初始登录Servlet:
package cn.xbai.servlet;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class LoginSubmitServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
//response.getWriter().write("你好,小白!");
//response.getWriter().write("<br/>如果我没有乱码,就是使用了全局过滤器...<br/>");
//防表单重复提交
//防盗链
//缓存
//...
//获取数据
String username=request.getParameter("username");
String password=request.getParameter("password");
//数据合法性校验(放在业务层)
if(!isEmpty(username) && !isEmpty(password)){
//response.getWriter().write("你好,小白!");
}else{
if(isEmpty(username)){
//如果重定向放到Session里,就是扩大的域,再单独登录会取
//Session中的旧登录数据,这是错误的,而如果在登录UI的Servlet
//先清除Session又无法获取错误信息:
request.setAttribute("sorry1", "用户名不能为空!");
}
if(isEmpty(password)){
request.setAttribute("sorry2", "密码不能为空!");
}
//转发需要注意的就是这个UI页面form要用绝对URL地址,不然会错误,因为前后地址栏不同!
request.getRequestDispatcher("/servlet/LoginUIServlet").forward(request, response);
return;
}
}
private boolean isEmpty(String str){
if(str==null || str.trim().equals("")){
return true;
}
return false;
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
}
}
注意错误提示信息不能存放在Session,解释详见里面注释
UI页jsp:
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Jsp</title>
</head>
<body>
<h1>公子小白旗舰店</h1>
<!-- 发现如果这里用hr元素,下面的form就是报错,这种格式应该是非法,待查 -->
<form action="${pageContext.request.contextPath }/servlet/LoginSubmitServlet" method="post">
<table width="30%" align="center" border="0px">
<tr><td align="center">登录名:</td><td><input type="text" name="username"/></td><td>${requestScope.sorry1 }</td></tr>
<tr><td align="center">密码:</td><td><input type="password" name="password"/></td><td>${requestScope.sorry2 }</td></tr>
<tr><td colspan="2" align="center"><input type="submit" value="登录"/></td><td></td></tr>
<tr><td colspan="2" align="center"><a href="${pageContext.request.contextPath }/servlet/RegisterServlet">免费注册</a></td><td></td></tr>
</table>
</form>
</body>
</html>
加上过滤器,放行LoginUI和已登录用户:
package cn.xbai.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import cn.xbai.domain.User;
public class AutoLoginFilter implements Filter {
public void destroy() {
// TODO Auto-generated method stub
}
public void doFilter(ServletRequest req, ServletResponse resp,
FilterChain chain) throws IOException, ServletException {
// TODO Auto-generated method stub
//应该排除掉登录UI的Servlet:
//如果不排除,由于没登录,访问登录页时会始终重复跳转登录页,处于永远无法登录状态
HttpServletRequest request=(HttpServletRequest) req;
HttpServletResponse response=(HttpServletResponse) resp;
String uri=request.getRequestURI();//从应用开始的部分地址
System.out.println(uri);
if(uri.contains("LoginUIServlet")){
System.out.println("LoginUI");
chain.doFilter(request, response);
}else{//不存在的访问地址留待其他机制去处理!特定部件只管特定事情!
User user=(User) request.getSession().getAttribute("user");
if(user==null){
System.out.println("Not logged in");
//检查带过来的Cookie,前提是上次登录设置了该Cookie
if(false){
}else{//没登录也没有上次登录时效信息
//jsp友好提示,并三秒重定向到登录UI
//response.sendRedirect(request.getContextPath()+"/servlet/LoginUIServlet");
request.getRequestDispatcher("/WEB-INF/jsp/redirect.jsp").forward(request, response);
}
}else{
//已登录,放行
chain.doFilter(request, response);
}
}
}
public void init(FilterConfig filterConfig) throws ServletException {
// TODO Auto-generated method stub
}
}
过滤器跳转jsp:
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<meta http-equiv="refresh" content="3; url=${pageContext.request.contextPath }/servlet/LoginUIServlet" />
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Jsp</title>
</head>
<body>
您还没有登录,亲!(~_~)
</body>
</html>
效果:
进入登录页,直接点登录,会返回此页,因为跳转到的SubmitServlet同样处于未登录状态;输入不存在的url,显示404??
发现问题:登录提交的Servlet也不该经过该过滤器!否则也永远无法登录!
修改补全:(同时经过了两个Filter,自动登录的Filter中,登录UI和Submit页面均放行,登录成功后访问另一个Servlet测试自动登录Filter的拦截)
此时访问不存在的地址会跳转到UI页面(第二个Filter拦截了,待研究调试??)
未做:登录时设置登录信息Cookie回写给浏览器
web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5"
xm