JavaWeb---Filter 实现权限拦截 学习

Filter 实现权限拦截

用户登录之后才能进入主页！用户注销后就不能进入主页了！

1. 用户登录之后，向Session 中放入用户的数据

2. 进入主页的时候要判断用户是否已经登录；要求：在过滤器中实现！

   

1、登录页面

<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
    <title>登录</title>
</head>
<body>
<h1>登录</h1>

<form action="/servlet/login" method="post">
    <input type="text" name="username">
    <input type="submit">
</form>

</body>
</html>

2、错误页面

<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
    <title>error</title>
</head>
<body>
<h1>错误</h1>

<a href="/Login.jsp">返回登录页面</a>
</body>
</html>

3、成功页面

<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
    <title>主页</title>
</head>
<body>

<%--

<%
    Object user_session = request.getSession().getAttribute("USER_SESSION");
    if(user_session == null){
        response.sendRedirect("/Login.jsp");
    }
%>

--%>

<h1>主页</h1>
<p><a href="/servlet/logout">注销</a></p>
</body>
</html>

4、登录判断

package com.lan.servlet;

import com.lan.util.Constant;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

public class LoginServlet extends HttpServlet {
   
    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
   
        //获取前端请求
        String username = req.getParameter("username");
        if(username.<