说明:
我们给出三个页面:index.jsp、user.jsp、admin.jsp。
index.jsp:谁都可以访问,没有限制;
user.jsp:只有登录用户才能访问;
admin.jsp:只有管理员才能访问。
分析
1.设计User类:
username、password、grade,其中grade表示用户等级,1表示普通用户,2表示管理员用户。
2.前端表单设计:
将表单数据提交到controller层中的登录servlet中,包括用户名和密码
3.controller层:
(1)获取前端传过来的用户名和数据,调用service去查该用户是否存在
根据service返回来的user进行以下的判断:
(2)如果不存在,说明用户名或者密码错误,并重新请求转发到登录页面
(3)如果存在,就登录成功,此时需要做两件事
a:将user保存在session中
b:请求转发到index.jsp中
4.存在两个过滤器:
(1)登录过滤器,判断用户是否登录,主要拦截的是/user.jsp和/admin.jsp文件
实现步骤:
a:在session中获取user
为空:回写数据,说明还未登录,并给与登录页面的连接
不为空:放行
(2)admin.jsp的过滤器
实现步骤:在session中获取user
为空:回写数据,说明还未登录,并给与登录页面的连接
不为空:判断该用户的权限grade是否等于2,不等于的话,回写权限不够,等于2,放行
5.service层和mapper层就是根据控制层传过来的数据去数据库核对是否有该用户,不是本篇文章的重点,就不一一叙述
代码实现:
bean:
public class User {
private String name;
private String pwd;
private Integer grade;
public User() {
}
public User(String name, String pwd, Integer grade) {
this.name = name;
this.pwd = pwd;
this.grade = grade;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public String getPwd() {
return pwd;
}
public void setPwd(String pwd) {
this.pwd = pwd;
}
public Integer getGrade() {
return grade;
}
public void setGrade(Integer grade) {
this.grade = grade;
}
@Override
public String toString() {
return "User{" +
"name='" + name + '\'' +
", pwd='" + pwd + '\'' +
", grade=" + grade +
'}';
}
}
controller
@WebServlet("/login")
public class LoginServlet extends HttpServlet {
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
request.setCharacterEncoding("utf-8");
response.setContentType("text/html;charset=utf-8");
//获取表单的数据
String username = request.getParameter("username");
String password = request.getParameter("password");
//调用service层获取user
UserService userService=new UserService();
User user = userService.login(username, password);
if(user==null){
//说明没有登录
request.setAttribute("msg","请先登录");
request.getRequestDispatcher("/login.jsp").forward(request,response);
}else {
//登录成功,把user保存在sessionh中,并转发到index中
HttpSession session = request.getSession();
session.setAttribute("user",user);
request.getRequestDispatcher("/index.jsp").forward(request,response);
}
}
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
doGet(request, response);
}
}
登录页面的过滤器
@WebFilter({"/user.jsp","/admin.jsp"})
public class LoginFilter extends HttpFilter {
@Override
protected void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
response.setContentType("text/html;charset=utf-8");
//在session中获取user
HttpSession session = request.getSession();
User user =(User) session.getAttribute("user");
if(user!=null){
//已登录
chain.doFilter(request,response);
}else {
//还未登录
response.getWriter().write("你还未登录 <a href='/day08/login.jsp>去登录</a>'");
}
}
}
admin,jsp的过滤器
@WebFilter("/admin.jsp")
public class AdminFilter extends HttpFilter {
@Override
protected void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
response.setContentType("text/html;charset=utf-8");
//在session中获取user
HttpSession session = request.getSession();
User user =(User) session.getAttribute("user");
if(user!=null){
if(user.getGrade()<2){
//已登录,但权限不够
response.getWriter().write("您的等级不够");
}else {
chain.doFilter(request,response);
}
}else {
//还未登录
response.getWriter().write("你还未登录");
}
}
}
前端表单:
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>Title</title>
</head>
<body>
<h1>登录</h1>
<p style="font-weight: 900;color:red">${msg}</p>
<form action="/day08/login" method="post">
用户名:<input type="text" name="username"/><br/>
密 码:<input type="password" name="password"/><br/>
<input type="submit" value="登录"/>
</form>
</body>
</html>