JavaWeb_检查用户是否登录的过滤器
检测用户是否登录的过滤器:
——情景:系统中某些页面只有在正常登录后才可以使用,用户请求这些页面时要检查session中有无该用户信息,但在所有必要的页面加上session的判断相当麻烦的事情
——解决方案:编写一个用于检测用户是否登录的过滤器,如果用户未登录,则重定向到指定的登录页面
——要求:需检查的在Session中保存的关键字;如果用户未登录,需重定向到指定的页面(URL不包括ContextPath);不做检查的URL列表(以分号分开,并且URL中不包括ContextPath)都要采取可配置的方式。
list.jsp
设置b,c,d,e需要用户登录权限,点击跳转login.jsp
登录完成,输入有效的名字可以进入其他页面
源代码:
list.jsp
<a href="a.jsp">AAA</a> <br><br> <a href="b.jsp">BBB</a> <br><br> <a href="c.jsp">CCC</a> <br><br> <a href="d.jsp">DDD</a> <br><br> <a href="e.jsp">EEE</a> <br><br>
a,b,c,d,e.jsp
<h4>AAA PAGE</h4> <a href="list.jsp">Return...</a>
login.jsp
<form action="doLogin.jsp" method="post"> username: <input type="text" name="username"> <input type="submit" value="Submit"> </form>
doLogin.jsp
<% //1.获取用户的登录信息 String username = request.getParameter("username"); //2.若登录信息完整,则把登录信息方法HttpSession if (username!=null&&!username.trim().equals("")){ session.setAttribute(application.getInitParameter("userSessionKey"),username); //3.重定向到list.jsp response.sendRedirect("list.jsp"); }else { response.sendRedirect("login.jsp"); } %>
web.xml的相关设置
<!--用户信息放入到session中键的名字--> <context-param> <param-name>userSessionKey</param-name> <param-value>USERSESSIONKEY</param-value> </context-param> <!--若未登陆,需重定向的页面--> <context-param> <param-name>rediretPage</param-name> <param-value>/login/login.jsp</param-value> </context-param> <!--不需要拦截(或检查)的URL列表--> <context-param> <param-name>uncheckedUrls</param-name> <param-value>/login/a.jsp,/login/list.jsp,/login/login.jsp,/login/doLogin.jsp,</param-value> </context-param>
LoginFilter.java
package com.demo.filter; import javax.servlet.*; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; import java.util.Arrays; import java.util.List; public class LoginFilter implements Filter { private String sessionKey; private String redirectUrl; private String uncheckedUrls; private FilterConfig filterConfig; @Override public void init(FilterConfig filterConfig) throws ServletException { this.filterConfig = filterConfig; ServletContext servletContext = this.filterConfig.getServletContext(); sessionKey = servletContext.getInitParameter("userSessionKey"); redirectUrl = servletContext.getInitParameter("rediretPage"); uncheckedUrls = servletContext.getInitParameter("uncheckedUrls"); System.out.println(sessionKey); System.out.println(redirectUrl); System.out.println(uncheckedUrls); } @Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) servletRequest; HttpServletResponse response = (HttpServletResponse) servletResponse; //1.从web.xml文件中获取sessionKey,redirectUrl,uncheckedUrls //1.获取请求的servletPath String requestUrl = request.getRequestURL().toString(); String requestUri = request.getRequestURI(); String servletPath = request.getServletPath(); // http://localhost:8081/javaweb/login/list.jsp System.out.println(requestUrl); // /javaweb/login/list.jsp System.out.println(requestUri); // /login/list.jsp System.out.println(servletPath); //2.检查1获取的servletPath是否不需要检查的URL中的一个,若是,则直接放行,方法结束 List<String> urls = Arrays.asList(uncheckedUrls.split(",")); if (urls.contains(servletPath)){ filterChain.doFilter(request,response); return; } //3.从session中获取sessionKey对应的值,若值不存在,则重定向到redirectUrl Object user = request.getSession().getAttribute(sessionKey); if (user == null){ response.sendRedirect(request.getContextPath()+ redirectUrl); return; } //4.若存在,则放行,允许访问 filterChain.doFilter(request,response); } @Override public void destroy() { } }