CookieTool (Cookie帮助类):
package com.utcsoft.common.cookie;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; public class CookieTool { /**
* 设置cookie(接口方法)
* @author 刘鹏
* @param response
* @param name cookie名字
* @param value cookie值
* @param maxAge cookie生命周期 以秒为单位
*/
public static void addCookie(HttpServletResponse response,String name,String value,int maxAge){
Cookie cookie = new Cookie(name,value);
cookie.setPath("/");
if(maxAge>){
cookie.setMaxAge(maxAge);
}
response.addCookie(cookie);
} /**
* 根据名字获取cookie(接口方法)
* @author 刘鹏
* @param request
* @param name cookie名字
* @return
*/
public static Cookie getCookieByName(HttpServletRequest request,String name){
Map<String,Cookie> cookieMap = ReadCookieMap(request);
if(cookieMap.containsKey(name)){
Cookie cookie = (Cookie)cookieMap.get(name);
return cookie;
}else{
return null;
}
} /**
* 将cookie封装到Map里面(非接口方法)
* @author 刘鹏
* @param request
* @return
*/
private static Map<String,Cookie> ReadCookieMap(HttpServletRequest request){
Map<String,Cookie> cookieMap = new HashMap<String,Cookie>();
Cookie[] cookies = request.getCookies();
if(null!=cookies){
for(Cookie cookie : cookies){
cookieMap.put(cookie.getName(), cookie);
}
}
return cookieMap;
} }
AuthorizedInterceptor (拦截器): package com.utcsoft.common.interceptor;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import com.utcsoft.common.cookie.CookieTool;
import com.utcsoft.pcapps.selfservice.dao.UtcUsersDao;
import com.utcsoft.pcapps.selfservice.entity.UtcUsers; public class AuthorizedInterceptor implements HandlerInterceptor { /**
* 该方法也是需要当前对应的Interceptor的preHandle方法的返回值为true时才会执行。该方法将在整个请求完成之后,也就是DispatcherServlet渲染了视图执行,
* 这个方法的主要作用是用于清理资源的,当然这个方法也只能在当前这个Interceptor的preHandle方法的返回值为true时才会执行。
*/
public void afterCompletion(HttpServletRequest arg0,HttpServletResponse arg1, Object arg2, Exception arg3)
throws Exception {
} /**
* 这个方法只会在当前这个Interceptor的preHandle方法返回值为true的时候才会执行。postHandle是进行处理器拦截用的,它的执行时间是在处理器进行处理之
* 后,也就是在Controller的方法调用之后执行,但是它会在DispatcherServlet进行视图的渲染之前执行,也就是说在这个方法中你可以对ModelAndView进行操
* 作。这个方法的链式结构跟正常访问的方向是相反的,也就是说先声明的Interceptor拦截器该方法反而会后调用,这跟Struts2里面的拦截器的执行过程有点像,
* 只是Struts2里面的intercept方法中要手动的调用ActionInvocation的invoke方法,Struts2中调用ActionInvocation的invoke方法就是调用下一个Interceptor
* 或者是调用action,然后要在Interceptor之前调用的内容都写在调用invoke之前,要在Interceptor之后调用的内容都写在调用invoke方法之后。
*/
public void postHandle(HttpServletRequest request, HttpServletResponse response,Object handler, ModelAndView modelAndView) throws Exception {
} /**
* preHandle方法是进行处理器拦截用的,顾名思义,该方法将在Controller处理之前进行调用,SpringMVC中的Interceptor拦截器是链式的,可以同时存在
* 多个Interceptor,然后SpringMVC会根据声明的前后顺序一个接一个的执行,而且所有的Interceptor中的preHandle方法都会在
* Controller方法调用之前调用。SpringMVC的这种Interceptor链式结构也是可以进行中断的,这种中断方式是令preHandle的返
* 回值为false,当preHandle的返回值为false的时候整个请求就结束了。
*/
public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception {
String uri = request.getRequestURI();
//登陆请求不拦截
if(uri.indexOf("checkUser.do") != -){
return true;
} //设置不拦截的对象
String[] noFilters = new String[] {"logOn","index"}; //对登录本身的页面以及业务不拦截
boolean beFilter = true;
for (String s : noFilters) {
if (uri.indexOf(s) != -) {
beFilter = false;
break;
}
} if (beFilter==true) {//除了不拦截的对象以外
String path = request.getContextPath();
String basePath = request.getScheme() + "://" + request.getServerName() + ":" + request.getServerPort() + path + "/"; UtcUsers u = (UtcUsers)request.getSession().getAttribute("utcUsers");
if (u==null) {//未登录
response.sendRedirect(basePath + "self/logOn.do");
return false;
}else {//已经登录,判断他是否登录前勾选了记住密码
Cookie cokLoginName = CookieTool.getCookieByName(request, "loginName");
Cookie cokLoginPwd = CookieTool.getCookieByName(request, "loginPwd");
if (cokLoginName != null && cokLoginPwd != null && cokLoginName.getValue() != null && cokLoginPwd.getValue() != null) {
String loginName = cokLoginName.getValue();
String loginPwd = cokLoginPwd.getValue();
// 检查到客户端保存了用户的密码,进行该账户的验证
UtcUsersDao usersDao = new UtcUsersDao();
UtcUsers users = usersDao.findByNameAndPwd(loginName, loginPwd);
if (users == null) {
CookieTool.addCookie(response, "loginName", null, ); // 清除Cookie
CookieTool.addCookie(response, "loginPwd", null, ); // 清除Cookie
try {
response.sendRedirect(basePath + "self/logOn.do");
return false;
} catch (IOException e) {
e.printStackTrace();
}
request.getSession().setAttribute("errorInfo", "请登录!");
}
/*
// 如果账户验证成功,则跳转到点击的页面
else if ("10".equals(users.getUserrole())) {
request.getSession().setAttribute("utcUsers", users);
str = "/WEB-INF/jsp/Administrator.jsp";
response.sendRedirect(str);
} else {
// 将UtcUsers放到session中
request.getSession().setAttribute("utcUsers", users);
str = "/WEB-INF/jsp/self/index.jsp";
response.sendRedirect(str);
}
*/
}
} }
return true;
} }
登录验证的方法:
/**
* 描述:登录验证
* @param request
* @param response
* @return
* @throws IOException
*/
@RequestMapping(value="/index")
public String index(HttpServletRequest httpRequest,HttpServletResponse httpResponse) throws IOException{
String user_name = httpRequest.getParameter("user_name");
String user_pwd = httpRequest.getParameter("user_pwd");
String str = null;
UtcUsersDao usersDao = new UtcUsersDao();
UtcUsers users = usersDao.findByNameAndPwd(user_name,user_pwd);
if(users==null){//登录验证失败
logger.info("登录失败");
httpRequest.getSession().setAttribute("errorInfo","用户名或密码错误,请重新登录!");
String path = httpRequest.getContextPath();
String basePath = httpRequest.getScheme() + "://"+ httpRequest.getServerName() + ":" + httpRequest.getServerPort()+ path + "/";
httpResponse.sendRedirect(basePath+"self/logOn.do");
}else if ("".equals(users.getUserrole())) {
int loginMaxAge = ***; //定义账户密码的生命周期,这里是一个月。单位为秒
String rememberPwd = httpRequest.getParameter("rememberPwd")==null?"":httpRequest.getParameter("rememberPwd").toString();
if ("rememberPwd".equals(rememberPwd)) {
CookieTool.addCookie(httpResponse , "loginName" , user_name , loginMaxAge); //将姓名加入到cookie中
CookieTool.addCookie(httpResponse , "loginPwd" , user_pwd , loginMaxAge); //将密码加入到cookie中
}
httpRequest.getSession().setAttribute("utcUsers", users);
str = "/Administrator";
}else {
int loginMaxAge = ***; //定义账户密码的生命周期,这里是一个月。单位为秒
String rememberPwd = httpRequest.getParameter("rememberPwd")==null?"":httpRequest.getParameter("rememberPwd").toString();
if ("rememberPwd".equals(rememberPwd)) {
CookieTool.addCookie(httpResponse , "loginName" , user_name , loginMaxAge); //将姓名加入到cookie中
CookieTool.addCookie(httpResponse , "loginPwd" , user_pwd , loginMaxAge); //将密码加入到cookie中
}
//将UtcUsers放到session中
httpRequest.getSession().setAttribute("utcUsers", users);
str = "self/index";
}
return str;
}