javaweb:Filter实现权限拦截
什么是Filter实现权限拦截,比如说我们登陆一个网站,登陆成功后可以访问其中的内容,退出登陆后就不能再对内容进行访问,这就用到了我们的Filter实现权限拦截。
那么具体是怎么实现的呢?
原理很简单,我们可以给已登录用户session存放一个用于标记登陆的数据,只需要在过滤器里看能否获取数据来进行是否有权访问的判断。
话不多说,我们直接开始。
一、建立一个登陆页面index.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title>登录</title> </head> <body> <h1>登录</h1> <form action="/checkuser"> 用户名:<input type="text" name="username" /> <input type="submit" value="登录"/> </form> </body> </html>
二、建立一个登陆成功的页面,具有注销功能
先建立一个sys文件,在sys文件下建立loginsuccess.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>主界面</title>
</head>
<body>
<h1>登录成功</h1>
<h1><a href="/Logout">注销</a></h1>
</body>
</html>
三、建立一个servlet用于验证登录CheckUser.class
1 package com.jms.servlet; 2 3 import java.io.IOException; 4 5 import javax.servlet.ServletException; 6 import javax.servlet.http.HttpServlet; 7 import javax.servlet.http.HttpServletRequest; 8 import javax.servlet.http.HttpServletResponse; 9 10 public class CheckUser extends HttpServlet{ 11 12 /** 13 * 14 */ 15 private static final long serialVersionUID = 1L; 16 17 @Override 18 protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { 19 String username = req.getParameter("username"); 20 if(username.equals("admin")) { 21 req.getSession().setAttribute("USER_ID", req.getSession().getId()); 22 resp.sendRedirect("/sys/loginsuccess.jsp"); 23 }else { 24 resp.sendRedirect("/index.jsp"); 25 } 26 } 27 28 @Override 29 protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { 30 doGet(req, resp); 31 } 32 33 }
修改web.xml注册servelt
<servlet> <servlet-name>CheckUser</servlet-name> <servlet-class>com.jms.servlet.CheckUser</servlet-class> </servlet> <servlet-mapping> <servlet-name>CheckUser</servlet-name> <url-pattern>/checkuser</url-pattern> </servlet-mapping>
四、建立一个Servlet用于注销用户LogoutServlet.class
1 package com.jms.servlet; 2 3 import java.io.IOException; 4 5 import javax.servlet.ServletException; 6 import javax.servlet.http.HttpServlet; 7 import javax.servlet.http.HttpServletRequest; 8 import javax.servlet.http.HttpServletResponse; 9 10 public class LogoutServlet extends HttpServlet{ 11 12 /** 13 * 14 */ 15 private static final long serialVersionUID = 1L; 16 17 @Override 18 protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { 19 if(req.getSession().getAttribute("USER_ID") != null) { 20 req.getSession().removeAttribute("USER_ID"); 21 resp.sendRedirect("/index.jsp"); 22 } 23 } 24 25 @Override 26 protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { 27 doGet(req, resp); 28 } 29 30 31 32 }
修改web.xml
<servlet> <servlet-name>LogoutServlet</servlet-name> <servlet-class>com.jms.servlet.LogoutServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>LogoutServlet</servlet-name> <url-pattern>/Logout</url-pattern> </servlet-mapping>
五、建立一个过滤器拦截未登陆的用户
1 package com.jms.filter; 2 3 import java.io.IOException; 4 5 import javax.servlet.Filter; 6 import javax.servlet.FilterChain; 7 import javax.servlet.ServletException; 8 import javax.servlet.ServletRequest; 9 import javax.servlet.ServletResponse; 10 import javax.servlet.http.HttpServletRequest; 11 import javax.servlet.http.HttpServletResponse; 12 13 public class UserFilter implements Filter{ 14 15 @Override 16 public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) 17 throws IOException, ServletException { 18 HttpServletRequest req = (HttpServletRequest)request; 19 HttpServletResponse resp = (HttpServletResponse)response; 20 if(req.getSession().getAttribute("USER_ID") == null) { 21 resp.sendRedirect("/index.jsp"); 22 }else { 23 resp.sendRedirect("/sys/loginsuccess.jsp"); 24 } 25 chain.doFilter(request, response);//给其他过滤器放行 26 } 27 28 }
修改web.xml
<filter> <filter-name>UserFilter</filter-name> <filter-class>com.jms.filter.UserFilter</filter-class> </filter> <filter-mapping> <filter-name>UserFilter</filter-name> <url-pattern>/sys/*</url-pattern> </filter-mapping>
六、测试
首先输入错误用户名登陆
返回了登陆页面
接着我们输入正确用户名“admin”
成功登录
我们复制网址,点击注销后,直接输入网址进入
此时会直接跳转回登陆页面,无法再进入。
(本文仅作跟人学习记录用,如有纰漏,敬请指正)