使用Session和Cookie實現登入認證
阿新 • • 發佈:2019-01-30
後臺管理頁面往往需要登入才可以進行操作,這時就需要Seession來記錄登入狀態
要實現起來也是非常簡單,只需要自定義一個HandlerInterceptor就行了
自定義的HandlerInterceptor也只有短短几行程式碼
?12345678910111213141516171819202122232425262728 | public class LoginInterceptor implements HandlerInterceptor { @Override public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object obj, Exception err) throws Exception { } @Override public void postHandle(HttpServletRequest request, HttpServletResponse response, Object obj, ModelAndView mav) throws Exception { } @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object obj) throws Exception { //獲取session裡的登入狀態值 String str = (String) request.getSession().getAttribute( "isLogin" ); //如果登入狀態不為空則返回true,返回true則會執行相應controller的方法 if (str!= null ){ return true ; } //如果登入狀態為空則重定向到登入頁面,並返回false,不執行原來controller的方法 response.sendRedirect( "/backend/loginPage" ); return false ; } } |
Controller程式碼
?123456789101112131415161718192021222324252627282930313233 | @Controller @RequestMapping ( "/backend" ) public class BackendController { @RequestMapping (value = "/loginPage" , method = {RequestMethod.GET}) public String loginPage(HttpServletRequest request,String account, String password){ return "login" ; } @RequestMapping (value = "/login" , method = {RequestMethod.POST}) public String login(HttpServletRequest request,RedirectAttributes model, String account, String password){ //驗證賬號密碼,如果符合則改變session裡的狀態,並重定向到主頁 if ( "jack" .equals(account)&& "jack2017" .equals(password)){ request.getSession().setAttribute( "isLogin" , "yes" ); return "redirect:IndexPage" ; } else { //密碼錯誤則重定向回登入頁,並返回錯誤,因為是重定向所要要用到RedirectAttributes model.addFlashAttribute( "error" , "密碼錯誤" ); return "redirect:loginPage" ; } } //登出,移除登入狀態並重定向的登入頁 @RequestMapping (value = "/loginOut" , method = {RequestMethod.GET}) public String loginOut(HttpServletRequest request) { request.getSession().removeAttribute( "isLogin" ); return "redirect:loginPage" ; } @RequestMapping (value = "/IndexPage" , method = {RequestMethod.GET}) public String IndexPage(HttpServletRequest request){ return "Index" ; } } |
spring的配置
?1234567891011121314 | <!--省略其他基本配置--> <!-- 配置攔截器 --> < mvc:interceptors > <!-- 配置登陸攔截器 --> < mvc:interceptor > <!--攔截後臺頁面的請求--> < mvc:mapping path = "/backend/**" /> <!--不攔截登入頁和登入的請求--> < mvc:exclude-mapping path = "/backend/loginPage" /> < mvc:exclude-mapping path = "/backend/login" /> < bean class = "com.ima.Interceptor.LoginInterceptor" ></ bean > </ mvc:interceptor > </ mvc:interceptors > |
一個簡單的Session實現登入認證系統就這樣完成了,如果想登入狀態退出瀏覽器後仍保留一段時間的可以將Session改為Cookie
一般情況下我們都會使用Cookie
Cookie和Session的方法差不多
使用Cookie的自定義HandlerInterceptor
?12345678910111213141516171819202122232425262728293031323334 | public class LoginInterceptor implements HandlerInterceptor { @Override public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object obj, Exception err) throws Exception { } @Override public void postHandle(HttpServletRequest request, HttpServletResponse response, Object obj, ModelAndView mav) throws Exception { } @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object obj) throws Exception { // 獲取request的cookie Cookie[] cookies = request.getCookies(); if ( null ==cookies) { System.out.println( "沒有cookie==============" ); } else { // 遍歷cookie如果找到登入狀態則返回true執行原來controller的方法 for (Cookie cookie : cookies){ if (cookie.getName().equals( "isLogin" )){ return true ; } } } // 沒有找到登入狀態則重定向到登入頁,返回false,不執行原來controller的方法 response.sendRedirect( "/backend/loginPage" ); return false ; } } |
Controller的變化也不大
?1234567891011121314151617181920212223242526272829303132333435363738394041424344 | @Controller @RequestMapping ( "/backend" ) public class BackendController { @RequestMapping (value = "/loginPage" , method = {RequestMethod.GET}) public String loginPage(HttpServletRequest request, String account, String password) { return "login" ; } @RequestMapping (value = "/login" , method = {RequestMethod.POST}) public String login(HttpServletRequest request, HttpServletResponse response, RedirectAttributes model, String account, String password) { if ( "edehou" .equals(account) && "aidou2017" .equals(password)) { Cookie cookie = new Cookie( "isLogin" , "yes" ); cookie.setMaxAge( 30 * 60 ); // 設定為30min cookie.setPath( "/" ); response.addCookie(cookie); return "redirect:IndexPage" ; } else { model.addFlashAttribute( "error" , "密碼錯誤" ); return "redirect:loginPage" ; } } @RequestMapping (value = "/logOut" , method = {RequestMethod.GET}) public String loginOut(HttpServletRequest request, HttpServletResponse response) { Cookie[] cookies = request.getCookies(); for (Cookie cookie : cookies) { if (cookie.getName().equals( "isLogin" )) { cookie.setValue( null ); cookie.setMaxAge( 0 ); // 立即銷燬cookie cookie.setPath( "/" ); response.addCookie(cookie); break ; } } return "redirect:loginPage" ; } @RequestMapping (value = "/IndexPage" , method = {RequestMethod.GET}) public String IndexPage(HttpServletRequest request) { return "Index" ; } } |
spring的配置和之前的一模一樣
注意
這裡只是演示,建議在實際專案中Cookie的鍵和值要經過特殊處理,否則會引發安全問題
以上就是本文的全部內容,希望對大家的學習有所幫助,也希望大家多多支援指令碼之家。