注销功能
在这两个位置都可以注销,退出系统,回到登录界面。
通过移除session实现。
public class LogoutServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { req.getSession().removeAttribute(Constants.USER_SESSION); resp.sendRedirect(req.getContextPath()+"/login.jsp"); } @Override protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { doGet(req, resp); }}
配置时url为:/jsp/logout.do
<servlet> <servlet-name>LogoutServletservlet-name> <servlet-class>com.zhu.servlet.user.LogoutServletservlet-class> servlet> <servlet-mapping> <servlet-name>LogoutServletservlet-name> <url-pattern>/jsp/logout.dourl-pattern> servlet-mapping>
权限拦截
在当前的项目中,退出系统后直接输入网址是可以进入系统的,需要进行权限拦截。
package com.zhu.filter;import com.zhu.pojo.User;import com.zhu.util.Constants;import javax.servlet.*;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import java.io.IOException;public class SysFilter implements Filter { public void init(FilterConfig filterConfig) throws ServletException { } public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) servletRequest; HttpServletResponse response = (HttpServletResponse) servletResponse; User user = (User) request.getSession().getAttribute(Constants.USER_SESSION); if(user==null){ response.sendRedirect("/error.jsp"); }else{ filterChain.doFilter(servletRequest,servletResponse); } } public void destroy() { }}
配置时要把jsp包下的资源都过滤!
<filter> <filter-name>SysFilterfilter-name> <filter-class>com.zhu.filter.SysFilterfilter-class> filter> <filter-mapping> <filter-name>SysFilterfilter-name> <url-pattern>/jsp/*url-pattern> filter-mapping>
测试
登陆系统,退出,再输入网址:http://localhost:8080/jsp/frame.jsp