1. Filter:
1). Filter 是什么 ?
①. JavaWEB 的一个重要组件, 可以对发送到 Servlet 的请求进行拦截, 并对响应也进行拦截.
②. Filter 是实现了 Filter 接口的 Java 类.即( implements Filter)
③. Filter 需要在 web.xml 文件中进行配置和映射. <!-- 注册 Filter --><filter>,<!-- 映射 Filter --><filter-mapping>
2). 如何创建一个 Filter, 并把他跑起来
①. 创建一个 Filter 类: 实现 Filter 接口: public class HelloFilter implements Filter
②. 在 web.xml 文件中配置并映射该 Filter. 其中 url-pattern 指定该 Filter 可以拦截哪些资源, 即可以通过哪些 url 访问到该 Filter
<!-- 注册 Filter -->
<filter>
<filter-name>helloFilter</filter-name>
<filter-class>com.atguigu.javaweb.HelloFilter</filter-class>
</filter>
<!-- 映射 Filter -->
<filter-mapping>
<filter-name>helloFilter</filter-name>
<url-pattern>/test.jsp</url-pattern>
</filter-mapping>
3). Filter 相关的 API:
创建一个HelloFilter如下:HelloFilter.java
public class HelloFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
System.out.println("init..");
}
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
System.out.println("1. Before HelloFilter's chain.doFilter ..."); //1
//и┼лл
chain.doFilter(request, response);
System.out.println("2. After HelloFilter's chain.doFilter ..."); //2
}
@Override
public void destroy() {
System.out.println("destroy...");
}
}
①. Filter 接口:
> public void init(FilterConfig filterConfig): 类似于 Servlet 的 init 方法. 在创建 Filter 对象(Filter 对象在 Servlet 容器加载当前 WEB 应用时即被创建)后,
立即被调用, 且只被调用一次. 该方法用于对当前的 Filter 进行初始化操作. Filter 实例是单例的.
* FilterConfig 类似于 ServletConfig
* 可以在 web.xml 文件中配置当前 Filter 的初始化参数. 配置方式也和 Servlet 类似。
<filter>
<filter-name>helloFilter</filter-name>
<filter-class>com.atguigu.javaweb.HelloFilter</filter-class>
<init-param>
<param-name>name</param-name>
<param-value>root</param-value>
</init-param>
</filter>
> public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain): 真正 Filter 的逻辑代码需要编写在该方法中. 每次拦截都会调用该方法.
* FilterChain: Filter 链. 多个 Filter 可以构成一个 Filter 链.
- doFilter(ServletRequest request, ServletResponse response): 把请求传给 Filter 链的下一个 Filter,
若当前 Filter 是 Filter 链的最后一个 Filter, 将把请求给到目标 Serlvet(或 JSP)
- 多个 Filter 拦截的顺序和 <filter-mapping> 配置的顺序有关, 靠前的先被调用.
> public void destroy(): 释放当前 Filter 所占用的资源的方法. 在 Filter 被销毁之前被调用, 且只被调用一次.
eg.用户登陆拦截
1.UserNameFilter.java 用户名拦截
public class UserNameFilter implements Filter {
/**
* Default constructor.
*/
public UserNameFilter() {
// TODO Auto-generated constructor stub
}
/**
* @see Filter#destroy()
*/
public void destroy() {
// TODO Auto-generated method stub
}
/**
* @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
*/
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
String initUser = filterConfig.getInitParameter("username");
String username = request.getParameter("username");
if(!initUser.equals(username)){
request.setAttribute("message", "用户名不正确");
request.getRequestDispatcher("/login.jsp").forward(request, response);
return;
}
chain.doFilter(request, response);
}
private FilterConfig filterConfig;
public void init(FilterConfig fConfig) throws ServletException {
this.filterConfig = fConfig;
}
}
2.PasswordFilter.java用户密码拦截
PasswordFilter
public class PasswordFilter implements Filter {
/**
* Default constructor.
*/
public PasswordFilter() {
// TODO Auto-generated constructor stub
}
/**
* @see Filter#destroy()
*/
public void destroy() {
// TODO Auto-generated method stub
}
/**
* @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
*/
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
String initPassword = filterConfig.getServletContext().getInitParameter("password");
String password = request.getParameter("password");
if(!initPassword.equals(password)){
request.setAttribute("message", "密码不正确");
request.getRequestDispatcher("/login.jsp").forward(request, response);
return;
}
chain.doFilter(request, response);
}
/**
* @see Filter#init(FilterConfig)
*/
private FilterConfig filterConfig;
public void init(FilterConfig fConfig) throws ServletException {
this.filterConfig = fConfig;
}
}
3.web.xml
<context-param>
<param-name>password</param-name>
<param-value>1234</param-value>
</context-param>
<filter>
<display-name>UserNameFilter</display-name>
<filter-name>UserNameFilter</filter-name>
<filter-class>com.atguigu.javaweb.UserNameFilter</filter-class>
<init-param>
<param-name>username</param-name>
<param-value>Tom</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>UserNameFilter</filter-name>
<url-pattern>/hello.jsp</url-pattern>
</filter-mapping>
<filter>
<display-name>PasswordFilter</display-name>
<filter-name>PasswordFilter</filter-name>
<filter-class>com.atguigu.javaweb.PasswordFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>PasswordFilter</filter-name>
<url-pattern>/hello.jsp</url-pattern>
</filter-mapping>
用户密码正确去hello.jsp。否则去login.jsp。
login.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
<font color="red">${message }</font>
<br><br>
<form action="hello.jsp" method="post">
username: <input type="text" name="username" value="${param.username }"/>
password: <input type="password" name="password"/>
<input type="submit" value="Submit"/>
</form>
</body>
</html>
下面hello.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
Hello: ${param.username }
</body>
</html>
begin.../接下来:自定义的 HttpFilter, 实现自 Filter 接口/
public abstract class HttpFilter implements Filter {
/**
* 用于保存 FilterConfig 对象.
*/
private FilterConfig filterConfig;
/**
* 不建议子类直接覆盖. 若直接覆盖, 将可能会导致 filterConfig 成员变量初始化失败
*/
@Override
public void init(FilterConfig filterConfig) throws ServletException {
this.filterConfig = filterConfig;
init();
}
/**
* 供子类继承的初始化方法. 可以通过 getFilterConfig() 获取 FilterConfig 对象.
*/
protected void init() {}
/**
* 直接返回 init(ServletConfig) 的 FilterConfig 对象
*/
public FilterConfig getFilterConfig() {
return filterConfig;
}
/**
* 原生的 doFilter 方法, 在方法内部把 ServletRequest 和 ServletResponse
* 转为了 HttpServletRequest 和 HttpServletResponse, 并调用了
* doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
*
* 若编写 Filter 的过滤方法不建议直接继承该方法. 而建议继承
* doFilter(HttpServletRequest request, HttpServletResponse response,
* FilterChain filterChain) 方法
*/
@Override
public void doFilter(ServletRequest req, ServletResponse resp,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) resp;
doFilter(request, response, chain);
}
/**
* 抽象方法, 为 Http 请求定制. 必须实现的方法.
* @param request
* @param response
* @param filterChain
* @throws IOException
* @throws ServletException
*/
public abstract void doFilter(HttpServletRequest request, HttpServletResponse response,
FilterChain filterChain) throws IOException, ServletException;
/**
* 空的 destroy 方法。
*/
@Override
public void destroy() {}
}
///end...///
百度经骗:http://jingyan.baidu.com/article/4dc40848bc67d0c8d846f178.html
百度经骗:http://jingyan.baidu.com/article/851fbc37c0ff2d3e1e15ab46.html
4). <dispatcher> 元素: 指定过滤器所拦截的资源被 Servlet 容器调用的方式,
可以是REQUEST,INCLUDE,FORWARD和ERROR之一,默认REQUEST.
可以设置多个<dispatcher> 子元素用来指定 Filter 对资源的多种调用方式进行拦截
①. REQUEST:当用户直接访问页面时,Web容器将会调用过滤器。如果目标资源是通过RequestDispatcher的include()或forward()方法访问时,那么该过滤器就不会被调用。
通过 GET 或 POST 请求直接访问。
②. FORWARD:如果目标资源是通过RequestDispatcher的forward()方法访问时,那么该过滤器将被调用,除此之外,该过滤器不会被调用。
或 <jsp:forward page="/..." /> 或 通过 page 指令的 errorPage 转发页面. <%@ page errorPage="test.jsp" %>
②. INCLUDE:如果目标资源是通过RequestDispatcher的include()方法访问时,那么该过滤器将被调用。除此之外,该过滤器不会被调用。
或 <jsp:include file="/..." />
④. ERROR:如果目标资源是通过声明式异常处理机制调用时,那么该过滤器将被调用。除此之外,过滤器不会被调用。
在 web.xml 文件中通过 error-page 节点进行声明:
<error-page>
<exception-type>java.lang.ArithmeticException</exception-type>
<location>/test.jsp</location>
</error-page>
<filter-mapping>
<filter-name>secondFilter</filter-name>
<url-pattern>/test.jsp</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
百度经骗:http://jingyan.baidu.com/article/1876c85292dee4890a13767c.html
http://jingyan.baidu.com/article/ed2a5d1f5e33b209f7be1746.html
1、目录:login/a.jsp,b.jsp,c.jsp,d.jsp,e.jsp,
login.jsp登录页,
doLogin.jsp 登录页,
list.jsp 列出a,b,c,d
2.web.xml
<!-- 用户信息放入到 session 中的键的名字 -->
<context-param>
<param-name>userSessionKey</param-name>
<param-value>USERSESSIONKEY</param-value>
</context-param>
<!-- 若未登录, 需重定向的页面 -->
<context-param>
<param-name>rediretPage</param-name>
<param-value>/login/login.jsp</param-value>
</context-param>
<!-- 不需要拦截(或检查)的 URL 列表 -->
<context-param>
<param-name>uncheckedUrls</param-name>
<param-value>/login/a.jsp,/login/list.jsp,/login/login.jsp,/login/doLogin.jsp,/login/b.jsp</param-value>
</context-param>
<filter>
<filter-name>loginFilter</filter-name>
<filter-class>com.atguigu.javaweb.login.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>loginFilter</filter-name>
<url-pattern>/login/*</url-pattern>
</filter-mapping>
3.LoginFilter.java
public class LoginFilter extends HttpFilter{
//1. 从 web.xml 文件中获取 sessionKey, redirectUrl, uncheckedUrls
private String sessionKey;
private String redirectUrl;
private String unchekcedUrls;
@Override
protected void init() {
ServletContext servletContext = getFilterConfig().getServletContext();
sessionKey = servletContext.getInitParameter("userSessionKey");
redirectUrl = servletContext.getInitParameter("rediretPage");
///login/a.jsp,/login/list.jsp,/login/login.jsp,/login/doLogin.jsp
unchekcedUrls = servletContext.getInitParameter("uncheckedUrls");
}
public void doFilter(HttpServletRequest request,
HttpServletResponse response, FilterChain filterChain)
throws IOException, ServletException {
//1. 获取请求的 servletPath
// /login/b.jsp
String servletPath = request.getServletPath();
//2. 检查 1 获取的 servletPath 是否为不需要检查的 URL 中的一个, 若是, 则直接放行. 方法结束
List<String> urls = Arrays.asList(unchekcedUrls.split(","));
if(urls.contains(servletPath)){
filterChain.doFilter(request, response);
return;
}
//3. 从 session 中获取 sessionKey 对应的值, 若值不存在, 则重定向到 redirectUrl
Object user = request.getSession().getAttribute(sessionKey);
if(user == null){
response.sendRedirect(request.getContextPath() + redirectUrl);
return;
}
//4. 若存在, 则放行, 允许访问.
filterChain.doFilter(request, response);
}
}
1). Filter 是什么 ?
①. JavaWEB 的一个重要组件, 可以对发送到 Servlet 的请求进行拦截, 并对响应也进行拦截.
②. Filter 是实现了 Filter 接口的 Java 类.即( implements Filter)
③. Filter 需要在 web.xml 文件中进行配置和映射. <!-- 注册 Filter --><filter>,<!-- 映射 Filter --><filter-mapping>
2). 如何创建一个 Filter, 并把他跑起来
①. 创建一个 Filter 类: 实现 Filter 接口: public class HelloFilter implements Filter
②. 在 web.xml 文件中配置并映射该 Filter. 其中 url-pattern 指定该 Filter 可以拦截哪些资源, 即可以通过哪些 url 访问到该 Filter
<!-- 注册 Filter -->
<filter>
<filter-name>helloFilter</filter-name>
<filter-class>com.atguigu.javaweb.HelloFilter</filter-class>
</filter>
<!-- 映射 Filter -->
<filter-mapping>
<filter-name>helloFilter</filter-name>
<url-pattern>/test.jsp</url-pattern>
</filter-mapping>
3). Filter 相关的 API:
创建一个HelloFilter如下:HelloFilter.java
public class HelloFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
System.out.println("init..");
}
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
System.out.println("1. Before HelloFilter's chain.doFilter ..."); //1
//и┼лл
chain.doFilter(request, response);
System.out.println("2. After HelloFilter's chain.doFilter ..."); //2
}
@Override
public void destroy() {
System.out.println("destroy...");
}
}
①. Filter 接口:
> public void init(FilterConfig filterConfig): 类似于 Servlet 的 init 方法. 在创建 Filter 对象(Filter 对象在 Servlet 容器加载当前 WEB 应用时即被创建)后,
立即被调用, 且只被调用一次. 该方法用于对当前的 Filter 进行初始化操作. Filter 实例是单例的.
* FilterConfig 类似于 ServletConfig
* 可以在 web.xml 文件中配置当前 Filter 的初始化参数. 配置方式也和 Servlet 类似。
<filter>
<filter-name>helloFilter</filter-name>
<filter-class>com.atguigu.javaweb.HelloFilter</filter-class>
<init-param>
<param-name>name</param-name>
<param-value>root</param-value>
</init-param>
</filter>
> public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain): 真正 Filter 的逻辑代码需要编写在该方法中. 每次拦截都会调用该方法.
* FilterChain: Filter 链. 多个 Filter 可以构成一个 Filter 链.
- doFilter(ServletRequest request, ServletResponse response): 把请求传给 Filter 链的下一个 Filter,
若当前 Filter 是 Filter 链的最后一个 Filter, 将把请求给到目标 Serlvet(或 JSP)
- 多个 Filter 拦截的顺序和 <filter-mapping> 配置的顺序有关, 靠前的先被调用.
> public void destroy(): 释放当前 Filter 所占用的资源的方法. 在 Filter 被销毁之前被调用, 且只被调用一次.
eg.用户登陆拦截
1.UserNameFilter.java 用户名拦截
public class UserNameFilter implements Filter {
/**
* Default constructor.
*/
public UserNameFilter() {
// TODO Auto-generated constructor stub
}
/**
* @see Filter#destroy()
*/
public void destroy() {
// TODO Auto-generated method stub
}
/**
* @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
*/
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
String initUser = filterConfig.getInitParameter("username");
String username = request.getParameter("username");
if(!initUser.equals(username)){
request.setAttribute("message", "用户名不正确");
request.getRequestDispatcher("/login.jsp").forward(request, response);
return;
}
chain.doFilter(request, response);
}
private FilterConfig filterConfig;
public void init(FilterConfig fConfig) throws ServletException {
this.filterConfig = fConfig;
}
}
2.PasswordFilter.java用户密码拦截
PasswordFilter
public class PasswordFilter implements Filter {
/**
* Default constructor.
*/
public PasswordFilter() {
// TODO Auto-generated constructor stub
}
/**
* @see Filter#destroy()
*/
public void destroy() {
// TODO Auto-generated method stub
}
/**
* @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
*/
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
String initPassword = filterConfig.getServletContext().getInitParameter("password");
String password = request.getParameter("password");
if(!initPassword.equals(password)){
request.setAttribute("message", "密码不正确");
request.getRequestDispatcher("/login.jsp").forward(request, response);
return;
}
chain.doFilter(request, response);
}
/**
* @see Filter#init(FilterConfig)
*/
private FilterConfig filterConfig;
public void init(FilterConfig fConfig) throws ServletException {
this.filterConfig = fConfig;
}
}
3.web.xml
<context-param>
<param-name>password</param-name>
<param-value>1234</param-value>
</context-param>
<filter>
<display-name>UserNameFilter</display-name>
<filter-name>UserNameFilter</filter-name>
<filter-class>com.atguigu.javaweb.UserNameFilter</filter-class>
<init-param>
<param-name>username</param-name>
<param-value>Tom</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>UserNameFilter</filter-name>
<url-pattern>/hello.jsp</url-pattern>
</filter-mapping>
<filter>
<display-name>PasswordFilter</display-name>
<filter-name>PasswordFilter</filter-name>
<filter-class>com.atguigu.javaweb.PasswordFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>PasswordFilter</filter-name>
<url-pattern>/hello.jsp</url-pattern>
</filter-mapping>
用户密码正确去hello.jsp。否则去login.jsp。
login.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
<font color="red">${message }</font>
<br><br>
<form action="hello.jsp" method="post">
username: <input type="text" name="username" value="${param.username }"/>
password: <input type="password" name="password"/>
<input type="submit" value="Submit"/>
</form>
</body>
</html>
下面hello.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
Hello: ${param.username }
</body>
</html>
begin.../接下来:自定义的 HttpFilter, 实现自 Filter 接口/
public abstract class HttpFilter implements Filter {
/**
* 用于保存 FilterConfig 对象.
*/
private FilterConfig filterConfig;
/**
* 不建议子类直接覆盖. 若直接覆盖, 将可能会导致 filterConfig 成员变量初始化失败
*/
@Override
public void init(FilterConfig filterConfig) throws ServletException {
this.filterConfig = filterConfig;
init();
}
/**
* 供子类继承的初始化方法. 可以通过 getFilterConfig() 获取 FilterConfig 对象.
*/
protected void init() {}
/**
* 直接返回 init(ServletConfig) 的 FilterConfig 对象
*/
public FilterConfig getFilterConfig() {
return filterConfig;
}
/**
* 原生的 doFilter 方法, 在方法内部把 ServletRequest 和 ServletResponse
* 转为了 HttpServletRequest 和 HttpServletResponse, 并调用了
* doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
*
* 若编写 Filter 的过滤方法不建议直接继承该方法. 而建议继承
* doFilter(HttpServletRequest request, HttpServletResponse response,
* FilterChain filterChain) 方法
*/
@Override
public void doFilter(ServletRequest req, ServletResponse resp,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) resp;
doFilter(request, response, chain);
}
/**
* 抽象方法, 为 Http 请求定制. 必须实现的方法.
* @param request
* @param response
* @param filterChain
* @throws IOException
* @throws ServletException
*/
public abstract void doFilter(HttpServletRequest request, HttpServletResponse response,
FilterChain filterChain) throws IOException, ServletException;
/**
* 空的 destroy 方法。
*/
@Override
public void destroy() {}
}
///end...///
百度经骗:http://jingyan.baidu.com/article/4dc40848bc67d0c8d846f178.html
百度经骗:http://jingyan.baidu.com/article/851fbc37c0ff2d3e1e15ab46.html
4). <dispatcher> 元素: 指定过滤器所拦截的资源被 Servlet 容器调用的方式,
可以是REQUEST,INCLUDE,FORWARD和ERROR之一,默认REQUEST.
可以设置多个<dispatcher> 子元素用来指定 Filter 对资源的多种调用方式进行拦截
①. REQUEST:当用户直接访问页面时,Web容器将会调用过滤器。如果目标资源是通过RequestDispatcher的include()或forward()方法访问时,那么该过滤器就不会被调用。
通过 GET 或 POST 请求直接访问。
②. FORWARD:如果目标资源是通过RequestDispatcher的forward()方法访问时,那么该过滤器将被调用,除此之外,该过滤器不会被调用。
或 <jsp:forward page="/..." /> 或 通过 page 指令的 errorPage 转发页面. <%@ page errorPage="test.jsp" %>
②. INCLUDE:如果目标资源是通过RequestDispatcher的include()方法访问时,那么该过滤器将被调用。除此之外,该过滤器不会被调用。
或 <jsp:include file="/..." />
④. ERROR:如果目标资源是通过声明式异常处理机制调用时,那么该过滤器将被调用。除此之外,过滤器不会被调用。
在 web.xml 文件中通过 error-page 节点进行声明:
<error-page>
<exception-type>java.lang.ArithmeticException</exception-type>
<location>/test.jsp</location>
</error-page>
<filter-mapping>
<filter-name>secondFilter</filter-name>
<url-pattern>/test.jsp</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
百度经骗:http://jingyan.baidu.com/article/1876c85292dee4890a13767c.html
http://jingyan.baidu.com/article/ed2a5d1f5e33b209f7be1746.html
1、目录:login/a.jsp,b.jsp,c.jsp,d.jsp,e.jsp,
login.jsp登录页,
doLogin.jsp 登录页,
list.jsp 列出a,b,c,d
2.web.xml
<!-- 用户信息放入到 session 中的键的名字 -->
<context-param>
<param-name>userSessionKey</param-name>
<param-value>USERSESSIONKEY</param-value>
</context-param>
<!-- 若未登录, 需重定向的页面 -->
<context-param>
<param-name>rediretPage</param-name>
<param-value>/login/login.jsp</param-value>
</context-param>
<!-- 不需要拦截(或检查)的 URL 列表 -->
<context-param>
<param-name>uncheckedUrls</param-name>
<param-value>/login/a.jsp,/login/list.jsp,/login/login.jsp,/login/doLogin.jsp,/login/b.jsp</param-value>
</context-param>
<filter>
<filter-name>loginFilter</filter-name>
<filter-class>com.atguigu.javaweb.login.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>loginFilter</filter-name>
<url-pattern>/login/*</url-pattern>
</filter-mapping>
3.LoginFilter.java
public class LoginFilter extends HttpFilter{
//1. 从 web.xml 文件中获取 sessionKey, redirectUrl, uncheckedUrls
private String sessionKey;
private String redirectUrl;
private String unchekcedUrls;
@Override
protected void init() {
ServletContext servletContext = getFilterConfig().getServletContext();
sessionKey = servletContext.getInitParameter("userSessionKey");
redirectUrl = servletContext.getInitParameter("rediretPage");
///login/a.jsp,/login/list.jsp,/login/login.jsp,/login/doLogin.jsp
unchekcedUrls = servletContext.getInitParameter("uncheckedUrls");
}
public void doFilter(HttpServletRequest request,
HttpServletResponse response, FilterChain filterChain)
throws IOException, ServletException {
//1. 获取请求的 servletPath
// /login/b.jsp
String servletPath = request.getServletPath();
//2. 检查 1 获取的 servletPath 是否为不需要检查的 URL 中的一个, 若是, 则直接放行. 方法结束
List<String> urls = Arrays.asList(unchekcedUrls.split(","));
if(urls.contains(servletPath)){
filterChain.doFilter(request, response);
return;
}
//3. 从 session 中获取 sessionKey 对应的值, 若值不存在, 则重定向到 redirectUrl
Object user = request.getSession().getAttribute(sessionKey);
if(user == null){
response.sendRedirect(request.getContextPath() + redirectUrl);
return;
}
//4. 若存在, 则放行, 允许访问.
filterChain.doFilter(request, response);
}
}
1844
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
