jsp filter登录限制过滤器

 

http://www.cnblogs.com/hemingwang0902/archive/2012/01/09/2316956.html

 

UserFilter.java

 

package filter;

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.lang.StringUtils;

public class UserFilter implements Filter {
 
 
 private String sessionKey;
 
 
 private String excepUrl;
 
 
 private String redirectUrl;
 
 public void init(FilterConfig cfg) throws ServletException {
  sessionKey = cfg.getInitParameter("sessionKey");
  redirectUrl = cfg.getInitParameter("redirectUrl");
  excepUrl = cfg.getInitParameter("excepUrl");
 }
 
 
 public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
  // 如果 sessionKey 为空，则直接放行
  if (StringUtils.isBlank(sessionKey)) {
   chain.doFilter(req, res);
   return;
  }
//      * 请求 http://127.0.0.1:8080/webApp/home.jsp?&a=1&b=2 时
//          * request.getRequestURL()： http://127.0.0.1:8080/webApp/home.jsp
//         * request.getContextPath()： /webApp 
//         * request.getServletPath()：/home.jsp
//         * request.getRequestURI()： /webApp/home.jsp
//         * request.getQueryString()：a=1&b=2
  HttpServletRequest request = (HttpServletRequest) req;
  HttpServletResponse response = (HttpServletResponse) res;
  String servletPath = request.getServletPath();//当前页面的路径(如"/index.jsp")
  // 如果请求的路径与redirectUrl(将要跳转的页面)相同，或请求的路径是排除的URL时，则直接放行
  if (servletPath.equals("/"+redirectUrl) || excepUrl.contains(servletPath)) {
   chain.doFilter(req, res);
   return;
  }
  
  Object sessionObj = request.getSession().getAttribute(sessionKey);
  // 如果Session为空，则跳转到指定页面
   if (sessionObj == null) {
   response.sendRedirect(redirectUrl);
    } else {
     chain.doFilter(req, res);
   }
   }
 
 public void destroy() {
  
 }

}

 

 

web.xml

 

 

<?xml version="1.0" encoding="UTF-8"?>

<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"

 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee   http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">

 <filter>

    <filter-name>UserFilter</filter-name>

    <filter-class>filter.UserFilter</filter-class>

    <init-param>

             <description>

              将当前登录的用户的信息保存在 session 中时使用的key，

              如果没有配置此参数，则该过滤器不起作用

             </description>

          <param-name>sessionKey</param-name>

          <param-value>userInfo</param-value>

    </init-param>

    <init-param>

        <description>

                  如果用户未登录（即在 session 中 key 为 sessionKey 的属性不存在或为空），

                  则将请求重定向到该 url。该 url 不包含web应用的 ContextPath。

                如果不配置此参数，则在用户未登录系统的情况下，直接重定向到web应用的根路径（/）      

        </description>

            <param-name>redirectUrl</param-name>

            <param-value>index.jsp</param-value>

       </init-param>

       <init-param>

             <description>

                                  不需要进行拦截的 url，即：如果当前请求的 url 的 servletPath 能在此excepUrl里，则直接放行（即使未登录系统）。

                                   格式如(/checkuser.jsp /up.jsp)            

             </description>

             <param-name>excepUrl</param-name>

             <param-value>/checkuser.jsp</param-value>

      </init-param>

 </filter>

                     

 

<filter-mapping>

    <filter-name>UserFilter</filter-name>

    <url-pattern>*.jsp</url-pattern>

</filter-mapping>

 <welcome-file-list>

  <welcome-file>index.jsp</welcome-file>

 </welcome-file-list>

 <login-config>

  <auth-method>BASIC</auth-method>

 </login-config>

</web-app>