1、步骤1:在filter中增加权限判断

  1. public class AuthFilter implements Filter { 
  2.  
  3.     @Override 
  4.     public void destroy() { 
  5.     } 
  6.  
  7.     @Override 
  8.     public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, 
  9.                          FilterChain filterChain) throws IOException, ServletException { 
  10.         HttpServletRequest request = (HttpServletRequest) servletRequest; 
  11.         HttpServletResponse response = (HttpServletResponse) servletResponse; 
  12.         String currentURL = request.getRequestURI();  
  13.         String targetURL = currentURL.substring(currentURL.indexOf("/"1), currentURL.length());  
  14.         HttpSession session = request.getSession(false); 
  15.         if (!"/login/login.html".equals(targetURL)) { 
  16.             //判断当前页是否是重定向以后的登录页面页面,如果是就不做session的判断,防止出现死循环 
  17.             if (session == null || session.getAttribute("user") == null) { 
  18.                 //*用户登录以后需手动添加session 
  19.                 response.sendRedirect(request.getContextPath() + "/page/login/login.html"); 
  20.                 //如果session为空表示用户没有登录就重定向到login.jsp页面 
  21.                 return
  22.             } 
  23.         } 
  24.         //加入filter链继续向下执行 
  25.         filterChain.doFilter(request, response); 
  26.     } 
  27.  
  28.     @Override 
  29.     public void init(FilterConfig arg0) throws ServletException { 
  30.     } 

 

2、在web.xml中进行配置,拦截访问的页面

  1. <filter> 
  2.     <filter-name>authFilter</filter-name> 
  3.     <filter-class>com.alibaba.hummock.console.filter.AuthFilter</filter-class> 
  4. </filter> 
  5. <filter-mapping> 
  6.     <filter-name>authFilter</filter-name> 
  7.     <url-pattern>*.html</url-pattern> 
  8. </filter-mapping> 

3、在登录时将user写入session中