http://mgc.name/article.asp?id=124
使用Servlet过滤器验证Session
登录模块至少需要以下几个页面:
JSP模块:
1.输入用户信息页面(login.jsp);
2.登录成功欢迎页面(pass.jsp)(检查Session设置);
3.注销登录页面(logout.jsp)。
Servlet模块:
1.检查Cookie页面(index.mgc)(servlet:CheckCookie.java);
2.用户合法性验证页面(check.mgc)(servlet:CheckMember.java);
Filter模块:
验证Session(SessionFilter.java);
DAO模块:
1.VO对象类(Member.java);
2.数据库操作接口类(MemberDAO.java);
3.数据库连接类(DataBaseConnection.java);
4.数据库操作类(DAOMemberImpl.java);
5.工厂类(DAOFactory.java)。
数据库:member.mdb
结构图:
---------------------------------------------------------------------
index.mgc
|
|判断Cookie中有无用户名、密码
----------------------
| Y N |
| V
| login.jsp<--------------------
| |输入用户名、密码 |
| V |
---------------->check.mgc |
|调用DAO模块 |
查询数据库 V |
member.mdb<--->DAO |
|返回结果 |
V |
check.mgc |
|判断用户是否合法 |
--------------------- |
| Y N | |
V V |
pass.jsp 跳转--------------->|
| |
| 检查session是否含有用户名 |
----------------- |
| Y N | |
V V |
pass.jsp 跳转------------------------->|
| |
|注销 |
V |
logout.jsp------------------------------------>|
---------------------------------------------------------------------
CheckCookie.java:
01.
package
mgc.login.mvc.servlet;
02.
03.
import
java.io.*;
04.
import
javax.servlet.*;
05.
import
javax.servlet.http.*;
06.
import
mgc.dao.login.member.*;
07.
08.
public
class
CheckCookie
extends
HttpServlet {
09.
10.
11.
public
void
doGet(HttpServletRequest request, HttpServletResponse response)
throws
ServletException, IOException {
12.
13.
this
.doPost(request, response);
14.
}
15.
public
void
doPost(HttpServletRequest request, HttpServletResponse response)
throws
ServletException, IOException {
16.
17.
String username=
null
;
18.
String password=
null
;
19.
//取得Cookie的全部属性
20.
Cookie c[]=request.getCookies();
21.
int
i;
22.
for
(i=
0
;i<c.length;i++) {
23.
24.
if
(
"username"
.equals(c[i].getName())) {
25.
26.
//Cookie中有用户名,保存
27.
username=c[i].getValue();
28.
}
29.
if
(
"password"
.equals(c[i].getName())) {
30.
31.
//Cookie中有密码,保存
32.
password=c[i].getValue();
33.
}
34.
}
35.
if
(username!=
null
&& password!=
null
) {
36.
37.
//Cookie中含有用户名和密码,提交跳转到用户验证页面
38.
request.setAttribute(
"username"
, username);
39.
request.setAttribute(
"password"
,password);
40.
request.getRequestDispatcher(
"check.mgc"
).forward(request,response);
41.
}
42.
else
{
43.
44.
//Cookie中没有用户名、密码,跳转到登录页面
45.
response.sendRedirect(
"login.jsp"
);
46.
}
47.
}
48.
49.
}
login.jsp:
01.
<%@ page contentType="text/html;charset=GB2312" %>
02.
<%@ page import="java.util.*" %>
03.
<
html
>
04.
<
head
>
05.
<
title
>登录</
title
>
06.
</
head
>
07.
08.
<
body
>
09.
<
center
>
10.
<
h1
>登录页面</
h1
>
11.
<
hr
>
12.
<%
13.
//接收错误信息
14.
List errors=(List)request.getAttribute("errors");
15.
if(errors!=null) {
16.
17.
//有错误信息,全部打印
18.
Iterator iter=errors.iterator();
19.
while(iter.hasNext()) {
20.
21.
%>
22.
<
h4
><
font
color
=
"red"
>*<%=iter.next() %></
font
></
h4
>
23.
<%
24.
}
25.
}
26.
%>
27.
<
form
action
=
"check.mgc"
method
=
"post"
>
28.
<
table
>
29.
<
tr
>
30.
<
td
>用户名:</
td
>
31.
<
td
><
input
type
=
"text"
name
=
"username"
value
=
"${member.username } "
/></
td
>
32.
</
tr
>
33.
<
tr
>
34.
<
td
>密 码:</
td
>
35.
<
td
><
input
type
=
"password"
name
=
"password"
/></
td
>
36.
</
tr
>
37.
<
tr
>
38.
<
td
>Cookie选项:</
td
>
39.
<
td
>
40.
<
input
type
=
"radio"
name
=
"cookie"
value
=
"nosave"
checked>不保存
41.
<
input
type
=
"radio"
name
=
"cookie"
value
=
"save"
>保存1分钟
42.
</
td
>
43.
</
tr
>
44.
<
tr
>
45.
<
td
colspan
=
"2"
align
=
"center"
>
46.
<
input
type
=
"submit"
value
=
"登录"
/>
47.
<
input
type
=
"reset"
value
=
"重置"
/>
48.
</
td
>
49.
</
tr
>
50.
</
table
>
51.
</
form
>
52.
</
center
>
53.
</
body
>
54.
</
html
>
CheckMember.java:
01.
package
mgc.login.mvc.servlet;
02.
03.
import
java.io.*;
04.
import
java.util.*;
05.
import
javax.servlet.*;
06.
import
javax.servlet.http.*;
07.
import
mgc.login.mvc.vo.*;
08.
import
mgc.login.mvc.factory.*;
09.
10.
public
class
CheckMember
extends
HttpServlet {
11.
12.
13.
public
void
doGet(HttpServletRequest request, HttpServletResponse response)
throws
ServletException, IOException {
14.
15.
this
.doPost(request, response);
16.
}
17.
public
void
doPost(HttpServletRequest request, HttpServletResponse response)
throws
ServletException, IOException {
18.
19.
String username=request.getParameter(
"username"
);
20.
String password=request.getParameter(
"password"
);
21.
String savecookie=request.getParameter(
"cookie"
);
22.
List errors=
new
ArrayList();
23.
Member mem=
new
Member();
24.
mem.setUsername(username);
25.
mem.setPassword(password);
26.
mem.setErrors(errors);
27.
String path=
"login.jsp"
;
28.
if
(!mem.isEmpty()) {
29.
30.
//用户名、密码不为空,验证
31.
try
{
32.
33.
//判断用户名、密码的合法性
34.
if
(DAOFactory.getMemberInstance().isUser(mem))
35.
{
36.
//合法用户
37.
//设置跳转页面为欢迎页面
38.
path=
"pass.jsp"
;
39.
//设置session属性
40.
request.getSession().setAttribute(
"username"
,mem.getUsername());
41.
if
(
"save"
.equals(savecookie)) {
42.
43.
//如果选择了保存Cookie选项,则保存Cookie
44.
Cookie c1=
new
Cookie(
"username"
,mem.getUsername());
45.
Cookie c2=
new
Cookie(
"password"
,mem.getPassword());
46.
//设置Cookie保存时间为1分钟
47.
c1.setMaxAge(
60
);
48.
c2.setMaxAge(
60
);
49.
response.addCookie(c1);
50.
response.addCookie(c2);
51.
}
52.
}
53.
else
{
54.
55.
errors.add(
"用户名或密码错误!"
);
56.
}
57.
}
58.
catch
(Exception e) {
59.
60.
System.out.println(e);
61.
}
62.
}
63.
//保存错误信息
64.
request.setAttribute(
"errors"
, errors);
65.
//保存用户信息
66.
request.setAttribute(
"member"
, mem);
67.
//跳转
68.
request.getRequestDispatcher(path).forward(request, response);
69.
}
70.
}
pass.jsp:
01.
<%@ page contentType="text/html;charset=GB2312" %>
02.
<
html
>
03.
<
head
>
04.
<
title
>登录成功</
title
>
05.
</
head
>
06.
07.
<
body
>
08.
<
center
>
09.
<
h1
>登录成功!!</
h1
>
10.
<
hr
>
11.
<
h3
>欢迎<
font
size
=
"12"
color
=
"red"
>
12.
<%--forward跳转为服务器端跳转,跳转后仍在check.jsp页面,可以继续使用usename参数 --%>
13.
<%=request.getParameter("username") %>
14.
</
font
>光临!</
h3
>
15.
<
p
>
16.
<
a
href
=
"logout.jsp"
>注销登录</
a
>
17.
</
center
>
18.
</
body
>
19.
</
html
>
logout.jsp:
01.
<%@ page contentType="text/html;charset=GB2312" %>
02.
<
html
>
03.
<
head
>
04.
<
title
>注销登录</
title
>
05.
</
head
>
06.
07.
<
body
>
08.
<%
09.
//使session失效
10.
session.invalidate();
11.
%>
12.
<
center
>
13.
<
h1
>注销成功!</
h1
>
14.
3秒后跳转到登录页面
15.
<
p
>
16.
如果没有跳转,请点<
a
href
=
"login.jsp"
>这里</
a
>
17.
<%
18.
response.setHeader("refresh","3;URL=login.jsp");
19.
%>
20.
</
center
>
21.
</
body
>
22.
</
html
>
SessionFilter.java:
01.
package
mgc.filter.test;
02.
03.
import
java.io.*;
04.
import
javax.servlet.*;
05.
import
javax.servlet.http.*;
06.
07.
public
class
SessionFilter
implements
Filter {
08.
09.
public
void
init(FilterConfig conf)
throws
ServletException {
10.
11.
}
12.
13.
public
void
doFilter(ServletRequest request,ServletResponse response,FilterChain chain )
throws
IOException,ServletException {
14.
15.
HttpServletRequest req = (HttpServletRequest) request;
16.
String username = (String)req.getSession().getAttribute(
"username"
);
17.
if
(username!=
null
) {
18.
19.
//Session中含有用户名
20.
chain.doFilter(request, response);
21.
}
22.
else
{
23.
24.
//Session中没有用户名,跳转到登录页面
25.
req.getRequestDispatcher(
"login.jsp"
).forward(request, response);
26.
}
27.
}
28.
29.
public
void
destroy() {
30.
31.
}
32.
}
Member.java:
01.
package
mgc.login.mvc.vo;
02.
03.
import
java.util.*;
04.
05.
public
class
Member {
06.
07.
private
String username;
08.
private
String password;
09.
private
List errors;
10.
11.
public
void
setUsername(String username) {
12.
13.
this
.username=username;
14.
}
15.
16.
public
void
setPassword(String password) {
17.
18.
this
.password=password;
19.
}
20.
21.
public
void
setErrors(List errors) {
22.
23.
this
.errors=errors;
24.
}
25.
26.
public
String getUsername() {
27.
28.
return
this
.username;
29.
}
30.
31.
public
String getPassword() {
32.
33.
return
this
.password;
34.
}
35.
36.
public
List getErrors() {
37.
38.
return
this
.errors;
39.
}
40.
41.
public
boolean
isEmpty() {
42.
43.
boolean
iserror=
false
;
44.
if
(
this
.username==
null
||
""
.equals(
this
.username)) {
45.
46.
iserror=
true
;
47.
this
.errors.add(
"用户名不能为空!"
);
48.
}
49.
if
(
this
.password==
null
||
""
.equals(
this
.password)) {
50.
51.
iserror=
true
;
52.
this
.errors.add(
"密码不能为空!"
);
53.
}
54.
return
iserror;
55.
}
56.
57.
}
MemberDAO.java:
1.
package
mgc.login.mvc.dao;
2.
3.
import
mgc.login.mvc.vo.*;
4.
5.
public
interface
MemberDAO {
6.
//判断用户是否合法
7.
public
boolean
isUser(Member member)
throws
Exception;
8.
}
DataBaseConnection.java:
01.
package mgc.login.mvc.dbc;
02.
03.
import java.sql.*;
04.
import java.sql.DriverManager;
05.
06.
public class DataBaseConnection {
07.
08.
private final String DBDRIVER="sun.jdbc.odbc.JdbcOdbcDriver";
09.
private final String DBURL="jdbc:odbc:member";
10.
private Connection conn=null;
11.
12.
public DataBaseConnection() {
13.
try{
14.
Class.forName(DBDRIVER);
15.
this.conn=DriverManager.getConnection(DBURL);
16.
}
17.
catch(Exception e){}
18.
}
19.
20.
public Connection getConnection() {
21.
return this.conn;
22.
}
23.
24.
public void close() {
25.
try{
26.
this.conn.close();
27.
}
28.
catch(Exception e){}
29.
}
30.
}
DAOMemberImpl.java:
01.
package
mgc.login.mvc.impl;
02.
03.
import
java.sql.*;
04.
import
mgc.login.mvc.vo.*;
05.
import
mgc.login.mvc.dao.*;
06.
import
mgc.login.mvc.dbc.*;
07.
08.
public
class
MemberDAOImpl
implements
MemberDAO {
09.
public
boolean
isUser(Member member)
throws
Exception {
10.
//设置标志,判断数据库中是否有符合查询条件的记录,true表示有,false表示没有
11.
boolean
is_user=
false
;
12.
String sql=
"Select * FROM member Where username=? AND password=?"
;
13.
PreparedStatement pstmt=
null
;
14.
ResultSet rs=
null
;
15.
DataBaseConnection dbc=
null
;
16.
try
{
17.
dbc=
new
DataBaseConnection();
18.
pstmt=dbc.getConnection().prepareStatement(sql);
19.
pstmt.setString(
1
, member.getUsername());
20.
pstmt.setString(
2
, member.getPassword());
21.
rs=pstmt.executeQuery();
22.
if
(rs.next()){
23.
//有符合查询条件的记录
24.
is_user=
true
;
25.
}
26.
rs.close();
27.
pstmt.close();
28.
}
29.
catch
(Exception e){
30.
throw
new
Exception(
"数据库操作失败"
);
31.
}
32.
finally
{
33.
dbc.close();
34.
}
35.
return
is_user;
36.
}
37.
}
DAOFactory.java:
01.
package
mgc.login.mvc.factory;
02.
03.
import
mgc.login.mvc.dao.*;
04.
import
mgc.login.mvc.impl.*;
05.
06.
public
class
DAOFactory {
07.
public
static
MemberDAO getMemberInstance() {
08.
return
new
MemberDAOImpl();
09.
}
10.
}
web.xml:
01.
<
servlet
>
02.
<
servlet-name
>CheckCookie</
servlet-name
>
03.
<
servlet-class
>mgc.login.mvc.servlet.CheckCookie</
servlet-class
>
04.
</
servlet
>
05.
<
servlet
>
06.
<
servlet-name
>CheckMember</
servlet-name
>
07.
<
servlet-class
>mgc.login.mvc.servlet.CheckMember</
servlet-class
>
08.
</
servlet
>
09.
<
filter
>
10.
<
filter-name
>SessionFilter</
filter-name
>
11.
<
filter-class
>mgc.filter.test.SessionFilter</
filter-class
>
12.
</
filter
>
13.
14.
<
servlet-mapping
>
15.
<
servlet-name
>CheckCookie</
servlet-name
>
16.
<
url-pattern
>/login/filter/index.mgc</
url-pattern
>
17.
</
servlet-mapping
>
18.
<
servlet-mapping
>
19.
<
servlet-name
>CheckMember</
servlet-name
>
20.
<
url-pattern
>/login/filter/check.mgc</
url-pattern
>
21.
</
servlet-mapping
>
22.
<
filter-mapping
>
23.
<
filter-name
>SessionFilter</
filter-name
>
24.
<
url-pattern
> /login/filter/pass.jsp</
url-pattern
>
25.
</
filter-mapping
>