用拦截器/过滤器可以拦截用户没有登录的情况下,不能进行访问系统页面。
项目结构
1.在web.xml配置过滤器。*.do的意思是过滤器会拦截后三位为 .do的请求。
<filter>
<filter-name>loginfilter</filter-name>
<filter-class>com.zhongruan.filter.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>loginfilter</filter-name>
<url-pattern>*.do</url-pattern>
</filter-mapping>
2.创建名为filter的包,在该包里面创建LoginFilter.java文件
package com.zhongruan.filter;
import com.zhongruan.bean.User;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
public class LoginFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
System.out.println("过滤器初始化");
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
System.out.println("过滤器执行====");
//得到HttpServletRequest和HttpServletResponse
HttpServletRequest request = (HttpServletRequest)servletRequest;
HttpServletResponse response = (HttpServletResponse)servletResponse;
//得到session
HttpSession session = request.getSession();
User user = (User)session.getAttribute("user");
//获取url
String url = request.getRequestURI();
if (user == null && url.indexOf("login.do") == -1){
System.out.println("登录信息不存在,并且访问登录接口以外其他接口,应该进行拦截");
response.sendRedirect(request.getContextPath()+"/pages/login.jsp");
}else{
System.out.println("登录信息存在,不进行拦截");
filterChain.doFilter(servletRequest, servletResponse);
}
}
@Override
public void destroy() {
System.out.println("过滤器销毁");
}
}
3.UseHandler.java
@RequestMapping("/login.do")
public String login(String username, String password, HttpSession session){
System.out.println(username + "===" +password);
User user=userService.login(new User(username,password));
if (user == null){
System.out.println("登录失败");
return "pages/failer";
}
else {
System.out.println("登录成功");
session.setAttribute("user",user);
//获取用户角色信息
List<Integer> list = roleService.findRoleById(user.getId());
System.out.println(list);
session.setAttribute("roleIds",list);
return "pages/success";
}
}
4.把要拦截的请求加上.do的后缀就可以实现过滤