Filter实现权限拦截
此方法应用于登录注册时 为了防止越级登陆后级目录页面 实现主页等只能从登录成功后进入
Loginservlet
1 import javax.servlet.ServletException; 2 import javax.servlet.http.HttpServlet; 3 import javax.servlet.http.HttpServletRequest; 4 import javax.servlet.http.HttpServletResponse; 5 import java.io.IOException; 6 7 public class Loginservlet extends HttpServlet { 8 @Override 9 protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { 10 String username = req.getParameter("username"); 11 if(username.equals("admin")){ 12 req.getSession().setAttribute("USER_SESSION",req.getSession().getId()); 13 resp.sendRedirect("/success.jsp"); 14 }else{ 15 resp.sendRedirect("/error.jsp"); 16 17 } 18 } 19 20 @Override 21 protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { 22 doGet(req, resp); 23 } 24 }
此方法的方便之处在于 在登录验证时 将repuest得来得值转化为Session,这样值就储存在服务器中并赋予一个ID唯一确定方便后面调取,并可以在多个页面得取值
过滤器SysFilter
注意!:HttpServletReques继承ServletReques 没有getSession方法
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
public class SysFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) resp;
if (request.getSession().getAttribute("USER_SESSION")==null) {
response.sendRedirect("/error.jsp");
}
filterChain.doFilter(req,resp);
}
@Override
public void destroy() {
}
}
XML配置
1 <servlet> 2 <servlet-name>Loginservlet</servlet-name> 3 <servlet-class>com.zxy.servlet.Loginservlet</servlet-class> 4 </servlet> 5 <servlet-mapping> 6 <servlet-name>Loginservlet</servlet-name> 7 <url-pattern>/servlet/login</url-pattern> 8 </servlet-mapping> 9 10 <servlet> 11 <servlet-name>Loginout</servlet-name> 12 <servlet-class>com.zxy.servlet.Loginout</servlet-class> 13 </servlet> 14 <servlet-mapping> 15 <servlet-name>Loginout</servlet-name> 16 <url-pattern>/servlet/out</url-pattern> 17 </servlet-mapping> 18 19 <filter> 20 <filter-name>SysFilter</filter-name> 21 <filter-class>com.zxy.filter.SysFilter</filter-class> 22 </filter> 23 <filter-mapping> 24 <filter-name>SysFilter</filter-name> 25 <url-pattern>/success.jsp</url-pattern> 26 </filter-mapping>
注意!!!过滤器过滤路径一定要正确
loginout
1 import javax.servlet.ServletException; 2 import javax.servlet.http.HttpServlet; 3 import javax.servlet.http.HttpServletRequest; 4 import javax.servlet.http.HttpServletResponse; 5 import java.io.IOException; 6 7 public class Loginout extends HttpServlet { 8 @Override 9 protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { 10 Object user_session = req.getSession().getAttribute("USER_SESSION"); 11 if(user_session!=null){ 12 req.getSession().removeAttribute("USER_SESSION"); 13 resp.sendRedirect("/login.jsp"); 14 }else{ 15 resp.sendRedirect("/login.jsp"); 16 } 17 } 18 19 @Override 20 protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { 21 doGet(req, resp); 22 } 23 }
只把Session建立的ID名的进行移除,避免了反复创建和关闭Session所带来的负担
Constant实体类
1 public class Constant { 2 public static String USER_SESSION="USER_SESSION"; 3 }
login.jsp
1 <html> 2 <head> 3 <title>Title</title> 4 </head> 5 <body> 6 <h1>登录</h1> 7 <form action="/servlet/login" method="post"> 8 <input type="text" name="username"> 9 <input type="submit"> 10 </form> 11 </body> 12 </html>
success.jsp
1 <%@ page contentType="text/html;charset=UTF-8" language="java" %> 2 <html> 3 <head> 4 <title>Title</title> 5 </head> 6 <body> 7 <%--不用过滤器在jsp页面实现,主页面只能从登录成功跳转过来--%> 8 <%--<%--%> 9 <%-- Object userSession = request.getSession().getAttribute("USER_SESSION");--%> 10 <%-- if(userSession==null){--%> 11 <%-- pageContext.forward("login.jsp");--%> 12 <%-- }--%> 13 <%--%>--%> 14 <h1>Success</h1> 15 <p><a href="/servlet/out">注销</a> </p> 16 </body> 17 </html>
error.jsp
1 <%@ page contentType="text/html;charset=UTF-8" language="java" %> 2 <html> 3 <head> 4 <title>Title</title> 5 </head> 6 <body> 7 <h1>错误</h1> 8 <p><a href="/login.jsp">返回登录</a> </p> 9 </body> 10 </html>
