使用fliter定义权限拦截(例如:提交订单,我的订单 没有登录前不允许访问)
1.新建UserLoginPrivilegeFilter类
public class UserLoginPrivilegeFilter implements Filter {
public void destroy() {
}
//过滤 没有登录的用户
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest req= (HttpServletRequest) request;
HttpServletResponse res= (HttpServletResponse) response;
HttpSession session=req.getSession();
User user=(User) session.getAttribute("user");
if(user==null){
res.sendRedirect(req.getContextPath()+"/login.jsp");
return;
}
chain.doFilter(request, response);
}
public void init(FilterConfig fConfig) throws ServletException {
}
}
2.web.xml文件 表示:所有/privilege/* 打头请求的路径都要经过拦截器
<filter>
<display-name>UserLoginPrivilegeFilter</display-name>
<filter-name>UserLoginPrivilegeFilter</filter-name>
<filter-class>com.yinhe.web.filter.UserLoginPrivilegeFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>UserLoginPrivilegeFilter</filter-name>
<url-pattern>/privilege/*</url-pattern>
</filter-mapping>
例如:order订单处理器 修改请求路径
<servlet>
<description></description>
<display-name>OrderServlet</display-name>
<servlet-name>OrderServlet</servlet-name>
<servlet-class>com.yinhe.web.servlet.OrderServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>OrderServlet</servlet-name>
<url-pattern>/privilege/order</url-pattern>
</servlet-mapping>