javaweb-filter实现登录拦击功能

javaweb-filter实现登录拦击功能

要求:用户登录了之后才能进入主页,注销的之后就不能进入主页;(在过滤器中实现!)

1、用户登录页面实现

前端页面代码

<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
    <title>Title</title>
</head>
<body>
    <h1>登录</h1>

    <form action="/servlet/login" method="get">
        用户名:<input type="text" name="username"/>
        <input type="submit" value="登录">
    </form>
</body>
</html>

其中“/servlet/login”是请求的路径,注册对应servlet的时候servlet-mapping中的url-pattern中的的值需要是“/servlet/login”才能将页面的值请求到对应的servlet中。

ServletLogin.java代码:

获取前端页面传过来的“username”,和admin比较。如果相等,获取Session,设置Session名字为Constant.USER_SESSION中的值,Session的值为Session的ID(req.getSession().getId()),然后使用resp.sendRedirect("/sys/success.jsp")重定向到主页index.jsp页面;

如果和admin不相等,则不是管理员,直接重定向到Error.jsp页面

package com.kuang.servlet;

import com.kuang.util.Constant;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

public class ServletLogin extends HttpServlet {
    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        String username = req.getParameter("username");

        if (username.equals("admin")){
            req.getSession().setAttribute(Constant.USER_SESSION,req.getSession().getId());
            resp.sendRedirect("/sys/success.jsp");
        }else {
            resp.sendRedirect("/Error.jsp");
        }
    }

    @Override
    protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        doGet(req, resp);
    }
}

web.xml页面:servlet需要在web.xml页面中注册, /servlet/login中的值要对应上

form中action的值;否则数据请求会报错。

<!--注册登录-->
  <servlet>
    <servlet-name>ServletLogin</servlet-name>
    <servlet-class>com.kuang.servlet.ServletLogin</servlet-class>
  </servlet>
  <servlet-mapping>
    <servlet-name>ServletLogin</servlet-name>
    <url-pattern>/servlet/login</url-pattern>
  </servlet-mapping>

2、登录成功页面实现

前端页面代码:

<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
    <title>登录成功</title>
</head>
<body>
    <h1>登录成功</h1>

    <a href="/servlet/logout">注销</a>
</body>
</html>

登录成功的页面重点是注销功能,注销的时候需要移除掉登录时设置的Session,获取Session,判断Session是否为空,如果不为空,则说明在线,用req.getSession().removeAttribute()删除Session,注销,重定向到index.jsp登录页;如果Session为空直接重定向到index.jsp登录页

package com.kuang.servlet;

import com.kuang.util.Constant;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

public class ServletLogout extends HttpServlet {
    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        Object attribute = req.getSession().getAttribute(Constant.USER_SESSION);

        if (attribute!=null){
            req.getSession().removeAttribute(Constant.USER_SESSION);
            resp.sendRedirect("/index.jsp");
        }else {
            resp.sendRedirect("/index.jsp");
        }
    }
    @Override
    protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        doGet(req, resp);
    }
}

web.xml中注册SessletLogout

<!--注册注销-->
<servlet>
    <servlet-name>ServletLogout</servlet-name>
    <servlet-class>com.kuang.servlet.ServletLogout</servlet-class>
</servlet>
<servlet-mapping>
    <servlet-name>ServletLogout</servlet-name>
    <url-pattern>/servlet/logout</url-pattern>
</servlet-mapping>

3、Error错误界面

需要增加返回到登录页的超链接;

<%--
  Created by IntelliJ IDEA.
  User: zuma
  Date: 2023/2/21
  Time: 10:10
  To change this template use File | Settings | File Templates.
--%>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
    <title>登录失败</title>
</head>
<body>
    <h1>登录失败!!!</h1>

    <a href="/index.jsp">返回登录页</a>
</body>
</html>

4、Filter实现过滤

SysFilter.java

继承Filter接口,重写三个方法。

  • init()方法是初始化,在服务器启动的时候就启动Filter过滤了。
  • destroy()方法是注销Filter,在服务器停止的时候停止Filter
  • doFilter()中写需要过滤的内容;

登录权限为例,首先将ServletRequest和ServletResponse强制转换成HTTP请求和响应,然后从请求中获取Session,判断Session是否为空,如果为空,则直接重定向到错误页面Error.jsp。

filterChain.doFilter(servletRequest,servletResponse);一定要加否则程序会卡在过滤器不执行。

package com.kuang.filter;

import com.kuang.util.Constant;

import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

public class SysFilter implements Filter {
    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
        Filter.super.init(filterConfig);
    }

    @Override
    public void destroy() {
        Filter.super.destroy();
    }

    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) servletRequest;
        HttpServletResponse response = (HttpServletResponse) servletResponse;

        Object attribute = request.getSession().getAttribute(Constant.USER_SESSION);

        if (attribute==null){
            response.sendRedirect("/Error.jsp");
        }

        filterChain.doFilter(servletRequest,servletResponse);

    }
}
```![](https://img2023.cnblogs.com/blog/2788298/202302/2788298-20230221221949640-1097611919.png)
posted @   祖玛  阅读(80)  评论(0编辑  收藏  举报
相关博文:
·  javaweb实现下载
·  javaweb操作数据库的公共类
·  javaweb学习23:Filter实现权限拦截
·  javaweb:Filter实现权限拦截
·  【学习笔记】Filter过滤器实现登录验证
阅读排行:
· 震惊!C++程序真的从main开始吗?99%的程序员都答错了
· winform 绘制太阳,地球,月球 运作规律
· 【硬核科普】Trae如何「偷看」你的代码?零基础破解AI编程运行原理
· 上周热点回顾(3.3-3.9)
· 超详细:普通电脑也行Windows部署deepseek R1训练数据并当服务器共享给他人
点击右上角即可分享
微信分享提示
AI IDE Trae