通过Filter来定义一个登录验证过滤器,这是就不需要在每一个JSP页面添加判断用户合法性的代码了。
以下示例中包含了5个文件,一个是登录表单LoginForm.jsp,一个是登录判断页LoginConf.jsp,
一个是登录验证过滤器LoginFilter.java,一个是登录成功页面LoginSucess.jsp,一个是登录失败
页面Loginfailure.jsp。
LoginForm.jsp
1 <%@ page language="java" import="java.util.*" pageEncoding="utf-8"%> 2 3 <html> 4 <head><title>用户登录</title></head> 5 6 <body> 7 <center> 8 <form action="LoginConf.jsp" method="post"> 9 <table> 10 <tr> 11 <td colspan="2">用户登录</td> 12 </tr> 13 <tr> 14 <td>用户名:</td> 15 <td><input type="text" name="username"></td> 16 </tr> 17 <tr> 18 <td>密 码</td> 19 <td><input type="password" name="userpassword"></td> 20 </tr> 21 <tr> 22 <td colspan="2"> 23 <input type="submit" value="登录"> 24 <input type="reset" value="重置"> 25 </td> 26 </tr> 27 </table> 28 </form> 29 </center> 30 </body> 31 </html>
LoginConf.jsp
1 <%@ page language="java" import="java.util.*" pageEncoding="utf-8"%> 2 3 <html> 4 <head><title>登录判断</title></head> 5 6 <body> 7 <center> 8 <% 9 //接受用户名,密码参数 10 String username=request.getParameter("username"); 11 String userpassword = request.getParameter("userpassword"); 12 13 //判断用户名以及密码,如果为指定用户则跳转到登陆成功页面。 14 if("CeShi".equals(username)&&"123456".equals(userpassword)){ 15 session.setAttribute("username",username); 16 %> 17 <jsp:forward page="LoginSuccess.jsp"/> 18 <% 19 } 20 //如果不是指定用户,则跳转到登录失败页面 21 else{ 22 %> 23 <jsp:forward page="LoginFailure.jsp" /> 24 <% 25 } 26 %> 27 </center> 28 </body> 29 </html>
LoginFilter.java
1 package com.mhb; 2 3 import java.io.IOException; 4 5 import javax.servlet.Filter; 6 import javax.servlet.FilterChain; 7 import javax.servlet.FilterConfig; 8 import javax.servlet.ServletException; 9 import javax.servlet.ServletRequest; 10 import javax.servlet.ServletResponse; 11 import javax.servlet.http.HttpServletRequest; 12 import javax.servlet.http.HttpSession; 13 14 public class LoginFilter implements Filter { 15 16 //初始化方法 17 public void init(FilterConfig arg0) throws ServletException { 18 System.out.println("登录验证过滤器初始化!"); 19 } 20 21 //过滤方法 22 public void doFilter(ServletRequest req, ServletResponse res, 23 FilterChain chain) throws IOException, ServletException { 24 HttpServletRequest request = (HttpServletRequest)req; 25 //获得session对象 26 HttpSession session = request.getSession(); 27 String login = (String) session.getAttribute("username"); 28 29 //如果是登录判断页面,不用进行过滤检查 30 if("/JavaWeb/LoginConf.jsp".equals(request.getRequestURI())){ 31 chain.doFilter(req, res); 32 }else{ 33 //判断用户是否进行登录,如果进行了登录则继续操作,否则跳转到登录页面 34 if(login == null || "".equals(login)){ 35 request.getRequestDispatcher("LoginForm.jsp").forward(req, res); 36 }else{ 37 chain.doFilter(req, res); 38 } 39 } 40 } 41 42 //销毁方法 43 public void destroy() { 44 System.out.println("登录验证过滤器销毁!"); 45 } 46 }
LoginSuccess.jsp
1 <%@ page language="java" import="java.util.*" pageEncoding="utf-8"%> 2 3 <html> 4 <head><title>登录成功</title></head> 5 6 <body> 7 <center> 8 <h1>登录成功</h1> 9 ${sessionScope.username}欢迎您的登录! 10 </center> 11 </body> 12 </html>
LoginFailure.jsp
1 <%@ page language="java" import="java.util.*" pageEncoding="utf-8"%> 2 3 <html> 4 <head><title>登录失败</title></head> 5 6 <body> 7 <h1>登录失败</h1> 8 </body> 9 </html>
web.xml配置
1 <filter> 2 <filter-name>LoginFilter</filter-name> 3 <filter-class>com.mhb.LoginFilter</filter-class> 4 </filter> 5 <filter-mapping> 6 <filter-name>LoginFilter</filter-name> 7 <url-pattern>/*</url-pattern> 8 </filter-mapping> 9 10 <welcome-file-list> 11 <welcome-file>index.jsp</welcome-file> 12 </welcome-file-list> 13 </web-app>
验证过程:
1)在浏览器中直接输入登录页面,输入正确用户名密码(CeShi,123456)跳转至成功页面。
2)在浏览器中直接输入登录页面,输入错误的用户名密码跳转至登录失败页面。
3)在浏览器中直接输入登录成功页面,直接跳转至登录页面(此步骤注意清空浏览器缓存)。