登录页loginform.jsp
登录成功页
登录失败页
拦截器
说明:所有的jsp页面都直接位于webroot下
<body>
<center>
用户登录<br><br>
<form action="logincheck.jsp" method="post">
姓名<input type="text" name="username"><br><br>
密码<input type="text" name="password"><br><br>
<input type="submit" value="登录">
</form>
</center>
</body>
登录验证页logincheck(不连接数据库,直接指定可以登录的用户名和密码)
<body>
<%
String username = request.getParameter("username");
String password = request.getParameter("password");
if(username.equals("jack") && password.equals("123456")){
session.setAttribute("username",username);
request.getRequestDispatcher("loginsuccess.jsp").forward(request,response);
}else{
request.getRequestDispatcher("loginfailure.jsp").forward(request,response);
}
%>
</body>
登录成功页
<body>
<%= session.getAttribute("username")%>,欢迎登陆
</body>
登录失败页
<body>
登录失败
</body>
web.xml
<filter>
<filter-name>LoginFilter</filter-name>
<filter-class>filter.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>/loginsuccess.jsp</url-pattern>
</filter-mapping>
拦截器
package filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
public class LoginFilter implements Filter{
public void destroy() {
System.out.println("登录验证过滤器已经销毁");
}
public void doFilter(ServletRequest req, ServletResponse res,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest)req;
HttpSession session = request.getSession();
String username = (String)session.getAttribute("username");
if(username==null || username.equals("")){
request.getRequestDispatcher("loginform.jsp").forward(req, res);
}
}
public void init(FilterConfig filterConfig) throws ServletException {
System.out.println("登录验证过滤器初始化完成");
}
}
说明:所有的jsp页面都直接位于webroot下
实现的功能:其他的页面可以正常访问,loginsuccess.jsp只能登录后才能访问,也就是说如果直接访问loginsuccess.jsp,会跳转到loginform.jsp
web.xml的配置表示只对loginsuccess.jsp进行拦截,"/*"表示对所有的页面都拦截。
如果将拦截器的doFilter修改,又可以直接访问loginsuccess.jsp,说明配置文件会排除掉doFilter中指定的不拦截的URL。
public void doFilter(ServletRequest req, ServletResponse res,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest)req;
HttpSession session = request.getSession();
String username = (String)session.getAttribute("username");
if(request.getRequestURI().equals("/rempw/loginsuccess.jsp")){
chain.doFilter(req, res);
}else{
if(username==null || username.equals("")){
request.getRequestDispatcher("loginform.jsp").forward(req, res);
}else{
chain.doFilter(req, res);
}
}
}