在web项目中，我们经常使用到拦截器，用来判断用户是否登录，用户信息有没有问题，或者针对某个功能请求进行拦截预处理。下面就是一个针对用户是否登录进行的拦截例子：

  步骤：

        编写 HandlerInterceptor 的实现类：

import com.ft.emedical.tool.CommonUtil; import com.ft.emedical.tool.Constant; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.springframework.web.servlet.HandlerInterceptor; import org.springframework.web.servlet.ModelAndView; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; /** * @Author Bill * @Version 1.0, 2017-1-11 * @See * @Since com.and.erp.common.interceptor * @Description: TODO */ public class IndexInterceptor implements HandlerInterceptor { /*@Autowired private S_PlatformService s_PlatformService;*/ private static Log log = LogFactory.getLog(IndexInterceptor.class); @Override public void afterCompletion(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, Exception arg3) throws Exception { // TODO Auto-generated method stub } @Override public void postHandle(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, ModelAndView arg3) throws Exception { // TODO Auto-generated method stub } @Override public boolean preHandle(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2) throws Exception { arg1.setHeader("Access-Control-Allow-Headers", "X-Requested-With, accept, content-type, exception"); arg1.setHeader("Access-Control-Allow-Methods", "GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH"); arg1.setHeader("Access-Control-Allow-Credentials", "true"); arg1.setHeader("Access-Control-Allow-Origin", arg0.getHeader("Origin"));//前段项目的域 HttpSession session = arg0.getSession(true); // 从session 里面获取用户名的信息 Object sysUser = session.getAttribute(Constant.USER_SESSION_KEY); Object appUser = session.getAttribute(Constant.APPUSER_KEY); // 判断如果没有取到用户信息，就跳转到登陆页面，提示用户进行登陆 if (CommonUtil.isBlank(sysUser) && CommonUtil.isBlank(appUser)) { log.error("身份过期，重新登录"); arg1.sendRedirect(arg0.getContextPath() + "/toLogin.do"); return false; } return true; } }

 

        设置拦截范围，在spring的xml配置文件中添加（不解释了，大概看可以看明白）：

<mvc:interceptors> <mvc:interceptor> <!-- 拦截所有请求 --> <mvc:mapping path="/*" /> <mvc:mapping path="/*/*" /> <mvc:mapping path="/*/*/*" /> <mvc:mapping path="/*/*/*/*" /> <!-- 不拦截的请求 --> <mvc:exclude-mapping path="/toLogin.do" /> <mvc:exclude-mapping path="/toIndex.do" /> <mvc:exclude-mapping path="/login.do" /> <mvc:exclude-mapping path="/toNoPri.do" /> <mvc:exclude-mapping path="/toSameData.do" /> <mvc:exclude-mapping path="/hh.do" /> <mvc:exclude-mapping path="/system/user/toupdatepwd.do" /> <mvc:exclude-mapping path="/api/*" /> <mvc:exclude-mapping path="/api/*/*" /> <mvc:exclude-mapping path="/api/*/*/*" /> <!-- 拦截器对应的实现类 --> <bean class="com.ft.emedical.common.interceptor.IndexInterceptor" /> </mvc:interceptor> </mvc:interceptors>

然后启动完成拦截器配置