Filter过滤器实现权限控制
在操作中经常性的要对用户是否登陆进行验证,那么如果要进行验证的话,则肯定有大量的代码要不断的判断session是否存在。那么此种代码实际上就可以直接放在过滤器中进行编写。
登录页面:Login.jsp
<script type="text/javascript">
//检查是否输入用户名 否则不予提交
function check(){
var username = document.getElementById("username").value;
if(username==null||""==username){
alert("请输入用户名");
return false;
}
return true;
}
</script>
<body>
<center>
<form action="loginServlet" method="post" onsubmit="return check()">
<table>
<caption>用户登录</caption>
<tr>
<td>用户名</td><td><input type="text" id="username" name="username" /></td>
</tr>
<tr>
<td>密码</td><td><input type="text" name="password"/></td>
</tr>
<tr>
<td align="right" colspan="2"><input type="submit" value="登录"></td>
</tr>
</table>
</form>
</center>
</body>权限控制 用户其实就只有一个入口,即首先进行登录,登录后将信息保存在session中,如果session中没有内容,则无法进入其他页面或进行其他操作。
点击登录按钮 进入loginServlet将信息保存。
LoginServlet.java
package com.org;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class LoginServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html;charset=gbk");
request.setCharacterEncoding("gbk");
PrintWriter out = response.getWriter();
String username = request.getParameter("username");
HttpSession session = request.getSession();
session.setAttribute("username", username); //用户登录加入到session中
response.sendRedirect("jsp/success.jsp"); //登录成功 跳入success.jsp
//测试
System.out.println("username: "+username);
out.flush();
out.close();
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
this.doGet(request, response);
}
}
Filter 拦截器: MyFilter.java
package com.org;
import java.io.IOException;
import java.io.PrintWriter;
import java.io.UnsupportedEncodingException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class MyFilter implements Filter {
public void destroy() {
}
public void doFilter(ServletRequest servletRequest,
ServletResponse servletResponse, FilterChain filterChain)
throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) servletRequest;
HttpSession session = req.getSession();
String username = (String)session.getAttribute("username");
if (username != null&&username!="") {
// 如果现在存在了session,则请求向下继续传递
filterChain.doFilter(servletRequest, servletResponse);
} else {
// 跳转到提示登陆页面
servletRequest.getRequestDispatcher("/error.jsp").forward(servletRequest, servletResponse);
}
}
public void init(FilterConfig filterConfig) throws ServletException {
}
}
Filter从session中取出数据 看是否已登录,如果session中有内容 则执行 filterChain.doFilter()方法 请求继续向下传递。否则返回登录页面。
为了测试 还要有一个让其Session失效的类
InvalidateServlet.java
package com.org;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class InvalidateServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html;charset=gbk");
request.setCharacterEncoding("gbk");
PrintWriter out = response.getWriter();
HttpSession session =request.getSession(); //得到session对象
session.invalidate(); //注销session 使其失效
//然后跳转到登录页面
request.getRequestDispatcher("/login.jsp").forward(request, response);
out.flush();
out.close();
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
}
}
如果在未登录时访问其他页面 则跳转到error.jsp页面
<body> <center> <h3> 您还未登录,请先进行<a href="login.jsp">登录</a> </h3> </center> </body>
登录成功页面 success.jsp
<body>
<center>
欢迎<%=session.getAttribute("username")%>光临
<br>
<a href="invalidateServlet">退出</a>
</center>
</body>此外最好需要几个测试页面
test1.jsp test2.jsp 里面随便一些显示内容即可
配置web.xml实现拦截
<filter>
<filter-name>myfilter</filter-name>
<filter-class>com.org.MyFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>myfilter</filter-name>
<url-pattern>/jsp/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>LoginServlet</servlet-name>
<servlet-class>com.org.LoginServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>InvalidateServlet</servlet-name>
<servlet-class>com.org.InvalidateServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>LoginServlet</servlet-name>
<url-pattern>/loginServlet</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>InvalidateServlet</servlet-name>
<url-pattern>/invalidateServlet</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>除login.jsp在webroot目录下 其余jsp页面在jsp文件夹下
可进行如下方法的测试
不先进入login.jsp进行登录 访问 http://localhost:8080/filter/jsp/test1.jsp 则提示尚未登录。
然后进行登录 随便输入一个用户名,再访问test1.jsp 则可以进入 或者关闭浏览器重新打开,还是可以进入
直至在success.jsp页面中进行注销 。
