转自http://www.yihaomen.com/article/java/117.htm,有改动,收录做笔记
首先是过滤器的类
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class SecurityFilter implements Filter {
public void destroy() {
// TODO Auto-generated method stub
}
public void doFilter(ServletRequest arg0, ServletResponse arg1,
FilterChain arg2) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) arg0;
HttpServletResponse response = (HttpServletResponse) arg1;
HttpSession session = request.getSession(true);
Object obj = (Object)session.getAttribute("CURRENT_USER");
String url = request.getRequestURI();
System.out.println(">>>>RequestURI:"+url);
System.out.println(">>>RequestContext:"+request.getContextPath());
if(obj==null){
// 判断获取的路径不为空且不是访问登录页面或执行登录操作时跳转
if (url != null && !url.equals("")) {
response.sendRedirect(request.getContextPath() + "/login.jsp");
return;
}
}
arg2.doFilter(arg0, arg1);
return;
}
public void init(FilterConfig arg0) throws ServletException {
}
}
web.xml配置
<filter>
<filter-name>SecurityFilter</filter-name>
<filter-class>com.gjp.o2o.web.filter.SecurityFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>SecurityFilter</filter-name>
<url-pattern>/admin/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>SecurityFilter</filter-name>
<url-pattern>/facilitator/*</url-pattern>
</filter-mapping>
注意:错误的几种写法
<filter-mapping>
<filter-name>authority</filter-name>
<url-pattern>/pages/cmm/*;/pages/genbill/*</url-pattern>
</filter-mapping>
还有这样写是错误的
<url-pattern>/direcotry/*.jsp</url-pattern>
spring拦截器对servlet的过滤方式
首先是写拦截器
import javax.servlet.RequestDispatcher;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.aopalliance.intercept.MethodInterceptor;
import org.aopalliance.intercept.MethodInvocation;
import org.apache.log4j.Logger;
//import org.apache.struts.action.ActionMapping;
public class LoginInterceptor implements MethodInterceptor {
private static final Logger log = Logger.getLogger(LoginInterceptor.class);
public Object invoke(MethodInvocation invocation) throws Throwable {
System.out.println("拦截开始!");
Object[] args = invocation.getArguments();
HttpServletRequest request = null;
HttpServletResponse response = null;
for (int i = 0 ; i < args.length ; i++ ) {
if (args[i] instanceof HttpServletRequest) request = (HttpServletRequest)args[i];
if (args[i] instanceof HttpServletResponse) response = (HttpServletResponse)args[i];
}
if (request != null ) {
String url=request.getRequestURI();
String operation=request.getParameter("operation");
HttpSession session = request.getSession(true);
Object obj = (Object)session.getAttribute("CURRENT_USER");
System.out.println(">>>>RequestURI:"+url);
System.out.println(">>>RequestContext:"+request.getContextPath());
System.out.println(">>>Operation:"+operation);
if (obj == null&&(!"login".equals(operation))) {
response.sendRedirect(request.getContextPath() + "/login.jsp");
return false;
}
else {
/*do something*/
return invocation.proceed();
}
}
else {
return invocation.proceed();
}
}
}
然后在spring配置文件中配置:
<!--配置拦截器-->
<bean id="loginInterceptor" class="com.gjp.o2o.web.interceptor.LoginInterceptor" ></bean>
<!--配置拦截的Bean-->
<bean id="autoPorxyFactoryBean" class="org.springframework.aop.framework.autoproxy.BeanNameAutoProxyCreator">
<property name="interceptorNames">
<list>
<value>loginInterceptor</value>
</list>
</property>
<property name="beanNames" >
<list>
<value>*Servlet</value><!--拦截的bean的格式都是这样的-->
</list>
</property>
</bean>