本文主要使用java web的HttpSessionAttributeListener监听器监听当前登录的用户,总体思路就是用户登录的时候讲登录信息存到session当中,监听器监听到session当中增加了这个属性之后就将当前登录人的信息存到上下文当中,当用户退出或者session失效的时候,监听器同样会监听到这一动作,把上下文当中的这个用户信息删除即可........以下是代码实现:
1.maven依赖:
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
<version>2.5</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>1.2.16</version>
</dependency>
<dependency>
<groupId>jstl</groupId>
<artifactId>jstl</artifactId>
<version>1.2</version>
</dependency>
2.监听器实现
@SuppressWarnings("unchecked")
public class SessionListener implements ServletContextListener,HttpSessionAttributeListener{
private final Logger logger = Logger.getLogger(SessionListener.class);
private ServletContext context = null;
private Map<String,User> users = null;
@Override
public void contextInitialized(ServletContextEvent sce) {
//容器初始化的时候实例化servlet上下文
context = sce.getServletContext();
logger.info("servlet上下文初始化成功:"+context);
}
@Override
public void contextDestroyed(ServletContextEvent sce) {
}
@Override
public void attributeAdded(HttpSessionBindingEvent se) {
if(se.getName().equals("user")){
//如果增加的属性名是user,即用户登录
users = (Map<String, User>) context.getAttribute("loginUsers");
//部署后用户访问的第一次肯定是没有用户登录过,此时users为空
if(users==null){
users = new HashMap<String,User>();
}
logger.info("用户登录:"+((User)se.getValue()).getUsername()+"["+se.getSession().getId()+"]");
if(se.getName().equals("user")){
users.put(se.getSession().getId(),(User)se.getValue());
context.setAttribute("loginUsers", users);
}
}
}
//如果后端到用的是session.removeAttribute("user")方法,此方法就执行
@Override
public void attributeRemoved(HttpSessionBindingEvent se) {
/**
* session失效的时候会自动把里面的属性给删除
*/
if(se.getName().equals("user")){
users = (Map<String, User>) context.getAttribute("loginUsers");
if(users==null){
return;
}
logger.info("sessionId为:"+"["+se.getSession().getId()+"]的用户退出");
users.remove(se.getSession().getId());
context.setAttribute("loginUsers", users);
}
}
//如果后端用的是session.setAttribute("user", null),此方法执行
@Override
public void attributeReplaced(HttpSessionBindingEvent se) {
users = (Map<String, User>) context.getAttribute("loginUsers");
if(users==null){
return;
}
users.remove(se.getSession().getId());
context.setAttribute("loginUsers", users);
logger.info("sessionId为:"+"["+se.getSession().getId()+"]的用户退出");
}
}
3.拦截器
/**
* 登录拦截器
*
*/
public class LoginFilter implements Filter{
private String[] excludePaths;
@Override
public void init(FilterConfig filterConfig) throws ServletException {
//读取配置参数,获取哪些路径(一般的话配置正则表达式,这里简单起见,直接就是路径)不用拦截,即用户不用登录就可以访问
String excludePath = filterConfig.getInitParameter("excludePath");
if(excludePath!=null){
excludePaths = excludePath.split(",");
}
}
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest)request;
String uri = req.getRequestURI();
//获取访问路径,都不是以/开头的
String path = uri.substring(uri.lastIndexOf("/")+1);
//如果不为空,说明excludePaths里面的路径不用用户登录也能访问,此时直接放行
if(excludePaths!=null){
//遍历excludePaths
for(String excludePath:excludePaths){
//一旦包含这个访问路径path,就直接放行,不用再加判断
if(path.equals(excludePath)){
chain.doFilter(request, response);
return;
}
}
}
User user = (User)req.getSession().getAttribute("user");
//如果用户没有登录,转到登录页面,否者直接放行
if(user==null){
req.getRequestDispatcher("WEB-INF/index.jsp").forward(request, response);
return;
}
chain.doFilter(request, response);
}
@Override
public void destroy() {
}
}
4.servlet
@SuppressWarnings("unchecked")
public class LoginServlet extends HttpServlet{
/**
*
*/
private static final long serialVersionUID = 970880893259656613L;
@Override
protected void service(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
req.setCharacterEncoding("UTF-8");
String uri = req.getRequestURI();
//获取访问路径,一个servlet处理多种请求
String path = uri.substring(uri.lastIndexOf("/"));
HttpSession session = null;
//访问路径为loginInput.do,就转到登录页面
if("/loginInput.do".equals(path)){
req.getRequestDispatcher("WEB-INF/index.jsp").forward(req, resp);
return;
}
//用户登录
if("/login.do".equals(path)){
/**
* 一般情况下,这里都是查询数据库去判断用户名,密码是否正确,这里为了简便,就直接忽略这一步,
*/
String username = req.getParameter("username");
//用户名如果为空,直接转到登录页面
if(username==null||"".equals(username)){
req.getRequestDispatcher("WEB-INF/index.jsp").forward(req, resp);
return;
}
session = req.getSession();
ServletContext context = session.getServletContext();
Map<String,User> users = (Map<String,User>)context.getAttribute("loginUsers");
/**
* 判断该用户是否已经在线,如果在线,就不进行任何操作
*/
if(users!=null&&users.containsKey(session.getId())){
req.getRequestDispatcher("WEB-INF/success.jsp").forward(req, resp);
return;
}
String password = req.getParameter("password");
User user = new User(username,password);
session.setAttribute("user", user);
req.getRequestDispatcher("WEB-INF/success.jsp").forward(req, resp);
return;
}
session = req.getSession();
//用户退出
if("/logout.do".equals(path)){
//将session里面保存的信息移除,或者调用setAttribute("user", null);
session.removeAttribute("user");
req.getRequestDispatcher("WEB-INF/index.jsp").forward(req, resp);
return;
}
}
}
5.log4j配置
log4j.rootLogger=info, stdout
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.Target=System.out
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern=%d{ABSOLUTE} %5p %c{1}:%L - %m%n
6.web.xml
<listener>
<listener-class>cn.edu.hbut.zw.listener.SessionListener</listener-class>
</listener>
<filter>
<filter-name>loginFilter</filter-name>
<filter-class>cn.edu.hbut.zw.filter.LoginFilter</filter-class>
<!-- 初始参数,对loginInput.do和login.do的路径不用进行用户登录验证 -->
<init-param>
<param-name>excludePath</param-name>
<param-value>loginInput.do,login.do</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>loginFilter</filter-name>
<!-- 对访问login的servlet进行过滤 -->
<servlet-name>login</servlet-name>
</filter-mapping>
<servlet>
<servlet-name>login</servlet-name>
<servlet-class>cn.edu.hbut.zw.servlet.LoginServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>login</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
<!-- session失效时间 -->
<session-config>
<session-timeout>2</session-timeout>
</session-config>
7.WEB-INF下的页面
1)index.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
<form action="login.do" method="post">
<table width="300px" height="150px" cellpadding="0" cellspacing="0" style="margin:200px auto;">
<tr >
<td>用户名:</td>
<td><input type="text" name="username"/></td>
</tr>
<tr>
<td>密码:</td>
<td><input type="password" name="password"/></td>
</tr>
<tr>
<td colspan="2" style="text-align: center"><input type="submit" value="提交"/></td>
</tr>
</table>
</form>
</body>
</html>
2)success.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<%@taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
<style type="text/css">
td{
border: 1px solid silver;
}
</style>
</head>
<body>
<table width="700px" height="150px" cellpadding="0" cellspacing="0" style="margin:200px auto;text-align: center;">
<tr>
<td width="40%">当前登录用户:</td>
<td width="20%">${user.username}</td>
<td width="20%"><a href="logout.do">退出</a></td>
</tr>
<tr >
<td colspan="4" style="text-align: center">当前在线人数如下</td>
</tr>
<tr >
<td>sessionId</td>
<td>用户名</td>
<td>密码</td>
</tr>
<c:forEach items="${loginUsers}" var="loginUser">
<tr>
<td>${loginUser.key}</td>
<td>${loginUser.value.username}</td>
<td>${loginUser.value.password}</td>
</tr>
</c:forEach>
</table>
</body>
</html>
8.访问localhost:port/servlet/loginInput.do即可.................