JavaWeb_检查用户是否登录的过滤器

检测用户是否登录的过滤器:

——情景:系统中某些页面只有在正常登录后才可以使用,用户请求这些页面时要检查session中有无该用户信息,但在所有必要的页面加上session的判断相当麻烦的事情

——解决方案:编写一个用于检测用户是否登录的过滤器,如果用户未登录,则重定向到指定的登录页面

——要求:需检查的在Session中保存的关键字;如果用户未登录,需重定向到指定的页面(URL不包括ContextPath);不做检查的URL列表(以分号分开,并且URL中不包括ContextPath)都要采取可配置的方式。

 

list.jsp

设置b,c,d,e需要用户登录权限,点击跳转login.jsp

登录完成,输入有效的名字可以进入其他页面

 

源代码:

list.jsp

<a href="a.jsp">AAA</a>
<br><br>
<a href="b.jsp">BBB</a>
<br><br>
<a href="c.jsp">CCC</a>
<br><br>
<a href="d.jsp">DDD</a>
<br><br>
<a href="e.jsp">EEE</a>
<br><br>

  

a,b,c,d,e.jsp

 

<h4>AAA PAGE</h4>
<a href="list.jsp">Return...</a>

 

  

 

login.jsp

 

<form action="doLogin.jsp" method="post">
    username: <input type="text" name="username">
    <input type="submit" value="Submit">
</form>

 

  

 

doLogin.jsp

 

   <%
        //1.获取用户的登录信息
        String username = request.getParameter("username");

        //2.若登录信息完整,则把登录信息方法HttpSession
        if (username!=null&&!username.trim().equals("")){
            session.setAttribute(application.getInitParameter("userSessionKey"),username);
            //3.重定向到list.jsp
            response.sendRedirect("list.jsp");
        }else {
            response.sendRedirect("login.jsp");
        }
    %>

 

  

 

web.xml的相关设置

 

    <!--用户信息放入到session中键的名字-->
    <context-param>
        <param-name>userSessionKey</param-name>
        <param-value>USERSESSIONKEY</param-value>
    </context-param>
    
    <!--若未登陆,需重定向的页面-->
    <context-param>
        <param-name>rediretPage</param-name>
        <param-value>/login/login.jsp</param-value>
    </context-param>

    <!--不需要拦截(或检查)的URL列表-->
    <context-param>
        <param-name>uncheckedUrls</param-name>
        <param-value>/login/a.jsp,/login/list.jsp,/login/login.jsp,/login/doLogin.jsp,</param-value>
    </context-param>

 

  

 

LoginFilter.java

 

package com.demo.filter;

import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Arrays;
import java.util.List;

public class LoginFilter implements Filter {

    private String sessionKey;
    private String redirectUrl;
    private String uncheckedUrls;
    private FilterConfig filterConfig;

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
        this.filterConfig = filterConfig;
        ServletContext servletContext = this.filterConfig.getServletContext();
        sessionKey = servletContext.getInitParameter("userSessionKey");
        redirectUrl = servletContext.getInitParameter("rediretPage");
        uncheckedUrls  = servletContext.getInitParameter("uncheckedUrls");

        System.out.println(sessionKey);
        System.out.println(redirectUrl);
        System.out.println(uncheckedUrls);
    }

    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
         HttpServletRequest request = (HttpServletRequest) servletRequest;
         HttpServletResponse response = (HttpServletResponse) servletResponse;
        //1.从web.xml文件中获取sessionKey,redirectUrl,uncheckedUrls
           //1.获取请求的servletPath
            String requestUrl = request.getRequestURL().toString();
            String requestUri = request.getRequestURI();
            String servletPath = request.getServletPath();
//          http://localhost:8081/javaweb/login/list.jsp
            System.out.println(requestUrl);
//            /javaweb/login/list.jsp
            System.out.println(requestUri);
//            /login/list.jsp
            System.out.println(servletPath);
            //2.检查1获取的servletPath是否不需要检查的URL中的一个,若是,则直接放行,方法结束
            List<String> urls = Arrays.asList(uncheckedUrls.split(","));
            if (urls.contains(servletPath)){
                filterChain.doFilter(request,response);
                return;
            }

            //3.从session中获取sessionKey对应的值,若值不存在,则重定向到redirectUrl
            Object user = request.getSession().getAttribute(sessionKey);
            if (user == null){
                response.sendRedirect(request.getContextPath()+ redirectUrl);
                return;
            }

            //4.若存在,则放行,允许访问
            filterChain.doFilter(request,response);

    }

    @Override
    public void destroy() {

    }
}

 

  

posted @ 2019-07-17 14:59  鸿森  阅读(1068)  评论(0编辑  收藏  举报