javaWEB总结(33):检查用户是否登陆过滤器
需求描述
有一个列表页list.jsp,五个子页面a.jsp,b.jsp,c.jsp.d.jsp,e.jsp,以及登陆界面login.jsp。如果用户不登陆,则可以访问list.jsp,a.jsp,login.jsp三个页面,如果登陆了,才可以访问所有页面
项目结构
web.xml
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0"> <display-name>javaWeb_33</display-name> <welcome-file-list> <welcome-file>test/list.jsp</welcome-file> </welcome-file-list> <context-param> <param-name>sessionKey</param-name> <param-value>sessionKey</param-value> </context-param> <context-param> <param-name>redirectUrl</param-name> <param-value>test/login.jsp</param-value> </context-param> <context-param> <param-name>uncheckedUrls</param-name> <param-value>/loginServlet,/test/a.jsp,/test/login.jsp,/test/list.jsp</param-value> </context-param> </web-app>
HttpFilter.java
package com.dao.chu; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; /** * * <p> * Title: HttpFilter * </p> * <p> * Description: http请求定制Filter * </p> */ public abstract class HttpFilter implements Filter { /** * 用于保存init(FilterConfig filterConfig)的FilterConfig对象 */ private FilterConfig filterConfig; /** * 直接返回init(FilterConfig filterConfig)的FilterConfig对象 */ public FilterConfig getFilterConfig() { return filterConfig; } /** * 不建议子类直接覆盖,将可能会导致filterConfig成员变量初始化失败 */ @Override public void init(FilterConfig filterConfig) throws ServletException { this.filterConfig = filterConfig; init(); } /** * 供子类继承的初始化方法,可以通过getFilterConfig获取FilterConfig对象 */ protected void init() {} /** * 原生的doFilter方法,在方法内部把ServletRequest和ServletResponse * 转为了HttpServletRequest和HttpServletResponse并调用了 doFilter(HttpServletRequest * httpRequest, HttpServletResponse httpResponse, FilterChain chain)方法 * * * 若编写Filter的过滤方法不建议直接继承该方法,而应该继承doFilter(ServletRequest request, * ServletResponse response, FilterChain chain) */ @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest httpRequest = (HttpServletRequest) request; HttpServletResponse httpResponse = (HttpServletResponse) response; doFilter(httpRequest, httpResponse, chain); } /** * 抽象方法,为http请求定制,必需实现的方法 * */ public abstract void doFilter(HttpServletRequest httpRequest, HttpServletResponse httpResponse, FilterChain chain) throws IOException, ServletException; /** * 空的destroy方法 */ @Override public void destroy() {} }
LoginServlet.java
package com.dao.chu; import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.annotation.WebServlet; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; /** * Servlet implementation class LonginServlet */ @WebServlet("/loginServlet") public class LoginServlet extends HttpServlet { private static final long serialVersionUID = 1L; protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { doPost(request, response); } protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { HttpSession session = request.getSession(); String name = request.getParameter("name"); //登陆成功将sessionkey放进session中,并返回list页面 if (null!=name&&!name.trim().equals("")) { session.setAttribute(request.getServletContext().getInitParameter("sessionKey"), "sessionKey"); session.setAttribute("message", "登陆成功"); response.sendRedirect(request.getContextPath()+"/test/list.jsp"); return; } session.setAttribute("message", "登陆失败"); response.sendRedirect(request.getContextPath()+"/test/list.jsp"); } }
LoginFilter.java
package com.dao.chu; import java.io.IOException; import java.util.Arrays; import java.util.List; import javax.servlet.FilterChain; import javax.servlet.ServletException; import javax.servlet.annotation.WebFilter; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @WebFilter(urlPatterns = { "/*" }) public class LoginFilter extends HttpFilter { //1.从web.xml文件中获取sessionKey,redirectUrl,uncheckedUrls private String sessionKey; private String redirectUrl; private String uncheckedUrls; @Override protected void init() { sessionKey = getFilterConfig().getServletContext().getInitParameter( "sessionKey"); redirectUrl = getFilterConfig().getServletContext().getInitParameter( "redirectUrl"); uncheckedUrls = getFilterConfig().getServletContext().getInitParameter( "uncheckedUrls"); } @Override public void doFilter(HttpServletRequest httpRequest, HttpServletResponse httpResponse, FilterChain chain) throws IOException, ServletException { //2.如果请求的url包含在uncheckedUrls中,则放行 String servletPath = httpRequest.getServletPath(); List<String> urls = Arrays.asList(uncheckedUrls.split(",")); if (urls.contains(servletPath)) { chain.doFilter(httpRequest, httpResponse); return; } //3.否则。如果sessionKey可以取到值,则放行,否则重定向到登陆页面 if (null != httpRequest.getSession().getAttribute(sessionKey) && !"".equals(httpRequest.getSession().getAttribute( sessionKey))) { chain.doFilter(httpRequest, httpResponse); return; } httpResponse.sendRedirect(httpRequest.getContextPath()+"/"+redirectUrl); } }
a.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>a.jsp</title> </head> <body> <h2>AAA HELLO</h2><BR> <a href="<%=request.getContextPath() %>/test/list.jsp">返回</a> </body> </html>
b.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>b.jsp</title> </head> <body> <h2>BBB HELLO</h2><BR> <a href="<%=request.getContextPath() %>/test/list.jsp">返回</a> </body> </html>
c.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>c.jsp</title> </head> <body> <h2>CCC HELLO</h2><BR> <a href="<%=request.getContextPath() %>/test/list.jsp">返回</a> </body> </html>
d.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>d.jsp</title> </head> <body> <h2>DDD HELLO</h2><BR> <a href="<%=request.getContextPath() %>/test/list.jsp">返回</a> </body> </html>
e.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>e.jsp</title> </head> <body> <h2>EEE HELLO</h2><BR> <a href="<%=request.getContextPath() %>/test/list.jsp">返回</a> </body> </html>
list.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>list.jsp</title> </head> <body> ${sessionScope.message } <br><br> <a href="<%=request.getContextPath() %>/test/a.jsp">AAA</a><br><br> <a href="<%=request.getContextPath() %>/test/b.jsp">BBB</a><br><br> <a href="<%=request.getContextPath() %>/test/c.jsp">CCC</a><br><br> <a href="<%=request.getContextPath() %>/test/d.jsp">DDD</a><br><br> <a href="<%=request.getContextPath() %>/test/e.jsp">EEE</a><br><br> <a href="<%=request.getContextPath() %>/test/login.jsp">登陆</a> </body> </html>
login.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>login.jsp</title> </head> <body> <form action="<%=request.getContextPath() %>/loginServlet"> <input type="text" name="name"> <input type="submit" value="提交"> </form> </body> </html>
运行效果
列表页
未登录访问a.jsp
未登录访问b.jsp
登陆
登陆成功
登陆后访问b.jsp