JSP中filter过滤器验证用户登录
JSP中filter过滤器验证用户登录
现在JSP使用越来越广泛了,尤其是很多政府的网站都采用了JSP技术,其功能强大且安全。
初学者很多有这么个问题,就是,网站的一个权限设置,比如登录用户可以查看哪些页面,而游客又有权限可以看哪些内容呢?
JSP是强大的,但其代码还是相对繁琐的,其实用一个过滤器(filter)就可以实现这个功能了。
以下为UserFilte的代码:
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import User;
import UserDAO;
import SessionUtils;
public class UserFilter implements Filter
{
String nofilter;
String nofilterFiles[];
String sendRedirect;
public void destroy()
{
}
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException
{
HttpServletRequest request=(HttpServletRequest)req;
HttpServletResponse response=(HttpServletResponse)res;
String path=request.getServletPath();
//System.out.println(path);
if(isInArray(path,nofilterFiles))
{
chain.doFilter(request, response);
}
else
{
if(checkUser(request, response))
{
chain.doFilter(request, response);
}
else
{
response.sendRedirect(sendRedirect);
return ;
}
}
}
private boolean isInArray(String path,String nofilterFiles[])
{
for (int i = 0; i < nofilterFiles.length; i++) {
String nofilterFile=nofilterFiles;
if(nofilterFile.equals(path))
{
return true;
}
}
return false;
}
private boolean checkUser(HttpServletRequest request, HttpServletResponse response) throws IOException {
checkCookieAddSession(request, response);
HttpSession session=request.getSession(false);//如果不存在返回空
if(session==null)
{
return false;
}
Object obj=session.getAttribute(SessionUtils.USER_NAME);
if(obj==null)
{
return false;
}
return true;
}
public boolean checkCookieAddSession(HttpServletRequest request, HttpServletResponse response)
{
Cookie []cookies=request.getCookies();
if(cookies==null || cookies.length==0)
{
return false;
}
String userName=getCookieValue(cookies, "user");
String password=getCookieValue(cookies, "password");
//System.out.println("userName="+userName + " password="+password );
if(userName==null || password==null)
{
return false;
}
if(!UserDAO.checkUser(userName, password))
{
return false;
}
User u=UserDAO.getUserByName(userName);
HttpSession session=request.getSession();//如果不存在就创建
session.setAttribute(SessionUtils.USER_NAME, u);
return true;
}
public void init(FilterConfig config) throws ServletException
{
nofilter=config.getInitParameter("nofilter");
nofilterFiles=nofilter.split(",");
sendRedirect=config.getInitParameter("sendRedirect");
//System.out.println(Arrays.asList(nofilterFiles));
}
/**
* @param cookies 所有cookie
* @param name cookie的名称
* @return cookie的值 如果cookie不存在返回null
*/
public String getCookieValue(Cookie cookies[],String name)
{
for (int i = 0; i < cookies.length; i++)
{
Cookie cookie=cookies;
if(cookie.getName().equals(name))
{
return cookie.getValue();
}
}
return null;
}
}
这里还需要几个其他的类,一个是User类,一个是UserDAO,是User类操作数据库交的一个类,还有一个是操作session的,我给出这个工具类的代码,另外2个我想都会有吧?
以下为SessionUtils类的具体代码:
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import User;
import UserDAO;
public class SessionUtils
{
final public static String USER_NAME="com.niit.user";
static public User getUser(HttpServletRequest request)
{
Object obj=request.getSession().getAttribute(USER_NAME);
User user=(User)obj;
return user;
}
/**
* 添加一个Session到request中
* @param request
* @param name
*/
static public void addSession(HttpServletRequest request,String name)
{
HttpSession session=request.getSession();//如果不存在就创建
User u=UserDAO.getUserByName(name);
session.setAttribute(USER_NAME, u);
}
/**
* 让session失效
* @param request
*/
static public void removeSession(HttpServletRequest request)
{
HttpSession session = request.getSession();
session.removeAttribute(USER_NAME);
session.invalidate();
}
/**
* 增加cookie
* @param response
* @param user
*/
static public void addCookies(HttpServletResponse response,User user)
{
Cookie userCookie=new Cookie("user", user.getUserName());
Cookie passwordCookie=new Cookie("password", user.getPassword());
userCookie.setMaxAge(60*60*24*365*2);
passwordCookie.setMaxAge(60*60*24*365*2);
response.addCookie(userCookie);
response.addCookie(passwordCookie);
}
/**
* 删除cookie
* @param response
*/
static public void removeCookies(HttpServletResponse response)
{
Cookie userCookie=new Cookie("user", "");
Cookie passwordCookie=new Cookie("password", "");
userCookie.setMaxAge(0);
passwordCookie.setMaxAge(0);
response.addCookie(userCookie);
response.addCookie(passwordCookie);
}
}
下面就是配置web.xml文件了,相应配置如下:
<filter>
<filter-name>UserFilter</filter-name>
<filter-class>com.filter.UserFilter</filter-class>
<init-param>
<param-name>nofilter</param-name>
<param-value>/login.jsp,/loginBack.jsp,/error.jsp,/reg.jsp,/regBack.jsp,/logout.jsp,/index.jsp</param-value>
//这里设置的是未登录用户也可以浏览的页面,一般设置你的注册、登录、错误页还有主页等就可以
</init-param>
<init-param>
<param-name>sendRedirect</param-name>
<param-value>login.jsp</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>UserFilter</filter-name>
<url-pattern>*.jsp</url-pattern>
//这里是映射,你要对什么后缀的文件过滤?可以改为*.do等。
</filter-mapping>
把这段代码复制到
<web-app></web-app>
之间就可以了。当然这不是很好的写法,一般工具类最好是不依靠用户自己写的类,这里只是浅点一下,不到之处请大家批评指正。
初学者很多有这么个问题,就是,网站的一个权限设置,比如登录用户可以查看哪些页面,而游客又有权限可以看哪些内容呢?
JSP是强大的,但其代码还是相对繁琐的,其实用一个过滤器(filter)就可以实现这个功能了。
以下为UserFilte的代码:
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import User;
import UserDAO;
import SessionUtils;
public class UserFilter implements Filter
{
String nofilter;
String nofilterFiles[];
String sendRedirect;
public void destroy()
{
}
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException
{
HttpServletRequest request=(HttpServletRequest)req;
HttpServletResponse response=(HttpServletResponse)res;
String path=request.getServletPath();
//System.out.println(path);
if(isInArray(path,nofilterFiles))
{
chain.doFilter(request, response);
}
else
{
if(checkUser(request, response))
{
chain.doFilter(request, response);
}
else
{
response.sendRedirect(sendRedirect);
return ;
}
}
}
private boolean isInArray(String path,String nofilterFiles[])
{
for (int i = 0; i < nofilterFiles.length; i++) {
String nofilterFile=nofilterFiles;
if(nofilterFile.equals(path))
{
return true;
}
}
return false;
}
private boolean checkUser(HttpServletRequest request, HttpServletResponse response) throws IOException {
checkCookieAddSession(request, response);
HttpSession session=request.getSession(false);//如果不存在返回空
if(session==null)
{
return false;
}
Object obj=session.getAttribute(SessionUtils.USER_NAME);
if(obj==null)
{
return false;
}
return true;
}
public boolean checkCookieAddSession(HttpServletRequest request, HttpServletResponse response)
{
Cookie []cookies=request.getCookies();
if(cookies==null || cookies.length==0)
{
return false;
}
String userName=getCookieValue(cookies, "user");
String password=getCookieValue(cookies, "password");
//System.out.println("userName="+userName + " password="+password );
if(userName==null || password==null)
{
return false;
}
if(!UserDAO.checkUser(userName, password))
{
return false;
}
User u=UserDAO.getUserByName(userName);
HttpSession session=request.getSession();//如果不存在就创建
session.setAttribute(SessionUtils.USER_NAME, u);
return true;
}
public void init(FilterConfig config) throws ServletException
{
nofilter=config.getInitParameter("nofilter");
nofilterFiles=nofilter.split(",");
sendRedirect=config.getInitParameter("sendRedirect");
//System.out.println(Arrays.asList(nofilterFiles));
}
/**
* @param cookies 所有cookie
* @param name cookie的名称
* @return cookie的值 如果cookie不存在返回null
*/
public String getCookieValue(Cookie cookies[],String name)
{
for (int i = 0; i < cookies.length; i++)
{
Cookie cookie=cookies;
if(cookie.getName().equals(name))
{
return cookie.getValue();
}
}
return null;
}
}
这里还需要几个其他的类,一个是User类,一个是UserDAO,是User类操作数据库交的一个类,还有一个是操作session的,我给出这个工具类的代码,另外2个我想都会有吧?
以下为SessionUtils类的具体代码:
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import User;
import UserDAO;
public class SessionUtils
{
final public static String USER_NAME="com.niit.user";
static public User getUser(HttpServletRequest request)
{
Object obj=request.getSession().getAttribute(USER_NAME);
User user=(User)obj;
return user;
}
/**
* 添加一个Session到request中
* @param request
* @param name
*/
static public void addSession(HttpServletRequest request,String name)
{
HttpSession session=request.getSession();//如果不存在就创建
User u=UserDAO.getUserByName(name);
session.setAttribute(USER_NAME, u);
}
/**
* 让session失效
* @param request
*/
static public void removeSession(HttpServletRequest request)
{
HttpSession session = request.getSession();
session.removeAttribute(USER_NAME);
session.invalidate();
}
/**
* 增加cookie
* @param response
* @param user
*/
static public void addCookies(HttpServletResponse response,User user)
{
Cookie userCookie=new Cookie("user", user.getUserName());
Cookie passwordCookie=new Cookie("password", user.getPassword());
userCookie.setMaxAge(60*60*24*365*2);
passwordCookie.setMaxAge(60*60*24*365*2);
response.addCookie(userCookie);
response.addCookie(passwordCookie);
}
/**
* 删除cookie
* @param response
*/
static public void removeCookies(HttpServletResponse response)
{
Cookie userCookie=new Cookie("user", "");
Cookie passwordCookie=new Cookie("password", "");
userCookie.setMaxAge(0);
passwordCookie.setMaxAge(0);
response.addCookie(userCookie);
response.addCookie(passwordCookie);
}
}
下面就是配置web.xml文件了,相应配置如下:
<filter>
<filter-name>UserFilter</filter-name>
<filter-class>com.filter.UserFilter</filter-class>
<init-param>
<param-name>nofilter</param-name>
<param-value>/login.jsp,/loginBack.jsp,/error.jsp,/reg.jsp,/regBack.jsp,/logout.jsp,/index.jsp</param-value>
//这里设置的是未登录用户也可以浏览的页面,一般设置你的注册、登录、错误页还有主页等就可以
</init-param>
<init-param>
<param-name>sendRedirect</param-name>
<param-value>login.jsp</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>UserFilter</filter-name>
<url-pattern>*.jsp</url-pattern>
//这里是映射,你要对什么后缀的文件过滤?可以改为*.do等。
</filter-mapping>
把这段代码复制到
<web-app></web-app>
之间就可以了。当然这不是很好的写法,一般工具类最好是不依靠用户自己写的类,这里只是浅点一下,不到之处请大家批评指正。