访问index.jsp页面,会员具备访问会员和游客页面的权限,管理员权限最高,均可访问。
index.jsp
<body>
<h1>登录</h1>
${msg }
<form action="<c:url value='/LoginServlet'/>" method="post">
用户名:<input type="text" name="username" /> <br />
<input type="submit" value="登录" />
</form>
</body>
login.jsp
<body>
<h1>登录</h1>
${msg }
<form action="<c:url value='/LoginServlet'/>" method="post">
用户名:<input type="text" name="username" /> <br />
<input type="submit" value="登录" />
</form>
</body>
public class LoginServlet extends HttpServlet {
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
request.setCharacterEncoding("utf-8");
response.setContentType("text/html;charset=utf-8");
//1.获取用户名
String username=request.getParameter("username");
//2.判断用户名中是否包含admin,若包含,是管理员,否则是普通会员
if(username.contains("fan")){
request.getSession().setAttribute("admin", username);
}
else{
request.getSession().setAttribute("username", username);
}
//3.把登录的用户名保存到session中,转发到index.jsp
request.getRequestDispatcher("index.jsp").forward(request, response);
}
}
UserFilter
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
/**
* 1.得到session
* 2.判断session域中是否存在admin ,若存在,放行
* 3.判断session域中是否存在username若存在,放行,否则打回到login.jsp
*/
HttpServletRequest req=(HttpServletRequest)request;
String name=(String)req.getSession().getAttribute("admin");
if(name!=null){
chain.doFilter(request, response);
return;
}
name=(String)req.getSession().getAttribute("username");
if(name!=null){
chain.doFilter(request, response);
}
else{
req.getSession().setAttribute("msg","您不具备访问权限");
req.getRequestDispatcher("/login.jsp").forward(request, response);
}
}
AdminFilter
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
/**
* 1.得到session
* 2.判断session域中是否存在admin ,若存在,放行;否则打回到login.jsp
*/
HttpServletRequest req=(HttpServletRequest)request;
String name=(String)req.getSession().getAttribute("admin");
if(name!=null){
chain.doFilter(request, response);
}
else{
req.getSession().setAttribute("msg","您不具备管理员权限");
req.getRequestDispatcher("/login.jsp").forward(request, response);
}
}