我按如下方式编写了一个拦截器:
package org.mybatis.jpetstore.interceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.mybatis.jpetstore.annotation.CsrfTokenCheck;
import org.mybatis.jpetstore.tool.CsrfTokenTool;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
public class CsrfTokenAnnotationInterceptor extends HandlerInterceptorAdapter {
@Override
public void afterCompletion(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, Exception arg3) throws Exception {
}
@Override
public void postHandle(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, ModelAndView arg3) throws Exception {
}
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object ojbect) throws Exception {
System.out.println("======================");
//if(ojbect instanceof HandlerMethod){
CsrfTokenCheck csrfTokenCheck = ((HandlerMethod) ojbect).getMethodAnnotation(CsrfTokenCheck.class);
System.out.println("++++++++++++++++++++++");
if(csrfTokenCheck != null && !new CsrfTokenTool().verify((HttpServletRequest) request)){
response.sendRedirect("http://www.google.com");
return false;
}
//}
return true;
}
}
但似乎根本不起作用。(代码依赖于spring3.2)
控制器中的注释:
@CsrfTokenCheck
public ModelAndView list(HttpServletRequest request,
HttpServletResponse response) throws Exception {
ModelAndView mav = new ModelAndView("category/category");
return mav;
}
接口:
package org.mybatis.jpetstore.annotation;
public @interface CsrfTokenCheck{
}
我还在spring-config.xml中配置了如下内容:
<bean id="requestMappingHandlerMapping" class="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping">
<property name="interceptors">
<list>
<ref bean="csrfTokenAnnotationInterceptor" />
</list>
</property>
</bean>
<bean id="csrfTokenAnnotationInterceptor" class="org.mybatis.jpetstore.interceptor.CsrfTokenAnnotationInterceptor" />
答案 0 :(得分:1)
首先修复注释。它应至少包含一个@Retention元注释,并在运行时使其可用,目前它不是,因此也会失败。
@Target({ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface CsrfTokenCheck{}
接下来确保您的配置中没有<mvc:annotation-driven />,因为这会使您明确配置的RequestMappingHandlerMapping无用。如果您使用<mvc:annotation-driven />,则应使用<mvc:interceptors />标记来注册拦截器。
答案 1 :(得分:0)
请在工作区中的所有XML文件中搜索拦截器。
我通过认识到servlet-context文件已经存在于定义了注释驱动和其他拦截器的位置来解决这个问题。在我的拦截器定义放入该文件后,它就像一个魅力。
我花了1.5天的时间挠头,事实证明春天并不喜欢拦截器的多个位置。
答案 2 :(得分:0)
检查这些文件:
resources/spring/spring.xml <bean id="sqlSessionFactory" class="org.mybatis.spring.SqlSessionFactoryBean">
...
<property name="configLocation" value="classpath:/mybatis/mybatis-config.xml"/>
</bean>
resources/mybatis/mybatis-config.xml <?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE configuration
PUBLIC "-//mybatis.org//DTD Config 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-config.dtd">
<configuration>
...
<plugins>
<!-- Interceptor configuration -->
<plugin interceptor="com.w.pay.api.test.mvn.res.db.MybatisLogPrinter" />
</plugins>
</configuration>