书城2-Filter拦截未登录用户

Filter 拦截未登录用户

未登录用户可以访问登录页面、商城首页等,但不能使用添加购物车、结账等功能

因此,要判断是否登录,若未登录,点击结账则跳转到登录页面

  • Filter 拦截所有页面,再设置未登录用户可以访问的白名单
@WebFilter(
        urlPatterns = {"*.do","*.html"},
        initParams = {
            @WebInitParam(name = "bai",
                    value = "/page.do?operate=page&page=user/login,/user.do?null")
        }
)
public class SessionFilter implements Filter {

    List<String> baiList = null;

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
        // 在 init 中配置白名单 baiList
        String bai = filterConfig.getInitParameter("bai");
        String[] baiArr = bai.split(",");
        baiList = Arrays.asList(baiArr);
    }

    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) servletRequest;
        HttpServletResponse response = (HttpServletResponse) servletResponse;

        //判断传入 request 的连接是否在白名单中,如果是,则直接放行,不是则重定向
        String uri = request.getRequestURI();
        String queryString = request.getQueryString();
        String str = uri + "?" + queryString;
        if (baiList.contains(str)){
            filterChain.doFilter(request,response);
            return;
        }else {

            HttpSession session = request.getSession();
            Object currUserObj = session.getAttribute("currUser");
            if(currUserObj == null) {
                response.sendRedirect("page.do?operate=page&page=user/login");
            }else {
                filterChain.doFilter(request,response);
            }
        }


    }

    @Override
    public void destroy() {
        Filter.super.destroy();
    }
}
posted @   LaViez  阅读(35)  评论(0编辑  收藏  举报
相关博文:
阅读排行:
· 在鹅厂做java开发是什么体验
· 百万级群聊的设计实践
· WPF到Web的无缝过渡:英雄联盟客户端的OpenSilver迁移实战
· 永远不要相信用户的输入:从 SQL 注入攻防看输入验证的重要性
· 浏览器原生「磁吸」效果!Anchor Positioning 锚点定位神器解析
点击右上角即可分享
微信分享提示