过滤器可以对jsp和servlet请求进行过滤

import java.io.IOException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

/**
 * @author bunuo 
 * 1.对所有页面访问进行过滤,除不需要登陆的页面外,其他页面都将被过滤
 * 2.判断session是否超时,session超时将跳转登陆页面
 */
public class LoginFilter implements Filter {
    /**
     * Default constructor. 
     */
    public LoginFilter() {
        
    }

    /**
     * @see Filter#destroy()
     */
    public void destroy() {
        // TODO Auto-generated method stub
    }

    /**
     * @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
     */
    public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) req;
        HttpServletResponse response = (HttpServletResponse) resp;
        HttpSession session = request.getSession();
        String uri =  request.getRequestURI() ;
        String path = request.getContextPath();
        if(isContain(path,uri)){
            chain.doFilter(request, response);
        }else{
            if(session.getAttribute("userInfo") == null){//判断用户 session 是否失效
                //session.invalidate();
                if (request.getHeader("x-requested-with") != null&& request.getHeader("x-requested-with").equalsIgnoreCase("XMLHttpRequest")){//如果是ajax请求响应头会有,x-requested-with;  
                    System.out.println("session timeout,please login again.");
                    response.setHeader("sessionstatus", "timeout");//在响应头设置session状态 
                    response.getWriter().print("timeout"); //打印一个返回值,没这一行,在tabs页中无法跳出(导航栏能跳出),具体原因不明
                }else{//普通请求session 超时处理
                    request.getSession().setAttribute("goUrl", request.getRequestURL()+"?"+ request.getQueryString());//记录登陆之前的请求地址
                    System.out.println("session timeout,please login again."+"===="+request.getRequestURI() );
                    response.sendRedirect(request.getContextPath()+"/login.jsp");//将jsp重定向到新的jsp或servlet请求
                }
            }else{
                chain.doFilter(request, response);
            }
        }
    }
        

    /**
     * @see Filter#init(FilterConfig)
     */
    public void init(FilterConfig fConfig) throws ServletException {
        
    }
    
    //判断过滤器中是否包含uri中。
    private boolean isContain(String PATH,String uri){
        List<String> uriList = new ArrayList<String>();
        uriList.add("/manage.jsp");
        Iterator<String> iterator = uriList.iterator() ;
        while(iterator.hasNext()){
            String suri = (String)iterator.next() ;
            if(uri.startsWith(PATH+suri)){
                return true ;
            }else{
                continue ;
            }
        }
        return false ;
    }
}

 

 web.xml中的配置

 <filter>
        <filter-name>LoginFilter</filter-name>
        <filter-class>filter.LoginFilter</filter-class>
 </filter>
 <filter-mapping>
        <filter-name>LoginFilter</filter-name>
        <url-pattern>*.jsp</url-pattern>--对jsp进行过滤
             //<url-pattern>*.action</url-pattern>--对servlet进行过滤
              //<url-pattern>/*</url-pattern>--对jsp和servlet都进行过滤
  </filter-mapping>

 

 posted on 2017-03-08 23:27  布诺  阅读(428)  评论(0编辑  收藏  举报