javaWEB总结(33):检查用户是否登陆过滤器

需求描述

有一个列表页list.jsp，五个子页面a.jsp,b.jsp,c.jsp.d.jsp,e.jsp,以及登陆界面login.jsp。如果用户不登陆，则可以访问list.jsp,a.jsp,login.jsp三个页面，如果登陆了，才可以访问所有页面

项目结构

web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0">
  <display-name>javaWeb_33</display-name>
  <welcome-file-list>
    <welcome-file>test/list.jsp</welcome-file>
  </welcome-file-list>
  <context-param>
    <param-name>sessionKey</param-name>
    <param-value>sessionKey</param-value>
  </context-param>
  <context-param>
    <param-name>redirectUrl</param-name>
    <param-value>test/login.jsp</param-value>
  </context-param>
  <context-param>
    <param-name>uncheckedUrls</param-name>
    <param-value>/loginServlet,/test/a.jsp,/test/login.jsp,/test/list.jsp</param-value>
  </context-param>
</web-app>

HttpFilter.java

package com.dao.chu;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * 
 * <p>
 * Title: HttpFilter
 * </p>
 * <p>
 * Description: http请求定制Filter
 * </p>
 */
public abstract class HttpFilter implements Filter {

	/**
	 * 用于保存init(FilterConfig filterConfig)的FilterConfig对象
	 */
	private FilterConfig filterConfig;

	/**
	 * 直接返回init(FilterConfig filterConfig)的FilterConfig对象
	 */
	public FilterConfig getFilterConfig() {
		return filterConfig;
	}

	/**
	 * 不建议子类直接覆盖，将可能会导致filterConfig成员变量初始化失败
	 */
	@Override
	public void init(FilterConfig filterConfig) throws ServletException {

		this.filterConfig = filterConfig;
		init();

	}

	/**
	 * 供子类继承的初始化方法，可以通过getFilterConfig获取FilterConfig对象
	 */
	protected void init() {}

	/**
	 * 原生的doFilter方法，在方法内部把ServletRequest和ServletResponse
	 * 转为了HttpServletRequest和HttpServletResponse并调用了 doFilter(HttpServletRequest
	 * httpRequest, HttpServletResponse httpResponse, FilterChain chain)方法
	 * 
	 * 
	 * 若编写Filter的过滤方法不建议直接继承该方法，而应该继承doFilter(ServletRequest request,
	 * ServletResponse response, FilterChain chain)
	 */
	@Override
	public void doFilter(ServletRequest request, ServletResponse response,
			FilterChain chain) throws IOException, ServletException {

		HttpServletRequest httpRequest = (HttpServletRequest) request;
		HttpServletResponse httpResponse = (HttpServletResponse) response;

		doFilter(httpRequest, httpResponse, chain);

	}

	/**
	 * 抽象方法，为http请求定制，必需实现的方法
	 * 
	 */
	public abstract void doFilter(HttpServletRequest httpRequest,
			HttpServletResponse httpResponse, FilterChain chain)
			throws IOException, ServletException;

	/**
	 * 空的destroy方法
	 */
	@Override
	public void destroy() {}

}

LoginServlet.java

package com.dao.chu;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

/**
 * Servlet implementation class LonginServlet
 */
@WebServlet("/loginServlet")
public class LoginServlet extends HttpServlet {
	private static final long serialVersionUID = 1L;

	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		doPost(request, response);
	}

	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		
		HttpSession session = request.getSession();
		String name = request.getParameter("name");
		
		//登陆成功将sessionkey放进session中，并返回list页面
		if (null!=name&&!name.trim().equals("")) {
			
			session.setAttribute(request.getServletContext().getInitParameter("sessionKey"), "sessionKey");
			session.setAttribute("message", "登陆成功");
			response.sendRedirect(request.getContextPath()+"/test/list.jsp");
			return;
		}
		
		session.setAttribute("message", "登陆失败");
		response.sendRedirect(request.getContextPath()+"/test/list.jsp");
	
	}

}

LoginFilter.java

package com.dao.chu;

import java.io.IOException;
import java.util.Arrays;
import java.util.List;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@WebFilter(urlPatterns = { "/*" })
public class LoginFilter extends HttpFilter {
	
	//1.从web.xml文件中获取sessionKey，redirectUrl，uncheckedUrls
	private String sessionKey;
	private String redirectUrl;
	private String uncheckedUrls;
	@Override
	protected void init() {
		sessionKey = getFilterConfig().getServletContext().getInitParameter(
				"sessionKey");
		redirectUrl = getFilterConfig().getServletContext().getInitParameter(
				"redirectUrl");
		uncheckedUrls = getFilterConfig().getServletContext().getInitParameter(
				"uncheckedUrls");
	}

	@Override
	public void doFilter(HttpServletRequest httpRequest,
			HttpServletResponse httpResponse, FilterChain chain)
			throws IOException, ServletException {
		
		
		//2.如果请求的url包含在uncheckedUrls中，则放行
		String servletPath = httpRequest.getServletPath();
		List<String> urls = Arrays.asList(uncheckedUrls.split(","));
		if (urls.contains(servletPath)) {
			chain.doFilter(httpRequest, httpResponse);
			return;
		}
		
		//3.否则。如果sessionKey可以取到值，则放行，否则重定向到登陆页面
		if (null != httpRequest.getSession().getAttribute(sessionKey)
				&& !"".equals(httpRequest.getSession().getAttribute(
						sessionKey))) {
			chain.doFilter(httpRequest, httpResponse);
			return;
		}
		
		httpResponse.sendRedirect(httpRequest.getContextPath()+"/"+redirectUrl);
		
	}



}

a.jsp

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>a.jsp</title>
</head>
<body>
<h2>AAA  HELLO</h2><BR>

<a href="<%=request.getContextPath() %>/test/list.jsp">返回</a>
</body>
</html>

b.jsp

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>b.jsp</title>
</head>
<body>
<h2>BBB  HELLO</h2><BR>

<a href="<%=request.getContextPath() %>/test/list.jsp">返回</a>
</body>
</html>

c.jsp

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>c.jsp</title>
</head>
<body>
<h2>CCC  HELLO</h2><BR>

<a href="<%=request.getContextPath() %>/test/list.jsp">返回</a>
</body>
</html>

d.jsp

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>d.jsp</title>
</head>
<body>
<h2>DDD  HELLO</h2><BR>

<a href="<%=request.getContextPath() %>/test/list.jsp">返回</a>
</body>
</html>

e.jsp

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>e.jsp</title>
</head>
<body>
<h2>EEE  HELLO</h2><BR>

<a href="<%=request.getContextPath() %>/test/list.jsp">返回</a>
</body>
</html>

list.jsp

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>list.jsp</title>
</head>
<body>
	
	${sessionScope.message }
	<br><br>
	<a href="<%=request.getContextPath() %>/test/a.jsp">AAA</a><br><br>
	<a href="<%=request.getContextPath() %>/test/b.jsp">BBB</a><br><br>
	<a href="<%=request.getContextPath() %>/test/c.jsp">CCC</a><br><br>
	<a href="<%=request.getContextPath() %>/test/d.jsp">DDD</a><br><br>
	<a href="<%=request.getContextPath() %>/test/e.jsp">EEE</a><br><br>
	
	<a href="<%=request.getContextPath() %>/test/login.jsp">登陆</a>
</body>
</html>

login.jsp

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>login.jsp</title>
</head>
<body>
	<form action="<%=request.getContextPath() %>/loginServlet">
		<input type="text" name="name">
		<input type="submit" value="提交">
	</form>
</body>
</html>

运行效果

列表页

未登录访问a.jsp

未登录访问b.jsp

登陆

登陆成功

登陆后访问b.jsp

源码下载