范例一:隐藏资源
1.功能描述:对于登录成功的用户,保存会话,然后可以下载资源文件。
2.目的:不允许直接访问某些静态资源文件,从而达到保护静态资源文件的目的
3.实现步骤:
(1)创建一个FileDownloadServlet、一个LoginServlet、一个login.jsp页面
(2)在FileDownloadServlet中的业务逻辑:
1)根据httpSession进行判断,如果成功,则进行下载。否则,跳转到登录页面
(3)在LoginServlet中的业务逻辑:
1)如果用户登录成功,则保存会话,跳转到FileDownloadServlet
2)如果登录失败,则跳转到login.jsp页面
4.源代码:
import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.OutputStream;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
@WebServlet(urlPatterns = { "/download" })
public class FileDownloadServlet extends HttpServlet {
private static final long serialVersionUID = 7583L;
public void doGet(HttpServletRequest request,
HttpServletResponse response) throws ServletException,
IOException {
HttpSession session = request.getSession();
if (session == null ||
session.getAttribute("loggedIn") == null) {
RequestDispatcher dispatcher =
request.getRequestDispatcher("/login.jsp");
dispatcher.forward(request, response);
// must return after dispatcher.forward(). Otherwise,
// the code below will be executed
return;
}
String dataDirectory = request.
getServletContext().getRealPath("/WEB-INF/data");
File file = new File(dataDirectory, "secret.pdf");
if (file.exists()) {
response.setContentType("application/pdf");
response.addHeader("Content-Disposition",
"attachment; filename=secret.pdf");
byte[] buffer = new byte[1024];
FileInputStream fis = null;
BufferedInputStream bis = null;
// if you're using Java 7, use try-with-resources
try {
fis = new FileInputStream(file);
bis = new BufferedInputStream(fis);
OutputStream os = response.getOutputStream();
int i = bis.read(buffer);
while (i != -1) {
os.write(buffer, 0, i);
i = bis.read(buffer);
}
} catch (IOException ex) {
System.out.println (ex.toString());
} finally {
if (bis != null) {
bis.close();
}
if (fis != null) {
fis.close();
}
}
}
}
}
import java.io.IOException;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
@WebServlet(urlPatterns = { "/login" })
public class LoginServlet extends HttpServlet {
private static final long serialVersionUID = -920L;
public void doPost(HttpServletRequest request,
HttpServletResponse response) throws ServletException,
IOException {
String userName = request.getParameter("userName");
String password = request.getParameter("password");
if (userName != null && userName.equals("ken")
&& password != null && password.equals("secret")) {
HttpSession session = request.getSession(true);
session.setAttribute("loggedIn", Boolean.TRUE);
response.sendRedirect("download");
// must call return or else the code after this if
// block, if any, will be executed
return;
} else {
RequestDispatcher dispatcher =
request.getRequestDispatcher("/login.jsp");
dispatcher.forward(request, response);
}
}
}
<html>
<head>
<title>Login</title>
</head>
<body>
<form action="login" method="post">
<table>
<tr>
<td>User Name:</td>
<td><input name="userName"/></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="password"/></td>
</tr>
<tr>
<td colspan="2">
<input type="submit" value="Login"/>
</td>
</tr>
</table>
</form>
</body>
</html>