最近做项目用到了servlet的过滤器,发现如果仅仅只是从web.xml文件上配置不够灵活,很难达到项目要求,用户体验度也不好,故在配置文件中加上过滤应用全局:
只放行和登录模块相关的资源,如下:
<filter>
<filter-name>Limit</filter-name>
<filter-class>com.spditir.filter.LimitFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>Limit</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
只放行和登录模块相关的资源,如下:
package com.speed.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/*
* 安全过滤器修正v1版本
* 功能:只允许登录过的用户访问资源
*/
public class LimitFilter implements Filter {
FilterConfig filterconfig;
public void init(FilterConfig arg0) throws ServletException {
filterconfig = arg0;
}
public void doFilter(ServletRequest arg0, ServletResponse arg1,
FilterChain arg2) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) arg0;
HttpServletResponse response = (HttpServletResponse) arg1;
String request_uri = request.getRequestURI();
String ctx_path = request.getContextPath();
if(request_uri.substring(ctx_path.length()).equals("/loginFailure.jsp")
|| request_uri.substring(ctx_path.length()).equals("/")
|| request_uri.substring(ctx_path.length()).equals("/validateCode.action")
|| request_uri.substring(ctx_path.length()).equals("/loginByForm.jsp")
|| request_uri.substring(ctx_path.length()).equals("/userMgr.action"))
{
System.out.println("------filter输出------安全验证登录通过uri:"+request_uri);
arg2.doFilter(arg0, arg1);
}else if(request_uri.substring(ctx_path.length()).equals("/images/login2.jpg")
||request_uri.substring(ctx_path.length()).equals("/images/enter.gif")
||request_uri.substring(ctx_path.length()).equals("/images/reset.gif")
||request_uri.substring(ctx_path.length()).equals("/images/shutdown.jpg")){
arg2.doFilter(arg0, arg1);
}else{
if (request.getSession().getAttribute("USER_INFO") == null) {
response.setCharacterEncoding("utf-8");
System.out.println(ctx_path+"/loginFailure.jsp");
response.sendRedirect(ctx_path+"/loginFailure.jsp");
return;
} else {
arg2.doFilter(arg0, arg1);
}
}
}
public void destroy() {
}
}