问题:在登录验证中,在未登录状态下,还可访问需要登录状态的相关页面
解决方法:在项目创建Filter过滤器拦截,相关代码如下
package cn.mju.project1.filter;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
/**
* 完成登录验证过滤器
*/
@WebFilter("/*")
public class LoginFilter implements Filter {
public void destroy() {
}
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException {
System.out.println("过滤器被执行了");
//0.强制转换
HttpServletRequest request =(HttpServletRequest) req;
//1.获取请求路径
String uri = ((HttpServletRequest) req).getRequestURI();
//chain.doFilter(req, resp);
//2.判断是否包含登录相关路径
if(uri.contains("/login.jsp")||uri.contains("/login")||uri.contains("/captche")){
//包含直接放行
chain.doFilter(req,resp);
}else {
//不包含,判断用户是否登录
//3.获取session中获取登录状态
String user = (String) request.getSession().getAttribute("user");
if(user != null){
//已登录则放行
chain.doFilter(req,resp);
}else{
//未登录状态则跳转错误页面
request.setAttribute("msg","您尚未登录!"); //设置错误信息
request.getRequestDispatcher("/fail.jsp").forward(request,resp);
};
}
}
public void init(FilterConfig config) throws ServletException {
}
}