之前的ssm项目,可以不通过登录界面登录而直接打开修改数据库的地址,对数据库的数据进行修改,为了修改这个问题,用filter实现登录拦截
LoginFilter
package com.zr0701.filter;
import com.zr0701.bean.User;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
public class LoginFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request=(HttpServletRequest)servletRequest;
HttpServletResponse response=(HttpServletResponse)servletResponse;
HttpSession session=request.getSession();
User user=(User)session.getAttribute("user");
//request.getRequestURL();返回全路径
String uri=request.getRequestURI();//返回host后面的部分路径
System.out.println(uri.indexOf("findAll.do"));
System.out.println(uri.indexOf("login.do"));
if (user==null && uri.indexOf("login.do")==-1){
response.sendRedirect(request.getContextPath()+"/");
}else{
filterChain.doFilter(request,response);
}
}
@Override
public void destroy() {
}
}
Controller
@RequestMapping("/login.do")
public ModelAndView login(User user, HttpSession session){
boolean flag =userService.login(user.getName(),user.getPassword());
ModelAndView modelAndView=new ModelAndView();
if (flag){
session.setAttribute("user",user);
modelAndView.setViewName("../ok");
}else {
modelAndView.setViewName("../failure");
}
return modelAndView;
}
运行结果
成功
查看数据