SSM项目下的登录拦截
1、前端传数据给前端
把数据放到cookie中或者localStorage
登录JS
/** * 登录操作 */ function checkCode(email,code){ $.post("checkCode?email="+email+"&code="+code,function (response){ console.log(response.status); //验证码错误 if (response.status == 3002) { //显示 alert(response.message); location.replace("login.html"); } if (response.status == 2000) { //跳转页面 获取邮箱验证码 window.localStorage.setItem("admin",JSON.stringify(response.data)) location.replace("/toMain"); } }); }
主页JS
$(function (){ var admin = JSON.parse(localStorage.getItem("admin")) console.log(admin) if (admin!=null){ if (admin.adminAvatar){ $("#adminAvatar").attr("src",admin.adminAvatar) } if (admin.adminName){ $("#adminName").text(admin.adminName) } } })
2、登录拦截
把用户信息保存到session返回给前端,前端每次请求时后台检测session中有没有用户信息,有就允许请求,没有就抛出自定义异常,返回一个状态码给前端,前端检测到这个状态码会重定向到指定页
注意:异步请求重定向失效
1、把用户信息保存到session返回给前端
Controller层代码
/** * 输入验证码,验证登录 * * @param email * @param code * @return */ @PostMapping("checkCode") @ResponseBody public AjaxResult checkCode(HttpServletRequest request, String email, String code) { String s = jedis.get(email); Admin admin = adminService.findAdminByEmail(email); if (code.equalsIgnoreCase(s)) { //登录成功后,手动删除 jedis.del(email); //把用户信息保存到session中 request.getSession().setAttribute("admin",admin); return AjaxResult.success(admin); } else { return AjaxResult.error(AjaxStatus.CODE_CHECK_ERROR); } }
2、创建拦截器,检测session中的数据
public class LonginInterceptor implements HandlerInterceptor { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { Object admin = request.getSession().getAttribute("admin"); if (admin==null) { throw new NotLoginException(AjaxStatus.NOT_LOGIN); } return true; } }
3、在springmvc配置拦截器
<!-- 拦截器--> <mvc:interceptors> <mvc:interceptor> <mvc:mapping path="/**"/> <mvc:exclude-mapping path="/dist/**"/> <mvc:exclude-mapping path="/plugins/**"/> <mvc:exclude-mapping path="/login.html"/> <mvc:exclude-mapping path="/WEB-INF/pages/**"/> <mvc:exclude-mapping path="/WEB-INF/template/**"/> <mvc:exclude-mapping path="/getCode"/> <mvc:exclude-mapping path="/toCode"/> <mvc:exclude-mapping path="/checkCode"/> <mvc:exclude-mapping path="/toMain"/> <mvc:exclude-mapping path="/sendActiveEmail"/> <mvc:exclude-mapping path="/*/doActive"/> <mvc:exclude-mapping path="/success"/> <mvc:exclude-mapping path="/"/> <bean class="top.ftime.wk.interceptor.LonginInterceptor"/> </mvc:interceptor> </mvc:interceptors>
4、设置没有登录的状态码
public enum AjaxStatus { /** * 状态码 */ OK(2000,"操作成功"), ERROR(5000,"操作失败"), //登录相关状态码 EMAIL_NOT_FOUND(3000,"邮箱错误"), ADMIN_NOT_ACTIVE(3001,"用户未激活"), CODE_CHECK_ERROR(3002,"验证码错误"), ACTIVE_ERROR(3003,"邮箱激活失败或已激活"), ACTIVE_OK(2001,"激活邮件已发送,注意查收"), NOT_LOGIN(4004,"登录过期,请重新登录"), ; private int status; private String message; AjaxStatus(int status, String message) { this.status = status; this.message = message; } public int getStatus() { return status; } public void setStatus(int status) { this.status = status; } public String getMessage() { return message; } public void setMessage(String message) { this.message = message; } }
5、使用自定义异常
public class NotLoginException extends RuntimeException{ private AjaxStatus ajaxStatus; public AjaxStatus getAjaxStatus() { return ajaxStatus; } public void setAjaxStatus(AjaxStatus ajaxStatus) { this.ajaxStatus = ajaxStatus; } public NotLoginException(AjaxStatus ajaxStatus) { this.ajaxStatus = ajaxStatus; } }
6、捕捉异常,返回给页面一个状态码
@ControllerAdvice public class MyHandler { @ExceptionHandler(NotLoginException.class) @ResponseBody public AjaxResult myHandler(NotLoginException e){ return AjaxResult.error(e.getAjaxStatus()); } }
7、设置全局函数,检测状态码
$(function () { //全局函数 $.ajaxSetup({ global: true, complete: function (a, b, c) { console.log(a.responseJSON.status) if (a.responseJSON.status == 4004) { alert(a.responseJSON.message); parent.location.replace("/"); } } }) }
浙公网安备 33010602011771号