1. 我们可以在web.xml中配置filter来对指定的URL进行过滤,进行一些特殊操作如权限验证等。
SessionFilter
com.xm.chris.SessionFilter
SessionFilter
/resources/*
public class SessionFilter implementsFilter {private static final String CONTENT_TYPE = "text/html; charset=UTF-8";private FilterConfig _filterConfig = null;public void init(FilterConfig filterConfig) throwsServletException {
_filterConfig=filterConfig;
}public voiddestroy() {
_filterConfig= null;
}public voiddoFilter(ServletRequest request, ServletResponse response,
FilterChain chain)throwsIOException,
ServletException {
HttpServletRequest rq=(HttpServletRequest) request;
HttpSession httpSession=rq.getSession();
Long userId= (Long) httpSession.getAttribute("userId");if (userId == null) {
response.setContentType(CONTENT_TYPE);
PrintWriter out=response.getWriter();
out.println("");
out.println("
Error");out.println("
");out.println("
错误.
");out.println("");
out.close();
}else{
chain.doFilter(request, response);
}
}
}
这时所有请求了contextPath/resources/*路径的request都会被SessionFilter验证是否登录。
2. 但是我们有一些特定的url不想验证登录,想要直接能够访问,怎么办呢?
这时可以配置一个参数,告诉Filter哪些url不想验证。
SecurityFilter
com.oracle.ccsc.jcs.sx.filter.SecurityFilter
excludedPages
/xm/portal/notice
然后在Filter中就可以根据参数判断是否需要过滤。
public class SecurityFilter implementsFilter {private static final String CONTENT_TYPE = "text/html; charset=UTF-8";private FilterConfig _filterConfig = null;privateString excludedPages;privateString[] excludedPageArray;public void init(FilterConfig filterConfig) throwsServletException {
_filterConfig=filterConfig;
excludedPages= filterConfig.getInitParameter("excludedPages");if(StringUtils.isNotEmpty(excludedPages)) {
excludedPageArray= excludedPages.split(",");
}
}public voiddestroy() {
_filterConfig= null;
}public voiddoFilter(ServletRequest request, ServletResponse response,
FilterChain chain)throwsIOException,
ServletException {
HttpServletRequest rq=(HttpServletRequest) request;boolean isExcludedPage = false;for (String page : excludedPageArray) { //判断是否在过滤url之外if(rq.getPathInfo().equals(page)) {
isExcludedPage= true;break;
}
}if (isExcludedPage) { //在过滤url之外
chain.doFilter(request, response);
}else { //不在过滤url之外,判断登录
HttpSession httpSession =rq.getSession();
Long userId= (Long) httpSession.getAttribute("userId");if (userId == null) {
response.setContentType(CONTENT_TYPE);
PrintWriter out=response.getWriter();
out.println("");
out.println("
Error");out.println("
");out.println("
错误.
");out.println("");
out.close();
}else{
chain.doFilter(request, response);
}
}
}
}
3. 关于用Servlet获取URL地址。
在HttpServletRequest类里,有以下六个取URL的函数
getContextPath 取得项目名
getServletPath 取得Servlet名
getPathInfo 取得Servlet后的URL名,不包括URL参数
getRequestURL 取得不包括参数的URL
getRequestURI 取得不包括参数的URI,即去掉协议和服务器名的URL
具体如下图:
相对应的函数的值如下:
getContextPath:/ServletTest
getServletPath:/main
getPathInfo:/index/testpage/test
getRequestURL:http://localhost:8080/ServletTest/main/index/testpage/test
getRequestURI:/ServletTest/main/index/testpage/test