(十四)用session和过滤器方法检验用户是否登录
一、session方法
1.1 编写登录页面文件(index.html)
<!doctype html> <html> <head> <title>测试style标签中的media属性</title> <meta http-equiv="content-type" content="text/html;charset=UTF-8"> </style> </head> <body> <form action="servlet/login" method="post"> 用户名:<input type="text" name="userName" ><br/> 密 码:<input type="password" name="passWd" /><br/> <input type="submit" /> </form> </body> </html>
1.2 表单提交之后,验证是否登陆正确,如果正确则记住登陆成功状态并跳转到主页。(LoginServlet.java《urlpattin=servlet/login》)
package servlet;
import java.io.IOException;
import java.io.InputStream;
import java.io.PrintWriter;
import java.util.Properties;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* Servlet implementation class LoginServlet
*/
public class LoginServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
/**
* @see HttpServlet#HttpServlet()
*/
public LoginServlet() {
super();
// TODO Auto-generated constructor stub
}
/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
this.doPost(request, response);
}
/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
PrintWriter out=response.getWriter();
Properties pro=new Properties();
InputStream in=this.getClass().getResourceAsStream("userInfo/userInfo.properties"); //从配置文件中取出配置文件的输入流
pro.load(in); //把输入流加载到Pro对象中,pro对象就可以操作流的数据。这里的userInfo.properties里的userName=admin passWd=123520
//拿到注册用户帐号密码 进行对比
String userName=pro.getProperty("userName");
String passWd=pro.getProperty("passWd");
if(userName.equals(request.getParameter("userName"))){ //用户名正确
if(passWd.equals(request.getParameter("passWd"))){ //验证密码
//记录登录成功状态
request.getSession().setAttribute("login", "ok");
out.println("登录成功<br/>");
out.print("<a href='./main'>点我去主页</a>"); //如果信息正确,跳转到servlet,在这个servlet里检验login属性,如果是登录的loing=ok,
// 如果是直接输入url没有登陆过的loing=null
}else{
out.println("密码错误<br/>");
out.print("<a href='../index.html'>点我返回</a>");
}
}else{
out.println("用户名错误<br/>");
out.print("<a href='../index.html'>点我返回</a>");
}
}
}
解析: 当用户提交表单后需要验证用户信息是否正确,如果正确则添加登录成功状态并跳转到主页,如果不正确则返回重新输入信息。
1.3 当用户输入信息正确后,跳转到servlet,然后在servlet里检验是否已经登录过,即检查session里有没有登录成功的属性值。
- 编写MainServlet.java文件(urlpatting=servlet/main)
package servlet;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* Servlet implementation class MainServlet
*/
public class MainServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
/**
* @see HttpServlet#HttpServlet()
*/
public MainServlet() {
super();
// TODO Auto-generated constructor stub
}
/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
this.doPost(request, response);
}
/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
//拿到serssion中的login值
String loginStatues=(String) request.getSession().getAttribute("login");
if("ok".equals(loginStatues)){ //登录过
request.getRequestDispatcher("../html/main.html").forward(request, response); //
}
if(loginStatues==null){
response.sendRedirect("../index.html");
}
}
}
- 主页(main.html)
<!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title>Insert title here</title> </head> <body> 主页 </body> </html>
结果:
- 总结:用session记住登录状态来验证是否登录过的问题,但用户填好用户名密码发送到LoginServlet的时候,这个loginServlet主要用于检验用户输入的帐号密码是否正确,如果正确则说明登录成功此时需要记住登陆成功状态,即在session的attribute里设置login=ok,说明登录过,然后在跳转到MainServlet,MainServlet用于检验登录状态,即login是否等于ok,如果有则说明登录过那么直接跳转到主页即可,如果没有就跳转到登录页面重新登录即可。 这样就可以防止用户越过登陆页面访问主页。
二、利用过滤器技术实现验证用户是否登录
2.1 编写登录页面(index.html)
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Insert title here</title>
</head>
<body>
<form action="servlet/login" method="post" >
用户名:<input type="text" name="userName" /><br/>
密 码:<input type="password" name="passWd" /><br/>
<input type="submit" /></form>
</body>
</html>
2.2 编写LoginServlet.java ,这个servlet用于验证用户输入的用户名密码是否正确,如果正确则添加登陆成功状态。(urlpatting=servlet/login)
package servlet;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* Servlet implementation class LoginServlet
*/
public class LoginServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
/**
* @see HttpServlet#HttpServlet()
*/
public LoginServlet() {
super();
// TODO Auto-generated constructor stub
}
/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
this.doPost(request, response);
}
/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String userName=request.getParameter("userName");
String passWd=request.getParameter("passWd");
if("admin".equals(userName)){ //检查用户名
if("123520".equals(passWd)){ //检查密码
request.getSession().setAttribute("login", "ok"); //添加登陆成功状态的标识
request.getRequestDispatcher("/main").forward(request, response); //跳转到主页
}else{
System.out.println("密码错误");
}
}else{
response.sendRedirect("../index.html"); //
}
}
}
2.3 编写主页页面(MainServlet.java)
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
PrintWriter out=response.getWriter();
out.print("欢迎登录主页");
}
2.4 编写过滤器(LoginFilter.java)
package filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* Servlet Filter implementation class LoginFilter
*/
public class LoginFilter implements Filter {
/**
* Default constructor.
*/
public LoginFilter() {
// TODO Auto-generated constructor stub
}
/**
* @see Filter#destroy()
*/
public void destroy() {
// TODO Auto-generated method stub
}
/**
* @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
*/
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest req=(HttpServletRequest)request; //如果不转为HttpServletRequest则无法使用getsession()方法得到session里值。
HttpServletResponse res=(HttpServletResponse)response;
Object login=req.getSession().getAttribute("login");
if(!req.getRequestURI().endsWith("index.html") && !req.getRequestURI().endsWith("servlet/login") ){ //如果用户访问的是登录页面(index)或者填好表单正要发送到servlet/login里验证登录(此时等待验证所以没有login=ok的属性值),则直接放行。
//如果访问的不是这两种,那么需要对用户进行检验是否登陆过。
if(login==null || !(login.equals("ok"))){
res.sendRedirect("index.html");
return;
}
}
chain.doFilter(request, response); //如果用户访问的是index.html和servlet/login,直接放行。
}
public void init(FilterConfig fConfig) throws ServletException {
// TODO Auto-generated method stub
}
}
注意:req.getRequestURI().endsWith("servlet/login") 获取用户request请求的URL中以servlet/login结尾的页面,其结尾是指项目名后面的路径,即本例中URL为“localhost:8080/text1/servlet/login” 故结尾为“servlet/login”。
