在用户进行操作前先判断用户是否登录----拦截器inceptor的用法
拦截器
java里的拦截器是动态拦截Action调用的对象,它提供了一种机制可以使开发者在一个Action执行的前后执行一段代码,也可以在一个Action执行前阻止其执行,同时也提供了一种可以提取Action中可重用部分代码的方式。在AOP中,拦截器用于在某个方法或者字段被访问之前,进行拦截。然后再之前或者之后加入某些操作。
主流的是spring的拦截器。
spring拦截器
如果使用了spring,可以直接继承HandlerInterceptor抽象接口来实现自己的拦截器。
@Component
public class AlphaInterceptor implements HandlerInterceptor {
// logger
private static final Logger logger = LoggerFactory.getLogger(AlphaInterceptor.class);
// execute before Controller
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
logger.debug("preHandle: " + handler.toString());
return true;
}
// execute after Controller, but before TemplateEngine
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, @Nullable ModelAndView modelAndView) throws Exception {
logger.debug("postHandle: " + handler.toString());
}
// execute after TemplateEngine
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, @Nullable Exception ex) throws Exception {
logger.debug("afterHandle: " + handler.toString());
}
}
配置拦截器的config
@Configuration
public class WebMvcConfig implements WebMvcConfigurer {
@Autowired
private AlphaInterceptor alphaInterceptor;
@Autowired
private LoginTicketInterceptor loginTicketInterceptor;
@Autowired
private LoginRequireInterceptor loginRequireInterceptor;
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(alphaInterceptor)
// don't handle those static resources
.excludePathPatterns("/**/*.css","/**/*.js","/**/*.png","/**/*.jpg","/**/*.jpeg")
// 访问哪个页面时启用拦截器
.addPathPatterns("/register", "/login");
registry.addInterceptor(loginTicketInterceptor)
.excludePathPatterns("/**/*.css","/**/*.js","/**/*.png","/**/*.jpg","/**/*.jpeg");
registry.addInterceptor(loginRequireInterceptor)
.excludePathPatterns("/**/*.css","/**/*.js","/**/*.png","/**/*.jpg","/**/*.jpeg");
}
}
新建元注解
除了在拦截器中使用addPathPatterns来控制对那个页面使用拦截器外,还可以使用元注解的方式
// 新建一个元注解
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface LoginRequired {
}
在需要判断是否登录的方法上加上@LoginRequired注解
应用
// HostHolder.java
/**
* hold user object by a thread isolated method
*/
@Component
public class HostHolder {
private ThreadLocal<User> users = new ThreadLocal<>();
public void setUser(User user){
users.set(user);
}
public User getUser(){
return users.get();
}
public void clear(){
users.remove();
}
}
// LoginTicketInterceptor.java
@Component
public class LoginTicketInterceptor implements HandlerInterceptor {
@Autowired
private UserService userService;
@Autowired
private HostHolder hostHolder;
/**
*
* @param request
* @param response
* @param handler
* @return
* @throws Exception
*/
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
// get certificate from cookie
String ticket = CookieUtil.getValue(request, "ticket");
if(ticket != null){
// query the certificate
LoginTicket loginTicket = userService.findLoginTicket(ticket);
// check if the certificate valid
if(loginTicket != null && loginTicket.getStatus() == 0 && loginTicket.getExpired().after(new Date())){
// query users base on the certificate
User user = userService.findUserById(loginTicket.getUserId());
// hold this user during this request
hostHolder.setUser(user);
}
}
return true;
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, @Nullable ModelAndView modelAndView) throws Exception {
User user = hostHolder.getUser();
if(user != null && modelAndView != null){
modelAndView.addObject("loginUser", user);
}
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
hostHolder.clear();
}
}