3

我是 Spring 新手并正在创建一个 Web 应用程序,我想在用户未通过身份验证且不使用 spring security.xml 时始终重定向到登录页面?会话管理可以吗?

4

2 回答 2

1

一种简单的方法是使用“HandlerInterceptorAdapator”:

public class CheckUserInterceptor extends HandlerInterceptorAdapter {

    @Resource
    private UserSession userSession;

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response,
            Object handler) throws IOException {

        if (request.getServletPath().equals("/login.htm")) {
            return true;
        }

        String username = userSession.getUsername();

        // If the username has not been set by the login controller    
        if (username != null) {
            return true;
        } else {
            response.sendRedirect("login.htm");
            return false;
        }
    }

}

在这种情况下,您需要在 Spring XML 文件中声明拦截器:

<mvc:interceptors>
    <bean class="fr.unilim.msi.dad.web.mvc.CheckUserInterceptor" />
</mvc:interceptors>

另一种方法,例如,如果您的 Spring MVC 控制器未配置为处理所有请求,则在 servlet 级别使用过滤器:

public class AccessControlFilter implements Filter {

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        HttpSession session = ((HttpServletRequest) request).getSession(true);
        User user = (User) session.getAttribute("user");
        if (user == null) {
            String urlRoot = ((HttpServletRequest) request).getContextPath();
            ((HttpServletResponse)response).sendRedirect(urlRoot + "/login.jsp");
        } else {
            chain.doFilter(request, response);
        }
    }

    @Override
    public void destroy() {
    }
}
于 2013-09-19T10:12:47.547 回答
0

我想您可以在登录控制器中执行以下操作:

if(isUserAuthenticated())
{
    return "home";
}
else
{ 
    session.invalidate();
    return "redirect:login";
}
于 2013-09-19T10:02:53.797 回答