1、首先自定义myfilter实现Filter接口,其中session中的name在登录校验的时候存入用户的name
public String check(HttpServletRequest request) throws NullPointerException{
ModelAndView model=new ModelAndView();
String name=request.getParameter("username");
String password=request.getParameter("password");
User user=userServiceImpl.login(name);
if(user!=null) {
if (password.equals(user.getPassword())) {
HttpSession session=request.getSession();
session.setAttribute("name",name);
model.addObject("name", name);
return "forward:/showallbooks.action";
}
else {
model.addObject("errormsg", "用户名或密码不正确");
return "faild";
}
}
else {
model.addObject("errormsg", "登录失败");
return "faild";
}
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest req=(HttpServletRequest) request;
HttpServletResponse res=(HttpServletResponse) response;
HttpSession session=req.getSession();
String username=(String)session.getAttribute("name"); //从session中取得用户
String url=req.getRequestURI(); //取得请求访问的地址
//判断从session中取得用户是否为空
if(username==null){
//判断获取的路径不为空且不是访问登录页面或执行登录操作时跳转
if(url!=null && !url.equals("") && ( url.indexOf("Login")<0 && url.indexOf("login")<0 )) {
res.sendRedirect(req.getContextPath() + "/login.action");
return ;
}
}
chain.doFilter(request,response);
return;
}
2.在web.xml中
<!--配置自己的过滤器实现未登陆用户的拦截-->
<filter>
<filter-name>myfilter</filter-name>
<filter-class>cn.filter.MyFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>myfilter</filter-name>
<url-pattern>*.action</url-pattern>
</filter-mapping>