如何在不使用spring安全性的情况下限制登录用户在spring中访问登录页面?
[英]How to restrict a logged in user to access the login page in spring without using spring security?
问题描述
I am new to Spring and developing a dynamic web application in Spring and Tomcat and for some reason 
我是Spring的新手,在Spring和Tomcat中开发动态Web应用程序,出于某种原因
I am not using Spring Security . 我没有使用Spring Security 。 I want to prevent users to access the login page who 我想阻止用户访问登录页面的人
are already in a session.Here is my code: 已经在session.Here是我的代码:
@Controller
@RequestMapping("/login")
@SessionAttributes("userAuthenticator")
public class LoginController {
@RequestMapping(method = RequestMethod.GET)
public String showLogin(ModelMap model, HttpServletRequest request) {
System.out.println("Current Session: " + request.getSession(false));
if (request.getSession(false) == null) {
System.out.println("This means a new user wants to access the login page");
return "login";
}
else{
//means the user is already in session.So move him to another page say display.jsp
//actually I have done here with some other checking like getUserName() from
the model "UserAuthenticator" and if its again null redirect to login page.
}
For Now forget about the else part.When I entered the URL in my browser For Now忘记了else部分。当我在浏览器中输入URL时
first time: ..../AccountCreation/login.htm 第一次:.... / AccountCreation / login.htm
Console Output: 控制台输出:
Current Session: null
This means a new user wants to access the login page
Looks absolutely normal because a new user is accessing the page(login page also appears). 看起来绝对正常,因为新用户正在访问该页面(也会出现登录页面)。
But when I re-enter the URL even refresh the page the console output comes: 但是,当我重新输入网址,甚至刷新控制台输出来的页面:
Current Session: org.apache.catalina.session.StandardSessionFacade@511e0a
Where did that session come from ? 那次会议来自哪里 ?
(For that reason, in my else part I got:"The webpage has a redirected loop" in my browser) (出于这个原因,在我的其他部分,我得到:“我的浏览器中的网页有一个重定向的循环”)
Can anyone suggest me a way to achieve my goal without using Spring Security ? 没有人可以建议我在不使用Spring Security的情况下实现目标吗?
This is very much needed for me now..... 这对我来说非常需要.....
Thanks... 谢谢...
3 个解决方案
解决方案1
2 已采纳 2012-05-25 10:53:00
You can use a session variable. 您可以使用会话变量。
HttpSession ses=request.getSession(false);
if(ses.getAttribute("sessionVar") == null)
//show login page
else
// don't show login page
Setting up session variable: 设置会话变量:
HttpSession ses=request.getSession();
ses.setAttribute("sessionVar","someValueToShowSession");
解决方案2
1 2012-05-25 10:50:59
A session starts as soon a user makes a first request to the page. 用户向页面发出第一个请求后,会话即开始。 So second visit will always give a valid session. 因此,第二次访问将始终提供有效的会话。
If you want to check if he is authenticated user or not then you need to put yourself some flag/value in the session. 如果你想检查他是否是经过身份验证的用户,那么你需要在会话中加入一些标志/值。 Something like the userId. 像userId之类的东西。 Tehn you can check 你可以查一下泰恩
if userId is set in session -> valid user -> redirect. 如果在会话中设置userId - >有效用户 - >重定向。
if userId not set in session-> not logged in user -> allow login page. 如果userId未在会话中设置 - >未登录用户 - >允许登录页面。
解决方案3
0 2012-05-25 11:26:08
This is expected behavior only. 这只是预期的行为。 When you login for the first time a session is created and jsessionid cookie is stored on the browser. 当您第一次登录时,会创建会话并将jsessionid cookie存储在浏览器中。 Unless you invalidate the session using session.invalidate() or session expired due to session-timeout that HttpSession will be available for that browser window. 除非您使用session.invalidate()或会话因会话超时而使会话失效,否则HttpSession将可用于该浏览器窗口。
If you want to restrict the user who is already login to see the login page by typing login page url then create an interceptor and check whether user is already logged in there or not. 如果要限制已登录的用户通过键入登录页面URL来查看登录页面,则创建一个拦截器并检查用户是否已登录。 If the user is already logged in then redirect him to home page...otherwise allow him to go to login page. 如果用户已经登录,则将其重定向到主页...否则允许他进入登录页面。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.