首先创建过滤器
public class SecurityServlet extends HttpServlet implements Filter{
private static final long serialVersionUID = 1L;
public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2) throws IOException, ServletException {
HttpServletRequest request=(HttpServletRequest)arg0;
HttpServletResponse response =(HttpServletResponse) arg1;
Integer count = (Integer) request.getSession().getAttribute("countOfLogin");
String url=request.getRequestURI();
if(url.indexOf("login")<0){
if(count==null || "".equals(count) ) {
response.sendRedirect(request.getContextPath()+"/login.jsp");
}else{
arg2.doFilter(arg0, arg1);
}
}else{
arg2.doFilter(arg0, arg1);
}
}
public void init(FilterConfig arg0) throws ServletException {
}
Integer count = (Integer) request.getSession().getAttribute("countOfLogin");countOfLogin是我在登录时存在session中的一个数值,此时刚好可以验证该session是否存在。
if(url.indexOf("login")<0)把登录页排除在外
接下来需要配置WEB.XML
SecurityServlet
com.zh.fillter.SecurityServlet
SecurityServlet
/*
我过滤的是所有请求 /*
当然,前提是把除登录页以外的所有页面放在WEB-INF目录下
=====================================================================================
在JSP页面中也可以来判断是否有SESSION,没有的话则返回登录页
if(session.getAttribute("username") == null) {
%>
alert("您还没有登录,请登录...");
top.location.href="login.jsp";
}
%>
Session拦截
if(session.getAttribute("account") == null) {
%>
alert("您还没有登录,请登录...");
top.location.href="../login.jsp";
}
%>