1、步骤1:在filter中增加权限判断
- public class AuthFilter implements Filter {
- @Override
- public void destroy() {
- }
- @Override
- public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse,
- FilterChain filterChain) throws IOException, ServletException {
- HttpServletRequest request = (HttpServletRequest) servletRequest;
- HttpServletResponse response = (HttpServletResponse) servletResponse;
- String currentURL = request.getRequestURI();
- String targetURL = currentURL.substring(currentURL.indexOf("/", 1), currentURL.length());
- HttpSession session = request.getSession(false);
- if (!"/login/login.html".equals(targetURL)) {
- //判断当前页是否是重定向以后的登录页面页面,如果是就不做session的判断,防止出现死循环
- if (session == null || session.getAttribute("user") == null) {
- //*用户登录以后需手动添加session
- response.sendRedirect(request.getContextPath() + "/page/login/login.html");
- //如果session为空表示用户没有登录就重定向到login.jsp页面
- return;
- }
- }
- //加入filter链继续向下执行
- filterChain.doFilter(request, response);
- }
- @Override
- public void init(FilterConfig arg0) throws ServletException {
- }
- }
2、在web.xml中进行配置,拦截访问的页面
- <filter>
- <filter-name>authFilter</filter-name>
- <filter-class>com.alibaba.hummock.console.filter.AuthFilter</filter-class>
- </filter>
- <filter-mapping>
- <filter-name>authFilter</filter-name>
- <url-pattern>*.html</url-pattern>
- </filter-mapping>
3、在登录时将user写入session中
转载于:https://blog.51cto.com/tianya23/826652