Springboot项目中可以通过注册拦截器来对非法登录的用户进行拦截,同时也可以使用实现Filter接口对非法登录的用户进行拦截。
创建LoginCheckFilter类,实现Filter接口中的doFilter方法
/**
* @Author zzw2000
* @Date 2022年03月16日 18:24
* @Description 登录拦截器
*/
@Slf4j
@WebFilter(filterName="loginCheckFilter", urlPatterns="/*")
public class LoginCheckFilter implements Filter {
//路径匹配器,支持通配符
public static final AntPathMatcher ANT_PATH_MATCHER = new AntPathMatcher();
@Override
public void doFilter(ServletRequest ServletRequest,
ServletResponse ServletResponse,
FilterChain chain) throw Exception {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
//获取本次请求URI
String[] requestURI = request.getRequestURI();
log.info("拦截到请求{}",requestURI);
String[] urls = {
"/employee/login",
"/employee/logout",
"/backend/**",
"/front/**" //根据实际情况添加需要拦截的请求url
};
//判断本次请求是否要拦截
if(check(urls,requestURI)){
log.info("本次请求{}不需要拦截",requestURI);
chain.doFilter(request,response);
return;
}
//判断登陆状态,未登录,则进行拦截
if(request.getSession.getAttribute("employee")! = null) {
log.info("用户已登录,用户id为:{}", request.getSession().getAttribute("employee"));
chain.doFilter(request,response);
return;
}
//若未登录,则返回未登录结果,通过输出流的方式向客户端页面响应数据
log.info("用户未登录...");
response.getWriter().write(JSON.toJSONString("NOT_LOGIN"));
return;
}
/**
* 路径匹配,检查本次请求是否需要放行
*
* @param urls
* @param requestURI 本次请求的URI
* @return
*/
public boolean check(String[] urls, String requestURI) {
for(String url : urls) {
if(ANT_PATH_MATCHER.match(url, requestURI)) {
return true;
}
}
return flase;
}
}