1. 建filter类
package com.ssm.blog.filter;
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.web.filter.OncePerRequestFilter;
/**
* OncePerRequestFilter
* 确保一个请求只经过一个filter,而不需要重复执行
* @author huangdb
*
*/
public class SessionFilter extends OncePerRequestFilter{
@Override
protected void doFilterInternal(HttpServletRequest request,HttpServletResponse response, FilterChain filterChain)
throws ServletException, IOException {
System.out.println("====测试Filter功能====拦截用户登陆====");
String[] notFilter = new String[] { "login.jsp"}; // 不过滤的uri
String strUri = request.getRequestURI() ;
if( strUri.indexOf("admin")!=-1 && request.getSession().getAttribute("userSession")==null ){
//进入后台,必须先登陆
if( strUri.indexOf("login.action")==-1 && strUri.indexOf("index.action")==-1 ){//点击的是登陆页面
response.sendRedirect("login.action") ;
}else{
filterChain.doFilter(request, response);//不执行过滤,继续执行操作
return ;
}
}else{
filterChain.doFilter(request, response);//不执行过滤,继续执行操作
//filterChain.doFilter(new MyFilter((HttpServletRequest)request), response);//调用下一个filter
return ;
}
}
}
2. 在web.xml中对filter进行配置
<!-- 过滤所有对action的请求-->
<filter>
<filter-name>sessionFilter</filter-name>
<filter-class>com.ssm.blog.filter.SessionFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>sessionFilter</filter-name>
<url-pattern>*.action</url-pattern>
</filter-mapping>