web中定义过滤器验证登录(未登录没有权限访问页面)
在进行web系统开发时,我们需要对用户的请求进行拦截,避免非法用户登录
配置字符集过滤器(Filter)
1、定义过滤器LoginFilter,实现Filter接口,并重新里面的init()、doFilter()和 destroy()方法
2、在doFilter()中判断用户是否登录系统了,只有合法登录后才能访问系统
分析: 首先分析session中是否有用户的信息,
有则放行,
没有,判断是否是登录请求或者是登录提交请求,
是则放行,
不是则跳转到登录页面
3、分析代码
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse resp = (HttpServletResponse) response;
// 获得当前请求的URI
String nowPath = req.getRequestURI();
if (req.getSession().getAttribute(Constant.SESSION_USER) == null) {
if ("/lbjn_mybatis/login.do".equals(nowPath)
|| "/lbjn_mybatis/loginSubmit.do".equals(nowPath)) {
chain.doFilter(req, resp);
return;
} else {
resp.sendRedirect(req.getContextPath() + "/login.do");
return;
}
}
chain.doFilter(request, response);
4、在web.xml中配置过滤器的信息
<!-- 拦截非法登录 -->
<filter>
<filter-name>LoginFilter</filter-name>
<filter-class>cn.demo.filter.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>*.do</url-pattern>
</filter-mapping>
LoginFilter.java源码:
package cn.demo.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import cn.ilfy.lbjn_mybatis.constant.Constant;
public class LoginFilter implements Filter {
@Override
public void destroy() {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse resp = (HttpServletResponse) response;
// 获得当前请求的URI
String nowPath = req.getRequestURI();
if (req.getSession().getAttribute(Constant.SESSION_USER) == null) {
if ("/lbjn_mybatis/login.do".equals(nowPath)
|| "/lbjn_mybatis/loginSubmit.do".equals(nowPath)) {
chain.doFilter(req, resp);
return;
} else {
resp.sendRedirect(req.getContextPath() + "/login.do");
return;
}
}
chain.doFilter(request, response);
}
@Override
public void init(FilterConfig arg0) throws ServletException {
}
}