实习日志 - 第六天

文章目录

  • 摘要
  • 1. 实习参观
  • 2. 拦截器和过滤器的使用
  • 3. Spring-Security的使用

摘要

今天是实习的第六天,今天上午先到海天集团进行了参观,然后下午学习了拦截器、过滤器和Spring-Security的使用,下面是详细实现过程。

1. 实习参观

今天是到宁波海天集团参观,主要参观了海天集团的几个厂房,然后开了个总结会,是一个丰富自己知识的过程。

2. 拦截器和过滤器的使用

  1. 拦截器和过滤器区别
    拦截器拦截的是action或者是访问路径;过滤器几乎过滤掉所有的东西。
  2. 详细配置
  • 配置拦截器
public class LoginInterceptor implements HandlerInterceptor {
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        //在拦截点执行前的拦截,返回true则不执行拦截点后的操作
        //获取Session
        HttpSession session = request.getSession();
        //获取访问路径
        String uri = request.getRequestURI();
        //求出字符串内路径出现的下标
        if(session.getAttribute("userInfo") != null) {
            //登录成功不拦截
            return true;
        } else {
            //拦截成功,非法操作返回到登录界面
            response.sendRedirect(request.getContextPath() + "/user/dologin.do");
            return false;
        }
    }
    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
    }
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
    }
}
<filter>
    <filter-name>SessionFilterfilter-name>
    <filter-class>com.whut.filter.LoginFilterfilter-class>
  filter>

  <filter-mapping>
    <filter-name>SessionFilterfilter-name>
    <url-pattern>/pages/*url-pattern>
    <url-pattern>*.jspurl-pattern>
  filter-mapping>
  • 配置过滤器
public class LoginFilter implements Filter {
    public void init(FilterConfig filterConfig) throws ServletException {
        //过滤器开始
    }
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        //区别:Iterceptor进入了servlet,所以重写的参数是HttpServlet Requset/Response
        //Filter没有进入Servlet,HttpServletRequest是实现,这里有些方法是是HTTPServletRequest中独有的
        //例如:getSession()
        //1.强制转换
        HttpServletRequest request = (HttpServletRequest) servletRequest;
        HttpServletResponse response = (HttpServletResponse) servletResponse;
        HttpSession session = request.getSession();
        if(session.getAttribute("userInfo") == null
                && request.getRequestURI().indexOf("/user/dologin.do") == -1) {
            //没有登录
            response.sendRedirect(request.getContextPath() + "/user/dologin.do");
        } else {
            //已经登录,请继续请求下一步操作
            filterChain.doFilter(request, response);
        }
    }
    public void destroy() {
        //过滤器结束
    }
}

3. Spring-Security的使用

  1. 引入依赖
<spring.security.version>5.0.1.RELEASEspring.security.version>

		<dependency>
            <groupId>org.springframework.securitygroupId>
            <artifactId>spring-security-webartifactId>
            <version>${spring.security.version}version>
        dependency>
        <dependency>
            <groupId>org.springframework.securitygroupId>
            <artifactId>spring-security-configartifactId>
            <version>${spring.security.version}version>
        dependency>
        <dependency>
            <groupId>org.springframework.securitygroupId>
            <artifactId>spring-security-coreartifactId>
            <version>${spring.security.version}version>
        dependency>
        <dependency>
            <groupId>org.springframework.securitygroupId>
            <artifactId>spring-security-taglibsartifactId>
            <version>${spring.security.version}version>
        dependency>
  1. 配置文件

<context-param>
    <param-name>contextConfigLocationparam-name>
    <param-value>classpath*:applicationContext.xml,classpath*:spring-security.xmlparam-value>
  context-param>
  
  <filter>
    <filter-name>springSecurityFilterChainfilter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxyfilter-class>
  filter>

  <filter-mapping>
    <filter-name>springSecurityFilterChainfilter-name>
    <url-pattern>/*url-pattern>
  filter-mapping>

由于篇幅原因,spring-security.xml不再放出。
3. 实体类的封装
新建Role用来存放用户角色,然后把用户信息类中UserInfo添加List用于存放该用户角色进行封装,并配置Role的Dao层,然后进行下一步。
4.Service层具体配置

public class UserInfoServiceImpl implements UserInfoService {
	public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        //1. 查询当前登录的用户信息
        UserInfo userInfo = userDao.doLogin(username);
        //2. 查询当前用户有多少角色
        List<Role> roleList = roleDao.findRoleByUserId(userInfo.getId());
        //3. 需要把角色放进用户中
        userInfo.setRoleList(roleList);

        //4. 把查询到的User和Role数据给到Spring-Security中的内置对象User来管理
        User user = new User(userInfo.getUsername(), "{noop}" + userInfo.getPassword(), getAuthority(userInfo.getRoleList()));

        return user;
    }
    //simple ctrl + alt + b
    private Collection<? extends GrantedAuthority> getAuthority(List<Role> roleList) {
        List<SimpleGrantedAuthority> list = new ArrayList();
        for(Role role:roleList) {
            list.add(new SimpleGrantedAuthority("ROLE_" + role.getRoleName()));
        }
        return list;
    }
}

5.最后登录测试,发现用户"用户管理"功能只有管理员才能看到并使用,并且不能再通过输入jsp路径进行非法访问,因此使用Spring-security进行权限控制是十分安全的。


——2019.07.16 浙江.宁波

Will Also

你可能感兴趣的:(实习日志 - 第六天)