1. 编写一个过滤器审计用户对资源的访问
l 编写过滤器AuditFilter,实现的功能是,当用户访问应用程序任何资源时,将用户的IP地址和主机名写入日志文件中。
l 配置过滤器
l 访问该应用程序中的任何一个资源,如URL访问jsp页面:
观察<CATALINA_HOME>\logs目录中的日志文件
首先新建AuditFilter,然后就ok了
package com.czc;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class AuditFilter implements Filter {
private FilterConfig fConfig;
public AuditFilter() {
}
public void destroy() {
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest)request;
HttpServletResponse res = (HttpServletResponse)response;
String addr = req.getRemoteAddr();
String host = req.getRemoteHost();
fConfig.getServletContext().log("remote addr: " + addr + ",remote host: " + host);
chain.doFilter(req, res);
}
public void init(FilterConfig fConfig) throws ServletException {
this.fConfig = fConfig;
}
}
2. 编写一个用于检测用户是否登陆的过滤器,
如果用户未登录,则重定向到指的登录页面, 需检查的在 Session 中保存的关键字; 如果用户未登录,需重定向到指定的页面(URL不包括 ContextPath); 不做检查的URL列表(以分号分开,并且 URL 中不包括 ContextPath)都要采取可配置的方式
l 编写一个login.jsp文件
l 编写2个需要检查JSP,1个不需要检查页面
l 配置web.xml参数: Session关键字参数;重定向页面参数如(login,jsp);不需要检查页面参数.
l 编写并配置过滤器完成上述功能
l 测试效果.
新建login.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Insert title here</title>
</head>
<body>
<form action="LoginServlet" method="post">
用户名:<input type="text" name="username"> <br/>
密 码:<input type="text" name="password"> <br/>
<input type="submit" value="登入">
<div style="color:red">${msg}</div>
</form>
</body>
</html>
新建index.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Insert title here</title>
</head>
<body>
<h1>登入成功!!!</h1>
</body>
</html>
新建LoginFilter
package com.czc;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class LoginFilter implements Filter {
private FilterConfig config;
public LoginFilter() {
}
public void destroy() {
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest)request;
HttpServletResponse res = (HttpServletResponse)response;
String uri = req.getRequestURI();
String str = config.getInitParameter("config");
String[] strs = str.split(";");
for (String s : strs) {
if (uri.contains(s)) {
chain.doFilter(req, res);
return;
}
}
String username = (String) req.getSession().getAttribute("username");
if (username == null) {
res.sendRedirect("login.jsp");
return;
}
chain.doFilter(request, response);
}
public void init(FilterConfig fConfig) throws ServletException {
this.config = fConfig;
}
}
新建LoginServlet
package com.czc;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class LoginServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
public LoginServlet() {
super();
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String username = request.getParameter("username");
String password = request.getParameter("password");
if (username.equals("admin") && password.equals("123456")) {
request.getSession().setAttribute(username, username);
request.getRequestDispatcher("/index.jsp").forward(request, response);
return;
}
request.setAttribute("msg", "用户名或密码错误!");
request.getRequestDispatcher("/login.jsp").forward(request, response);
}
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
this.doGet(request, response);
}
}