检测用户是否登录的过滤器:
——情景:系统中某些页面只有在正常登录后才可以使用,用户请求这些页面时要检查session中有无该用户信息,但在所有必要的页面加上session的判断相当麻烦的事情
——解决方案:编写一个用于检测用户是否登录的过滤器,如果用户未登录,则重定向到指定的登录页面
——要求:需检查的在Session中保存的关键字;如果用户未登录,需重定向到指定的页面(URL不包括ContextPath);不做检查的URL列表(以分号分开,并且URL中不包括ContextPath)都要采取可配置的方式。
list.jsp
设置b,c,d,e需要用户登录权限,点击跳转login.jsp
登录完成,输入有效的名字可以进入其他页面
源代码:
list.jsp
<a href="a.jsp">AAA</a>
<br><br>
<a href="b.jsp">BBB</a>
<br><br>
<a href="c.jsp">CCC</a>
<br><br>
<a href="d.jsp">DDD</a>
<br><br>
<a href="e.jsp">EEE</a>
<br><br>
a,b,c,d,e.jsp
<h4>AAA PAGE</h4>
<a href="list.jsp">Return...</a>
login.jsp
<form action="doLogin.jsp" method="post">
username: <input type="text" name="username">
<input type="submit" value="Submit">
</form>
doLogin.jsp
<%
//1.获取用户的登录信息
String username = request.getParameter("username");
//2.若登录信息完整,则把登录信息方法HttpSession
if (username!=null&&!username.trim().equals("")){
session.setAttribute(application.getInitParameter("userSessionKey"),username);
//3.重定向到list.jsp
response.sendRedirect("list.jsp");
}else {
response.sendRedirect("login.jsp");
}
%>
web.xml的相关设置
<!--用户信息放入到session中键的名字-->
<context-param>
<param-name>userSessionKey</param-name>
<param-value>USERSESSIONKEY</param-value>
</context-param>
<!--若未登陆,需重定向的页面-->
<context-param>
<param-name>rediretPage</param-name>
<param-value>/login/login.jsp</param-value>
</context-param>
<!--不需要拦截(或检查)的URL列表-->
<context-param>
<param-name>uncheckedUrls</param-name>
<param-value>/login/a.jsp,/login/list.jsp,/login/login.jsp,/login/doLogin.jsp,</param-value>
</context-param>
LoginFilter.java
package com.demo.filter;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Arrays;
import java.util.List;
public class LoginFilter implements Filter {
private String sessionKey;
private String redirectUrl;
private String uncheckedUrls;
private FilterConfig filterConfig;
@Override
public void init(FilterConfig filterConfig) throws ServletException {
this.filterConfig = filterConfig;
ServletContext servletContext = this.filterConfig.getServletContext();
sessionKey = servletContext.getInitParameter("userSessionKey");
redirectUrl = servletContext.getInitParameter("rediretPage");
uncheckedUrls = servletContext.getInitParameter("uncheckedUrls");
System.out.println(sessionKey);
System.out.println(redirectUrl);
System.out.println(uncheckedUrls);
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
//1.从web.xml文件中获取sessionKey,redirectUrl,uncheckedUrls
//1.获取请求的servletPath
String requestUrl = request.getRequestURL().toString();
String requestUri = request.getRequestURI();
String servletPath = request.getServletPath();
// http://localhost:8081/javaweb/login/list.jsp
System.out.println(requestUrl);
// /javaweb/login/list.jsp
System.out.println(requestUri);
// /login/list.jsp
System.out.println(servletPath);
//2.检查1获取的servletPath是否不需要检查的URL中的一个,若是,则直接放行,方法结束
List<String> urls = Arrays.asList(uncheckedUrls.split(","));
if (urls.contains(servletPath)){
filterChain.doFilter(request,response);
return;
}
//3.从session中获取sessionKey对应的值,若值不存在,则重定向到redirectUrl
Object user = request.getSession().getAttribute(sessionKey);
if (user == null){
response.sendRedirect(request.getContextPath()+ redirectUrl);
return;
}
//4.若存在,则放行,允许访问
filterChain.doFilter(request,response);
}
@Override
public void destroy() {
}
}