本文深入探讨了SessionInterceptor在Spring MVC框架中的实现原理,详细分析了如何通过拦截器检查用户Session状态,防止未登录用户访问受保护资源。同时,揭示了错误代码中可能引发的死循环重定向问题,并提供了修改建议。
这是一段正确的代码
public class SessionInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
System.out.println(request.getRequestURI());
if(request.getRequestURI().equals("/login")) {
return true;
}
HttpSession session = request.getSession();
User user = (User) session.getAttribute("user");
if(null==user) {
response.sendRedirect("/login");
return false;
}
return true;
}
}
错误代码
public class SessionInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
System.out.println(request.getRequestURI());
HttpSession session = request.getSession();
User user = (User) session.getAttribute("user");
if(null != user) {
return true;
} else {
response.sendRedirect("/login");
PrintWriter printWriter = response.getWriter();
printWriter.write("{code:0,message:\"session is invalid,please login again!\"}");
return false;
}
return true;死代码
}
}
错误代码 死循环,一直重定向
public class SessionInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
System.out.println(request.getRequestURI());
HttpSession session = request.getSession();
User user = (User) session.getAttribute("user");
if(null != user) {
return true;
}
else {
response.sendRedirect("/login");
return false;
}
}
}
错误代码分析原因
当进入拦截器后判断Session中User是否存在,第一次访问时User是不存在的所以在错误代码中只会访问else判断体就会重定向到/login,并且返回false,既然重定向了,就会再次进入拦截器当中,此时User依然不存在,所以再次进入else判断体,如此形成死循环,找不到出口。
手越用越巧,脑越用越灵,至水到渠成,得奥妙精髓…
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
