解决密码暴露问题的方法
1
2
3
4
5
if (Username!= null && "123456".equals(Password)){
// 登录成功
return "redirect:/main.html";
登录成功后直接重定向转发
1
2
3
利用MyMvcConfig接受main.html
registry.addViewController("main.html").setViewName("主页");
拦截器的设计与实现
- 登录成功存储session
1
session.setAttribute("loginUser",username);
- LoginHandlerInterceptor的设计
1 2 3 4 5 6 7 8 9 10 11 12 13 14
public class LoginHandlerInterceptor implements HandlerInterceptor { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { //登录成功之后应该有用户的session Object loginUser = request.getSession().getAttribute("loginUser"); if(loginUser==null){ request.setAttribute("msg","没有权限请先登录"); request.getRequestDispatcher("/index.html").forward(request,response); return false; }else{ return true; } } }
- 注册到MyMvcConfig中,拦截与放行
1
2
3
4
5
6
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(new LoginHandlerInterceptor())
.addPathPatterns("/**")
.excludePathPatterns("/index.html","/","/user/login","/css/**","/js/**","/img/**");
}
一个小问题
1
2
3
4
model.addAttribute("msg","用户名或者密码错误");
与
request.setAttribute("msg","没有权限请先登录");
在前端html拿到msg消息时,都一样