在过滤器Filter中:
package filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.log4j.Logger;
import entity.Users;
/**
* 访问控制
* @author miao
*
*/
public class AuthenticationFilter implements Filter {
// Log4j,记录日志
private static Logger log = Logger.getLogger(AuthenticationFilter.class);
public void destroy() {
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
String path = req.getServletPath();
//如下地址不用经过过滤器
if (path.endsWith("/Login") || path.endsWith("/login.jsp") || path.endsWith(".css") || path.endsWith(".js")) {
chain.doFilter(request, response);
} else {
HttpSession session = req.getSession();
Users user = (Users) session.getAttribute("loginUser");
if (user == null) {
log.debug("用户在会话中不存在");
req.getRequestDispatcher("login.jsp").forward(request, response);
} else {
chain.doFilter(request, response);
}
}
}
public void init(FilterConfig config) throws ServletException {
}
}
在web.xml配置文件中:
<filter>
<display-name>访问控制</display-name>
<filter-name>AuthenticationFilter</filter-name>
<filter-class>filter.AuthenticationFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>