter> <filter-name>encoding</filter-name> <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class> <init-param> <param-name>encoding</param-name> <param-value>UTF-8</param-value> </init-param> </filter> <!-- 配置springmvc请求方式转换过滤器--> <filter> <filter-name>hiddenHttpMethodFilter</filter-name> <filter-class>org.springframework.web.filter.HiddenHttpMethodFilter</filter-class> </filter> <!-- 注册拦截器--> <filter-mapping> <filter-name>encoding</filter-name> <url-pattern>/</url-pattern> </filter-mapping> <filter-mapping> <filter-name>hiddenHttpMethodFilter</filter-name> <url-pattern>/</url-pattern> </filter-mapping> <servlet> <servlet-name>springmvc</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <init-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:springmvc.xml</param-value> </init-param> </servlet>
7、JSP页面
错误页面error.jsp:
<%@ page language="java" isELIgnored="false" contentType="text/html; charset=utf-8" pageEncoding="utf-8" %><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>Insert title here</title><!-- 异常信息显示 --><${msg}>
成功页面success.jsp:
<%@ page language="java" isELIgnored="false" contentType="text/html; charset=utf-8" pageEncoding="utf-8" %><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>Insert title here</title><!-- 显示用户名和服务器时间 --><${username}:跳转成功!服务器时间:${date}>
项目运行结果
启动项目后,访问以下地址可以看到不同的结果:
http://localhost:8080/demo/testSecurity?username=hardy
由于hardy在授权列表中,可以正常访问。
http://localhost:8080/demo/testSecurity?username=wangwu
由于wangwu不在授权列表中,无法访问。
总结
今天我们在Spring MVC框架基础上实现了简单的访问拦截功能。通过@Security注解和SecurityInterceptor拦截器,我们可以根据请求中的username参数验证用户权限。如果用户没有权限,系统会返回JSON格式的错误信息;如果有权限,用户可以正常访问资源。这个实现虽然简单,但可以作为基础,进一步扩展成一个完整的用户登录拦截系统。
转载地址:http://uikwk.baihongyu.com/