Servlet过滤器---登录权限控制
实现了登录时权限控制:进入首页、登录页以及登录servlet时,不用验证权限;进入其它页面时,须验证是否登录,未登录则跳转到登录页。
一个简单的首页:index.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>首页</title> </head> <body> 首页 <br/> <br/> <a href="<%= request.getContextPath() %>/17/hello.jsp">hello.jsp</a><br/> <% String flag = ""; Object object = session.getAttribute("flag"); if(object != null) { flag = object.toString(); } if(flag.equals("login_success")) { %> <a href="<%= request.getContextPath() %>/LogoutServlet">退出</a> <% } else { %> <a href="<%= request.getContextPath() %>/17/login.jsp">登录</a><br/> <% } %> </body> </html>
首页中的holle.jsp:
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>Insert title here</title> </head> <body> <%! String str = "hello world"; %> <% out.print(str); %> <br/> <a href="<%= request.getContextPath() %>/17/index.jsp">首页</a> </body> </html>
首页中登录页面:login.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>用户登录</title> <script type="text/javascript"> function check(form) { if(document.forms.loginForm.userName.value==""){ alert("请输入用户名"); document.forms.loginForm.userName.focus(); return false; } else if (document.forms.loginForm.password.value==""){ alert("请输入用户密码"); document.forms.loginForm.password.focus(); return false; } } </script> </head> <body> <form action="<%= request.getContextPath() %>/LoginServlet" method="post" name="loginForm"> <% if(request.getAttribute("return_uri") != null) { %> <input type="hidden" name="return_uri" value="<%= request.getAttribute("return_uri") %>" /> <% } %> 用户名:<input type="text" name = "userName" /> 密码:<input type="password" name = "password" /> <input type="submit" value="提交" onclick="return check(this);"/> <input type="reset" value="重置" /> </form> <% if(request.getAttribute("msg")!=null && !request.getAttribute("msg").toString().equals("")){ out.print(request.getAttribute("msg")); } %> </body> </html>
登录servlet:LoginServlet.java
package com.stydt.servlet; import java.io.IOException; import javax.servlet.RequestDispatcher; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class LoginServlet extends HttpServlet { private static final long serialVersionUID = 1L; public LoginServlet() { super(); } protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { doPost(request, response); } protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String userName = request.getParameter("userName"); String password = request.getParameter("password"); // 访问登录页面之前所访问的页面,可通过这个值跳转至之前的页面 String returnUri = request.getParameter("return_uri"); RequestDispatcher rd = null; if (userName == null || password == null) { request.setAttribute("msg", "用户名或密码为空"); } else { if (userName.equals("stydt") && password.equals("123456")) { /* 登录成功 */ // 将登录状态保存到session对象中 request.getSession().setAttribute("flag", "login_success"); /* 判断登录之前的上一个页面是否存在 */ if (returnUri != null) { // 存在则跳转到登录之前的界面 rd = request.getRequestDispatcher(returnUri); rd.forward(request, response); } else { // 不存在则跳转到首页 rd = request.getRequestDispatcher("/17/index.jsp"); rd.forward(request, response); } } else { /* 登录失败 */ // 将登录状态修改为失败 request.getSession().setAttribute("flag", "login_error"); request.setAttribute("msg", "用户名或密码错误"); // 失败后跳转到登录界面 rd = request.getRequestDispatcher("/17/login.jsp"); rd.forward(request, response); } } } }
退出servlet:LogoutServlet.java
package com.stydt.servlet; import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class LogoutServlet extends HttpServlet { private static final long serialVersionUID = 1L; public LogoutServlet() { super(); } protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { doPost(request, response); } protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // 注销session的值 request.getSession().invalidate(); // 将网页重定向到首页 response.sendRedirect(request.getContextPath() + "/17/index.jsp"); } }
验证登录状态Filter:PemissionFilte.java
package com.stydt.filter; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.RequestDispatcher; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; public class PemissionFilter implements Filter { public PemissionFilter() { } public void init(FilterConfig fConfig) throws ServletException { } public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { // 将请求与响应向下转换 HttpServletResponse res = (HttpServletResponse) response; HttpServletRequest req = (HttpServletRequest) request; // 获得访问界面的url文件地址 String servletPath = req.getServletPath(); HttpSession session = req.getSession(); // 获取登录状态 String flag = (String) session.getAttribute("flag"); /* 判断是否是登录页、首页、登录servlet */ if (servletPath != null && (servletPath.equals("/17/login.jsp") || servletPath.equals("/17/index.jsp") || servletPath.equals("/LoginServlet"))) { // 是则直接转发到下一组件 chain.doFilter(request, response); } else { // 否,则验证登录状态 if (flag != null) { if (flag.equals("login_success")) { // 登录成功,直接转发到下一组件 chain.doFilter(request, response); } else { // 登录失败,跳转到登录页,并保证当前网页的url文件路径 req.setAttribute("msg", "登录失败"); req.setAttribute("return_uri", servletPath); RequestDispatcher rd = req.getRequestDispatcher("/17/login.jsp"); rd.forward(req, res); } } else { // 未登录,跳转到登录页,并保证当前网页的url文件路径 req.setAttribute("msg", "您尚未登录,请登录"); req.setAttribute("return_uri", servletPath); RequestDispatcher rd = req.getRequestDispatcher("/17/login.jsp"); rd.forward(req, res); } } } public void destroy() { } }
web.xml:
<servlet>
<servlet-name>loginServlet</servlet-name> <servlet-class>com.stydt.servlet.LoginServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>loginServlet</servlet-name> <url-pattern>/LoginServlet</url-pattern> </servlet-mapping>
<servlet> <servlet-name>logoutServlet</servlet-name> <servlet-class>com.stydt.servlet.LogoutServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>logoutServlet</servlet-name> <url-pattern>/LogoutServlet</url-pattern> </servlet-mapping> <filter> <filter-name>pemissionFilter</filter-name> <filter-class>com.stydt.filter.PemissionFilter</filter-class> </filter> <filter-mapping> <filter-name>pemissionFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>