1:实现一个filter要实现Filter接口,并且要在web.xml文件中配置,配置时指定过滤所有action(*.do),当然要除了login.do
2:web.xml对应配置监听器,主要是监听接收到的请求,除了login.do路径不用过滤处理,其他的都要过滤处理,如下:
<filter>
<filter-name>urlFilter</filter-name>
<filter-class>cn.hs.filter.UrlFilter</filter-class>
<init-param>
<param-name>excepUrls</param-name>
<param-value>/login.do</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>urlFilter</filter-name>
<url-pattern>*.do</url-pattern>
</filter-mapping>
类例子如下:
public class UrlFilter implements Filter {
//配置参数excepUrls(即该参数指定哪些url不用过滤)
private String excepUrls;
//过滤器有个销毁方法destroy
public void destroy() {
}
//过滤器主要过滤操作放在doFilter方法里面
public void doFilter(ServletRequest req, ServletResponse res,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpSession session = request.getSession(true);
String servletPath = request.getServletPath();//过去request的getServletPath()方法获取请求完整url
HttpServletResponse response = (HttpServletResponse) res;
String path=servletPath.substring(servletPath.lastIndexOf("/"));//通过最后一个“/”来截取最后部分路径
if(excepUrls.contains(path)||servletPath.contains("/API")){//判断是不是不用过滤的url
chain.doFilter(req, res);//是就允许通过
}else if(session.getAttribute("loginUser")==null){//判断session中是否有该用户,没有就跳回登录页面,有就通过
String returnurl = request.getContextPath();
response.sendRedirect(returnurl+"/login.html");
}else{
chain.doFilter(req, res);
}
return;
}
/*过滤器初始化方法init,主要通过配置文件获取不需要过滤的url并且进行初始化*/
public void init(FilterConfig configfile) throws ServletException {
excepUrls = configfile.getInitParameter("excepUrls");
}
}