关于拦截器cookie-session用户身份认证

1.loginController代码实现

package com.lvkeyxx.controller;

import com.lvkeyxx.domain.Login;
import com.lvkeyxx.utils.JsonResult;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;

import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

@Controller
public class LoginController {


    @RequestMapping(value = "loginPage")
    public String loginPage(HttpServletRequest request, HttpServletResponse response){
        return "views/login";
    }

    @RequestMapping(value = "login")
    @ResponseBody
    public JsonResult login(HttpServletRequest request, HttpServletResponse response){

        JsonResult<Login> jsonResult = new JsonResult<>();
        String username = request.getParameter("username");
        String password = request.getParameter("password");

        if(username.equals("admin") && password.equals("123456")){
            Login login = new Login();
            login.setUserName(username);

            HttpSession session = request.getSession();
            String sessionId = session.getId();//sessionId 从你点击开页面(会话一开始)的时候就已经确定了或者说是存在了
            session.setAttribute("user",login);//而这里设置属性是因为后边有可能从session中取用户信息，和sessionId无关
            //System.err.println("sessionId======"+sessionId);
            Cookie cookie = new Cookie("user",sessionId);

            jsonResult.setCode("200");
            jsonResult.setSuccess("1");
            jsonResult.setMsg("登录成功");

            response.addCookie(cookie);

            jsonResult.setData(login);
        }
        return jsonResult;
    }

    @RequestMapping(value = "loginSuccess")
    public String loginSuccess(HttpServletRequest request, HttpServletResponse response){
        return "views/success";
    }
}

2.拦截器MyInterceptor代码实现

package com.lvkeyxx.config;

import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;

import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

public class MyInterceptor implements HandlerInterceptor {
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        System.err.println("这里是拦截器！！！！");
        Cookie [] cookies = request.getCookies();
        HttpSession session = request.getSession();
        String sessionId = session.getId();
        System.out.println("sessionId==="+sessionId);
        System.err.println("cookieLength======"+ cookies.length);

        String cookieValue = null;
        if(cookies.length > 0){
            for (Cookie cookie : cookies) {
                if(cookie.getName().equals("user")){
                    cookieValue = cookie.getValue();
                }
            }
            if(cookieValue == null || !cookieValue.equals(sessionId)){
                System.err.println("请您重新登录");
                response.sendRedirect("/loginPage");
            }
        }else {
            System.err.println("登录过期，请您重新登录");
            response.sendRedirect("/loginPage");
        }
        return true;
    }

    @Override
    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {

    }

    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {

    }
}

3.拦截器注册(需要在java配置代码中实现)

/**
     * 拦截器
     * 拦截器注册
     * @param registry
     */
    @Override
    protected void addInterceptors(InterceptorRegistry registry) {
        //注入拦截器
        registry.addInterceptor(new MyInterceptor()).addPathPatterns("/*").excludePathPatterns("/","/loginPage","/login");
        super.addInterceptors(registry);
    }