login.jsp
<%@ page language="java" pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<body>
<form action="${pageContext.request.contextPath}/LoginServlet" method="post">
<table border="1" align="center">
<caption>用户登录</caption>
<tr>
<th>用户名</th>
<td><input type="text" name="username"/></td>
</tr>
<tr>
<th>密码</th>
<td><input type="password" name="password"/></td>
</tr>
<tr>
<td colspan="2" align="center">
<input type="submit" value="提交"/>
</td>
</tr>
</table>
</form>
</body>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<form action="/day19/welcome.jsp" method="post">
<table border="1" align="center">
<caption><br>用户登录</caption>
<tr>
<th>用户名</th>
<td><input type="text" name="username"/></td>
</tr>
<tr>
<th>密码</th>
<td><input type="password" name="password"/></td>
</tr>
<tr>
<th>角色</th>
<td>
<select name="role">
<option value="普通用户">普通用户</option>
<option value="管理员">管理员</option>
</select>
</td>
</tr>
<tr>
<td colspan="2" align="center">
<input type="submit" value="提交"/>
</td>
</tr>
</table>
</form>
</body>
</html>
</html>
FilterDemo6对敏感目录进行过虑
//对敏感目录进行认证
public class FilterDemo6 implements Filter {
public void init(FilterConfig filterConfig) throws ServletException {
}
public void doFilter(ServletRequest req, ServletResponse res,FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
//取得用户请求参数
String username = request.getParameter("username");
String password = request.getParameter("password");
//判段
if(username!=null && password!=null){
if(username.equals("jack") && password.equals("123")){
//允许进入敏感资源
chain.doFilter(request,response);
}else{
//转发到message.jsp页面
request.setAttribute("message","用户名或密码不正确");
request.getRequestDispatcher("/message.jsp").forward(request,response);
}
}else{
//转发到message.jsp页面
request.setAttribute("message","必须填入用户名和密码");
request.getRequestDispatcher("/message.jsp").forward(request,response);
}
}
public void destroy() {
}
}
根据用户角色显示(管理员显示下载链接,普通用户显示下载字符串,不能进行下载)
login2.html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<form action="/day19/welcome.jsp" method="post">
<table border="1" align="center">
<caption><br>用户登录</caption>
<tr>
<th>用户名</th>
<td><input type="text" name="username"/></td>
</tr>
<tr>
<th>密码</th>
<td><input type="password" name="password"/></td>
</tr>
<tr>
<th>角色</th>
<td>
<select name="role">
<option value="普通用户">普通用户</option>
<option value="管理员">管理员</option>
</select>
</td>
</tr>
<tr>
<td colspan="2" align="center">
<input type="submit" value="提交"/>
</td>
</tr>
</table>
</form>
</body>
</html>
//对敏感目录进行认证[课堂练习1]
public class FilterDemo7 implements Filter {
public void init(FilterConfig filterConfig) throws ServletException {
}
public void doFilter(ServletRequest req, ServletResponse res,FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
//设置请求体编码方式
request.setCharacterEncoding("UTF-8");
//取得用户请求参数
String username = request.getParameter("username");
String password = request.getParameter("password");
String role = request.getParameter("role");
//判段
if(username!=null && password!=null && role!=null && username.trim().length()>0 && password.trim().length()>0 && role.trim().length()>0){
if("普通用户".equals(role)){
request.setAttribute("message","欢迎普通用户<font color='blue'>"+username+"</font>登录");
request.setAttribute("flag","user");
}else if("管理员".equals(role)){
request.setAttribute("message","欢迎管理员<font color='red'>"+username+"</font>登录");
request.setAttribute("flag","admin");
}
chain.doFilter(request,response);
}
}
public void destroy() {
}
}
welcome2.jsp
<%@ page language="java" pageEncoding="UTF-8"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<body>
${message}<br/>
<c:choose>
<c:when test="${requestScope.flag=='admin'}">
<a href="#">下载</a>
</c:when>
<c:otherwise>
下载
</c:otherwise>
</c:choose>
</body>
</html>
自动登录分析:
自动登录filter过滤器
/对敏感页面或目录进行认证
public class AutoLoginFilter implements Filter {
public void init(FilterConfig filterConfig) throws ServletException {
}
public void doFilter(ServletRequest req, ServletResponse res,FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
//取得浏览器的Cookie
Cookie[] cookies = request.getCookies();
Cookie userCookie = null;
if(cookies!=null){
for(Cookie c : cookies){
if(c.getName().equals("usernameAndPassword")){
userCookie = c;
break;
}
}
//找到对应的Cookie
if(userCookie!=null){
String usernameAndPassword = userCookie.getValue();
String[] both = usernameAndPassword.split("_");
String username = both[0];
String password = both[1];
if(username.equals("jack") && password.equals("123")){
request.getSession().setAttribute("username",username);
}
}
}
//发行资源
chain.doFilter(request,response);
}
public void destroy() {
}
}