关于用户登录的过滤器
```java
/**
* 登录过滤器
* 补充:过滤器的优先级,在web.xml里面的话,就是从上到下的顺序
* 如果用的是注解,那么优先级就是文件名排序(自测)
*/
@WebFilter("/*")
public class LoginFilter implements Filter {
public void destroy() {
}
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException {
//不进行登陆无法访问其他页面
//ServletRequest类下面的子类HttpServletRequest中存在获取路径的方法getRequestURI
//首先对req进行强转
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse)resp;
//获取路径
String uri = request.getRequestURI();
//如果路径中存在这些就放行,注意:将jsp、css等路径也进行过滤,不然页面显示不全
if (uri.contains("/login.html")
|| uri.contains("/loginServlet")
|| uri.contains("/checkCodeServlet")
|| uri.contains("/css/")
|| uri.contains("/fonts/")
|| uri.contains("/images/")
|| uri.contains("/js/")
|| uri.contains("/WEB-INF/")
|| uri.contains("/registerServlet")
|| uri.contains("/favicon.ico")//tomcat的LOGO,不排除会让我们多一遍session循环
) {
//放行
chain.doFilter(request, response);
} else {
//获取session,看用户是否登陆
HttpSession session = request.getSession();
Object user = session.getAttribute("user");
//登陆了进行放行操作
if (user != null) {
//用户已经登录
chain.doFilter(request, response);
} else {
//没有登陆过跳转登录页面
//用户尚未登录
response.setContentType("text/html;charset=utf-8");
response.getWriter().write("<script> alert('您尚未登录!') </script>");
//跳转
response.setHeader("Refresh","0;url='/login.html'");
// response.sendRedirect(request.getContextPath()+"/login.html");
}
}
}
public void init(FilterConfig config) throws ServletException {
}
}