在Web工程中,某些页面或Servlet 只有用户登录成功才能访问。如果直接在应用程序每个相关的源代码中判断用户是否登录成功,并不是科学的做法。这时可以实现一个登录验证过滤器,不用在每个相关的源代码中验证用户是否登录成功。
新建一个 Web工程loginValidate,在该Web工程中至少编写两个JSP页面:login.jsp与loginSuccess.jsp, 一个Servlet (由LoginServlet.java负责创建)。用户在loginjsp页面中输入用户名和密码后,提交给Servlet, 在Servlet中判断用户名和密码是否正确,若正确跳转到gnccssiss若错误回到lginjisp页面。但该Web工程有另外一一个要求:除了访问lgnjsp页面和LoginServlet 以外,别的页面或Servlet 都不能直接访问,必须先登录成功才能访问。在设计这个Web工程时,编写了一个登录验证过滤器并在该 Web工程中使用。页面运行效果如下:
代码如下:
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>login.jsp</title>
</head>
<body bgcolor="lightblue">
<form action="loginServlet" method="post">
<table>
<tr>
<td>用户名:</td>
<td><input type="text" name="name"/></td>
</tr>
<tr>
<td>密 码:</td>
<td><input type="password" name="pwd"></td>
</tr>
<tr>
<td><input type="submit" value="提交"/></td>
<td><input type="reset" value="重置"/></td>
</tr>
</table>
</form>
</body>
</html>
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Insert title here</title>
</head>
<body>
<%String username=(String)session.getAttribute("user"); %>
恭喜<%=username %>登陆成功!
</body>
</html>
package servlet;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
@WebServlet(name = "loginServlet", urlPatterns = { "/loginServlet" })
public class LoginServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String username=request.getParameter("name");
String password=request.getParameter("pwd");
if("filter".equals(username)&&"filter".equals(password)) {
HttpSession session=request.getSession(true);
session.setAttribute("user",username);
response.sendRedirect("loginSuccess.jsp");
}
else {
response.sendRedirect("login.jsp");
}
}
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doPost(request, response);
}
}
package filter;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
@WebFilter(filterName="loginFilter",urlPatterns= {"/*"})
public class LoginFilter implements Filter {
public void destroy() {
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest req=(HttpServletRequest) request;
HttpServletResponse resp=(HttpServletResponse) response;
HttpSession session=req.getSession(true);
resp.setContentType("text/html;");
resp.setCharacterEncoding("UTF-8");
PrintWriter out=resp.getWriter();
//得到用户请求的URL
String request_uri=req.getRequestURI();
//得到web应用程序的上下文路径
String ctxPath=req.getContextPath();
//去除上下文路径,得到剩余路径
String uri=request_uri.substring(ctxPath.length());
//登陆页面或servlet不拦截
if(uri.contains("login.jsp")||uri.contains("loginServlet")) {
chain.doFilter(request, response);
}else {
//判断用户是否已经登录
if(null!=session.getAttribute("user")) {
//执行下一个过滤器
chain.doFilter(request,response);
}else {
out.println("您没有登陆,请先登录!3秒后回到登陆页面。");
resp.setHeader("refresh","3;url="+ctxPath+"/login.jsp");
return;
}
}
}
public void init(FilterConfig fConfig) throws ServletException {
}
}