Spring MVC 控制用户非法操作

?
?
package com.vti.aop;import java.io.IOException;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import javax.servlet.http.HttpSession;import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;public class LoginInterceptor extends HandlerInterceptorAdapter {@Overridepublic boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) {HttpSession session=request.getSession();String className  =  handler.getClass().getName();if (className.equals("com.vti.action.LoginAction")) {return true;//只通过登录的请求}if (session.getAttribute("role")==null) {try {response.sendRedirect("login.jsp");//用户不登录，所有的请求都拦截在请求层} catch (IOException e) {e.printStackTrace();}return false;}else {return true;}}}
?
?
这样就能通过Spring 来控制非法用户，进行非法请求了。?
?