项目总结plc_过滤器规则(filter)_忽略过滤的js和css文件
为了保证项目安全,加入了过滤器。开始想的很简单就是为了让用户先登录再进行操作。然而碰到了很多问题。
过滤器配置用的 /* 意思所有页面都过滤; 那么 以前做好的css,js文件都会过滤,这显然是不对的. 开始第一步想法是 把css和js的文件夹加入 filter 初始值
<init-param> <description></description> <param-name>nologinfilter</param-name> <param-value>login.jsp;LoginServlet;js/;css/;</param-value>
</init-param>
后来发现这种 做法不妥;
之后就开始百度. 只想说百度的东西真的很多都是没用的, 资源很多. 但是要找到可用的...... ╮(╯▽╰)╭ 谁用谁知道.
if(userName!=null&&!uri.endsWith(".js")&&!uri.endsWith(".css")){
chain.doFilter(request, response);
}else{
String url=req.getContextPath()+"/"+"login.jsp";
resp.sendRedirect(url);
}
后来使用上面这种做法.很好的解决;endwith这个方法.我也是第一次遇到;嘿嘿;
下面把写好的filter和web.xml插入
package com.csust.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* Servlet Filter implementation class LoginFilter
*/
public class LoginFilter implements Filter {
private FilterConfig config;
/**
* Default constructor.
*/
public LoginFilter() {
// TODO Auto-generated constructor stub
}
/**
* @see Filter#destroy()
*/
public void destroy() {
// TODO Auto-generated method stub
}
/**
* @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
*/
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
String noFilter = config.getInitParameter("nologinfilter");
System.out.println();
System.out.println("得到nofilter配置的初值:"+noFilter);
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse resp = (HttpServletResponse) response;
String uri=req.getRequestURI();
System.out.println("得到uri "+uri);
if(noFilter!=null){
String[] pass=noFilter.split(";");
System.out.print("过滤的url: ");
for(int i=0;i<pass.length;i++){
if(pass[i]==null||"".equals(pass[i])) continue;
System.out.print(pass[i]+" ");
if(uri.indexOf(pass[i])!=-1){
chain.doFilter(request, response);
return;
}
}
}
/* if(uri.endsWith(".js")||uri.endsWith(".css")){
chain.doFilter(request, response);
//return;
* &&!uri.endsWith(".js")&&!uri.endsWith(".css")
}
*/
String userName = (String) req.getSession().getAttribute("userName");
System.out.print("userName: "+userName + " req.getContexPath(): "+req.getContextPath());
if(userName!=null&&!uri.endsWith(".js")&&!uri.endsWith(".css")){
chain.doFilter(request, response);
}else{
String url=req.getContextPath()+"/"+"login.jsp";
resp.sendRedirect(url);
}
}
/**
* @see Filter#init(FilterConfig)
*/
public void init(FilterConfig fConfig) throws ServletException {
config = fConfig;
}
}
chain.doFilter(request, response);的意思就是跳转到下个页面
下面是web.xml中filter的配置
<filter> <display-name>LoginFilter</display-name> <filter-name>LoginFilter</filter-name> <filter-class>com.csust.filter.LoginFilter</filter-class> <init-param> <description></description> <param-name>nologinfilter</param-name> <param-value>login.jsp;LoginServlet;</param-value> </init-param> </filter> <filter-mapping> <filter-name>LoginFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>