JavaWeb Filter 实现登录注册过滤
0.环境准备
本文基于下文,使用 IDEA 调试:
JavaWeb MySQL 实现登录验证:https://eslsuwen.github.io/2019/06/03/Java-Login/
1.项目修改
修改 login.jsp,使其能传递注册消息
<!-- contact-form -->
<div class="message warning">
<div class="inset">
<div class="login-head">
<h1>请先登录</h1>
<div class="alert-close"></div>
</div>
<form action="login" method="POST" name="login">
<li>
<input type="text" class="text" name="username" value="username" onfocus="this.value = '';"
onblur="if (this.value == '') {this.value = '用户名';}"><a href="#" class=" icon user"></a>
</li>
<div class="clear"></div>
<li>
<input type="password" name="password" value="password" onfocus="this.value = '';"
onblur="if (this.value == '') {this.value = 'Password';}"> <a href="#" class="icon lock"></a>
</li>
<div class="clear"></div>
<div class="submit">
<input type="submit" value="登录">
<input type="submit" value="注册" name="isSignUp">
<div class="clear"></div>
</div>
</form>
</div>
</div>
修改 login servlet, 使其能接收注册消息
- 先判断注册消息
- 再验证登录信息
- 成功登录后通过 session 将登录状态改为 true
- 验证失败发送提示消息,并跳转回 login.jsp 页面
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
// 设置编码格式,可以防止乱码出现
response.setContentType("text/html; charset=utf-8");
response.setCharacterEncoding("utf-8");
request.setCharacterEncoding("utf-8");
// 获取用户提交过来的用户名和密码,是通过表单中input的name属性获取的
String username = request.getParameter("username");
String password = request.getParameter("password");
String isSignUp = request.getParameter("isSignUp");
PrintWriter out = response.getWriter();
System.out.println(username + ": " + password + " isSignUp: " + isSignUp);
// 获取输出流,用户显示信息,也可以用转发或者重定向
PrintWriter pw = response.getWriter();
//注册验证
if ("注册".equals(isSignUp)) {
try {
JdbcOp jdbc = new JdbcOp();
jdbc.open("usersdb");
ResultSet rs = jdbc.executeQuery("select * from users");
while (rs.next()) {
String nm = rs.getString("name");
String pd = rs.getString("password");
System.out.println("username: " + nm + " password: " + pd);
if (nm.equals(username)) {
out.print("<script language='javascript'>alert('该账户已存在!请重新注册!');window.location.href='test.jsp';</script>");
out.flush();
out.close();
}
}
//进行注册操作
int i = jdbc.executeUpdate("insert into users values('" + username + "','" + password + "')");
System.out.println(i);
if (i == 0) {
out.print("<script language='javascript'>alert('账户创建失败!请重新注册!');window.location.href='index.jsp';</script>");
out.flush();
out.close();
} else {
out.print("<script language='javascript'>alert('该账号已成功注册!请牢记密码!');window.location.href='test.jsp';</script>");
out.flush();
out.close();
}
jdbc.close();
} catch (Exception e) {
e.printStackTrace();
}
} else {
//登录验证
try {
JdbcOp jdbc = new JdbcOp();
jdbc.open("usersdb");
ResultSet rs = jdbc.executeQuery("select * from users");
while (rs.next()) {
String nm = rs.getString("name");
String pd = rs.getString("password");
System.out.println("username: " + nm + " password: " + pd);
if (nm.equals(username) && pd.equals(password)) {
HttpSession session = request.getSession();
//将数据存储到session中
session.setAttribute("isLogin", "true");
session.setAttribute("username", username);
out.print("<script language='javascript'>alert('You login successful ! 你已成功登录!out.print');window.location.href='test.jsp';</script>");
out.flush();
out.close();
}
}
jdbc.close();
} catch (Exception e) {
e.printStackTrace();
}
pw.write("login fail");
out.print("<script language='javascript'>alert('please login first 登陆信息输入有误!');window.location.href='index.jsp';</script>");
out.flush();
out.close();
}
}
3.创建 login filter 文件
- 过滤前先判断是否是需要放行的页面
- 然后判断登录状态,true 放行,false 强制跳转到 login.jsp
package login;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
import java.io.PrintWriter;
import java.net.URLEncoder;
@WebFilter(filterName = "LoginFilter", urlPatterns = "/*")
public class LoginFilter implements Filter {
/**
* 需要排除的页面
*/
private String excludedPages;
private String[] excludedPageArray = {"/index.jsp", "/login.jsp", "/login"};
public void destroy() {
}
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) resp;
response.setCharacterEncoding("UTF-8");
response.setContentType("text/html;charset=UTF-8");
//使用request对象的getSession()获取session,如果session不存在则创建一个
HttpSession session = request.getSession();
//获取session的Id
String sessionId = session.getId();
//判断session是不是新创建的
if (session.isNew()) {
//将数据存储到session中
session.setAttribute("isLogin", "false");
response.getWriter().print("session generate successfully, the ID of session: " + sessionId);
} else {
response.getWriter().print("sever has existed the session, the ID of session: " + sessionId);
}
Object loginFlag = session.getAttribute("isLogin"); //("isLogin");
response.getWriter().print(" session.isLogin: " + loginFlag);
boolean isExcludedPage = false;
response.getWriter().print(" current.url=" + request.getServletPath()+" current.user="+session.getAttribute("username"));
for (
String page : excludedPageArray) {// 判断是否在过滤 url 之外
if (request.getServletPath().equals(page)) {
isExcludedPage = true;
break;
}
}
if (isExcludedPage) {// 在过滤 url 之外
chain.doFilter(request, response);
} else {
if (loginFlag == "false") {
//没有登录
PrintWriter out = response.getWriter();
out.print("<script language='javascript'>alert('Please login first! 请先登录!out.print');window.location.href='index.jsp';</script>");
out.flush();
out.close();
}
chain.doFilter(request, response);
}
}
public void init(FilterConfig config) throws ServletException {
}
}
4.调试
开启 filter 后,访问其他页面会被阻止并返回登录:
成功登录:
登录验证失败:
注册判断用户名是否被占用:
成功注册:
5.附
完整项目及其他相关资源下载:
