刚写完用户的访问权限过滤器,基本实现了防止用户直接输入URL访问资源。如有不足请指正!
Java 代码:
package com.viano.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
/**
* 用户访问权限的过滤器
* @author viano
*/
public class UsersFilter implements Filter {
public void destroy() {
// TODO Auto-generated method stub
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
// 设置请求的字符编码
request.setCharacterEncoding("UTF-8");
// 设置返回请求的字符编码
response.setCharacterEncoding("UTF-8");
// 转换ServletRequest为 HttpServletRequest
HttpServletRequest req = (HttpServletRequest) request;
// 转换ServletResponse为HttpServletRequest
HttpServletResponse res = (HttpServletResponse) response;
// 获取Session
HttpSession session = req.getSession();
// 获取Session中存储的对象
Object o = session.getAttribute("user");
// 获取当前请求的URI
String url = req.getRequestURI();
// 判断Session中的对象是否为空;判断请求的URI是否为不允许过滤的URI
if (o == null
&& !url.endsWith("login.jsp") // 对URL地址为此结尾的文件不过滤
&& url.indexOf("login.do") < 0 // 对URL地址中包含此字符串的文件不过滤
&& url.indexOf("/images/") < 0) {
res.sendRedirect(req.getContextPath() + "/login.jsp");
} else {
chain.doFilter(request, response);
res.setHeader("Cache-Control","no-store");
res.setDateHeader("Expires",0);
res.setHeader("Pragma","no-cache");
res.flushBuffer();
}
}
public void init(FilterConfig filterConfig) throws ServletException {
// TODO Auto-generated method stub
}
}
WEB.XML 代码:
<!-- Filter 登陆过滤开始--> <filter> <filter-name>UsersFilter</filter-name> <filter-class>com.viano.filter.UsersFilter</filter-class> </filter> <filter-mapping> <filter-name>UsersFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- Filter 登陆过滤结束-->