为了防止用户在不登录的情况下通过并接请求直接访问系统，我们需要通过session和拦截器来防止这样的情况。

拦截器的配置：

为拦截器建立一个包：interceptor，并在包里建立 LoginInterceptor 拦截器类

拦截器需要 implements HandlerInterceptor，并实现 HandlerInterceptor 的方法：

/**
 * 登录拦截器
 */
public class LoginInterceptor implements HandlerInterceptor {

    @Override
    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o) throws Exception {

        HttpSession session = httpServletRequest.getSession();
        if ( session.getAttribute("LOGIN_USER") != null ){
            return true;
        }else {
            httpServletResponse.sendRedirect( httpServletRequest.getContextPath() + "/gradu/dologin");
            return false;
        }
    }

    @Override
    public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception {

    }

    @Override
    public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception {

    }
}

配置spring-mvc文件：

<!--拦截器-->
    <mvc:interceptors>
        <mvc:interceptor>
            <mvc:mapping path="/**" />
            <mvc:exclude-mapping path="/gradu/dologin" />
            <bean class="com.hwl.interceptor.LoginInterceptor"></bean>
        </mvc:interceptor>
    </mvc:interceptors>

注意：

<mvc:mapping path="/**"/> 是已经拦截了所有请求，包括登录，

如果后来想不拦截某个页面，就添加：<mvc:exclude-mapping path="/system/login" />

另外。记得登录时添加session。