- 编写一个应用,用户登录成功之后到达欢迎界面。为了防止某些用户直接访问欢迎页面,用过滤器来实现session的检查。
解析
先写login.jsp
和status.jsp
,把基本框架搭好,status.jsp
的内容很简单,就两行
login.jsp
<form name="loginForm" action="/JavaWebCDUT/validationServlet" method="post">
账号:<input name="account" type="text"><br>
密码:<input name="pwd" type="password"><br>
<input type="button" value="登录" onclick="validate()">
</form>
status.jsp
登录成功<br>
<a href="/JavaWebCDUT/logOutServlet">退出登录</a>
然后把验证逻辑给写了,注意一下我在这里仅仅只判断了用户名和密码是否为空,若不为空则提交表单。真正的匹配判断我放在了ValidationServlet
function validate() {
let account = loginForm.account.value
let pwd = loginForm.pwd.value
if (account == "" || pwd == "") {
alert("用户名、密码不能为空")
} else {
loginForm.submit()
}
}
把ValidationServlet
给写了
@WebServlet(name = "validationServlet", urlPatterns = {"/validationServlet"})
public class ValidationServlet extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// 处理响应乱码
response.setContentType("text/html;charset=utf-8");
// 处理请求乱码
request.setCharacterEncoding("utf-8");
String account = request.getParameter("account");
String pwd = request.getParameter("pwd");
if (account != null && pwd != null){
if (account.equals("tom") && pwd.equals("123")){ // 在这里判断
HttpSession session = request.getSession();
session.setAttribute("account", account); // 通过了验证,就要把用户名存在session中,方便后面做过滤
response.sendRedirect("chapter9/9_5/status.jsp"); // 重定向到status.jsp
}
else {
response.sendRedirect("chapter9/9_5/login.jsp"); // 验证失败,回到login.jsp
}
}
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
doPost(request, response);
}
}
最后写LoginFilter
,我根据url的后缀来确定是否要启用过滤器。如果之前已经登录成功,那么说明session内一定存有account
,可根据这个判断是否要访问欢迎界面
@WebFilter(filterName = "LoginFilter", urlPatterns = {"*.jsp"})
public class LoginFilter implements Filter {
public void init(FilterConfig config) throws ServletException {
}
public void destroy() {
}
@Override
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException {
HttpServletRequest request = (HttpServletRequest) req; // 强制把参数req转换为HttpServletRequest类型,不然无法使用getSession
HttpServletResponse response = (HttpServletResponse) resp; // 同理
HttpSession session = request.getSession();
String requestURL = request.getRequestURI().toString(); // 获取url
String account = (String) session.getAttribute("account");
if (account == null && requestURL.contains("9_5/status.jsp")) {
response.sendRedirect("login.jsp");
}
chain.doFilter(request, response);
}
}
此外,还可以写一个LogOutServlet
,记得让status.jsp
的超链接给链接上
@WebServlet(name = "LogOutServlet", urlPatterns = {"/logOutServlet"})
public class LogOutServlet extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// 处理响应乱码
response.setContentType("text/html;charset=utf-8");
// 处理请求乱码
request.setCharacterEncoding("utf-8");
HttpSession session = request.getSession();
session.invalidate(); // 清空session,即清除了登录状态
response.sendRedirect("chapter9/9_5/login.jsp");
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
doPost(request, response);
}
}
代码
login.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>登录</title>
<script src="validate.js" lang="javascript"></script>
</head>
<body>
<form name="loginForm" action="/JavaWebCDUT/validationServlet" method="post">
账号:<input name="account" type="text"><br>
密码:<input name="pwd" type="password"><br>
<input type="button" value="登录" onclick="validate()">
</form>
</body>
</html>
status.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>登录状态</title>
</head>
<body>
登录成功<br>
<a href="/JavaWebCDUT/logOutServlet">退出登录</a>
</body>
</html>
validation.js
function validate() {
let account = loginForm.account.value
let pwd = loginForm.pwd.value
if (account == "" || pwd == "") {
alert("用户名、密码不能为空")
} else {
loginForm.submit()
}
}
ValidationServlet.java
package chapter9.servlet;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
@WebServlet(name = "validationServlet", urlPatterns = {"/validationServlet"})
public class ValidationServlet extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// 处理响应乱码
response.setContentType("text/html;charset=utf-8");
// 处理请求乱码
request.setCharacterEncoding("utf-8");
String account = request.getParameter("account");
String pwd = request.getParameter("pwd");
if (account != null && pwd != null){
if (account.equals("tom") && pwd.equals("123")){
HttpSession session = request.getSession();
session.setAttribute("account", account);
response.sendRedirect("chapter9/9_5/status.jsp");
}
else {
response.sendRedirect("chapter9/9_5/login.jsp");
}
}
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
doPost(request, response);
}
}
LoginFilter.java
package chapter9.filter;
import javax.servlet.*;
import javax.servlet.annotation.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
@WebFilter(filterName = "LoginFilter", urlPatterns = {"*.jsp"})
public class LoginFilter implements Filter {
public void init(FilterConfig config) throws ServletException {
}
public void destroy() {
}
@Override
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) resp;
HttpSession session = request.getSession();
String requestURL = request.getRequestURI().toString();
String account = (String) session.getAttribute("account");
if (account == null && requestURL.contains("9_5/status.jsp")) {
response.sendRedirect("login.jsp");
}
chain.doFilter(request, response);
}
}
LogOutServlet.java
package chapter9.servlet;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
@WebServlet(name = "LogOutServlet", urlPatterns = {"/logOutServlet"})
public class LogOutServlet extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// 处理响应乱码
response.setContentType("text/html;charset=utf-8");
// 处理请求乱码
request.setCharacterEncoding("utf-8");
HttpSession session = request.getSession();
session.invalidate();
response.sendRedirect("chapter9/9_5/login.jsp");
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
doPost(request, response);
}
}