Filter伪权限登录验证

Filter伪权限登录验证：

需要的部件：

    1.filter
    2.jsp
    3.servlet
    附带：JavaBean类 User类

注意：

1.当Filter将request,response请求转发到.jsp时，.jsp任能使用EL获取数据，
或是使用JSP内置对象设置或获取属性，但是表单的提交是不会带上request的，
即便在.jsp中将属性设置好，在提交表单后的servlet仍然不可见request，而是新的request
2.但是如果是当Filter将request,response请求转发到其他servlet时，则request是相同的，是同一个request.

1.filter

1.Filter过滤器对所有资源都进行拦截
2.在doFilter方法中，
    1.先对Request,Response进行统一编码，以及其他的servlet,jsp等资源的统一配置
    2.再将ServletRequest强转为HttpServletRequest,并获取其URI
    3.通过URI字符串是否包含(contains)指定目录名或是文件名，直接chain.doFilter放行
        文件夹的contains:("/xxx/")
        文件的contains("/xxx");
        在访问与登录有关的资源时，包括jsp,css,fonts,js都要直接放行
        其他的要检测session部分的共享信息
    4.session上获取的对象为空，则未登录上，那么就要将请求转发到登录页面
        否则放行
    注意：
        在每一次chain.doFilter(request, response);放行后，不接其他代码
        表示请求回来时也不做其他加工。

1.FilterDemo1

package DemoFilter;

import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.util.Map;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.websocket.Session;

import org.apache.commons.beanutils.BeanUtils;

import JavaBeanClass.User;
//1.Filter过滤器对所有资源都进行拦截
@WebFilter(value = {"/*"})
public class FilterDemo1 implements Filter {
	
	public void destroy() {
		System.out.println("recycle resource");
	}
	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
		//2.1先对Request,Response进行统一编码，以及其他的servlet,jsp等资源的统一配置
        response.setContentType("text/html;charset=utf-8");
		request.setCharacterEncoding("utf-8");
		
        //2.2再将ServletRequest强转为HttpServletRequest,并获取其URI
		HttpServletRequest req = (HttpServletRequest)request;
		String requestURI = req.getRequestURI();
		System.out.println(requestURI);

        //2.3通过URI字符串是否包含(contains)指定目录名或是文件名，直接chain.doFilter放行
		if(requestURI.contains("/login/") || requestURI.contains("/LoginServlet")|| requestURI.contains("/css/") || requestURI.contains("/js/") || requestURI.contains("/fonts/")) {
			chain.doFilter(request, response);
		}else {
            
            //2.4session上获取的对象为空，则未登录上，那么就要将请求转发到登录页面,否则放行
			User user = (User)req.getSession().getAttribute("user");
			if(user != null) {
				chain.doFilter(request, response);
				System.out.println(user.getUsername());
				System.out.println(user.getPassword());
			}else {
				
				req.getSession().setAttribute("tip", "未登录请先登录");
				request.getRequestDispatcher("/login/login.jsp").forward(request, response);
			}
		}
	}

	public void init(FilterConfig fConfig) throws ServletException {
		System.out.println("dispatch resource");
	}
}

2.jsp: 表单登录，设定方法为Post,提交到伪数据库查询登录Servlet

2.login.jsp

<%@ page language="java" contentType="text/html; charset=utf-8"
    pageEncoding="utf-8"%>
<!DOCTYPE html>
	<html lang="zh-CN">
	  <head>
	    <meta charset="ISO-8859-1">
	    <meta http-equiv="X-UA-Compatible" content="IE=edge">
	    <meta name="viewport" content="width=device-width, initial-scale=1">
	    <!-- 上述3个meta标签*必须*放在最前面，任何其他内容都*必须*跟随其后！ -->
	    <title>Bootstrap 101 Template</title>
	    <link href="../css/bootstrap.min.css" rel="stylesheet">
	    <style type="text/css">
	    .place{
	    	font-size: 30px;
	    	border: 2px solid black;
	    	padding-top: 100px;
	    	padding-bottom: 100px;
	    }
	    .form-group{
	    	align-content: center;
	    	margin-top: 40px;
	    }
	    .login{font-size: 25px;}
	    </style>
	    
		<!-- HTML5 shim 和 Respond.js 是为了让 IE8 支持 HTML5 元素和媒体查询（media queries）功能 -->
	    <!-- 警告：通过 file:// 协议（就是直接将 html 页面拖拽到浏览器中）访问页面时 Respond.js 不起作用 -->
	    <!--[if lt IE 9]>
	      <script src="https://cdn.jsdelivr.net/npm/html5shiv@3.7.3/dist/html5shiv.min.js"></script>
	      <script src="https://cdn.jsdelivr.net/npm/respond.js@1.4.2/dest/respond.min.js"></script>
	    <![endif]-->
	  </head>
	  <body>
	    <form action="http://localhost:8080/WebFilter/LoginServlet" class = "form-horizontal place"  method = "post">
			<div class="form-group">
				<label for = "user"  class = "col-sm-5 control-label" >登录:</label>
				<div class = "col-sm-5">
				<input id = "user" name = "username" placeholder="输入用户名"></input>
				</div>
		 	</div>	
		  <div class="form-group">
				<label for = "pwd" class = "col-sm-5 control-label">密码:</label> 
				<div class = "col-sm-5">
					<input id = "pwd" type = "password" name = "password" placeholder="输入密码"></input>
				</div>
		  </div>
		  
	   		<div class = "col-sm-5 form-group"> </div>
	   		<button type="submit" class="btn btn-danger col-sm-3 login" >登录</button>
		</form>
		
		
		<div class = "col-sm-5 form-group">
		
		${sessionScope.tip}
		
		
		</div>
		
		
		
	    <script src="https://cdn.jsdelivr.net/npm/jquery@1.12.4/dist/jquery.min.js"></script>
	    <!-- 加载 Bootstrap 的所有 JavaScript 插件。你也可以根据需要只加载单个插件。 -->
	    <script src="../js/bootstrap.min.js"></script>
	  </body>
	</html>

3.servlet

1.表单提交时，会将jsp上的信息附带在request上的参数上，使用map获取：
    Map<String, String[]> map = request.getParameterMap();
    User user = new User();
2.使用jar包并导入：
    commons-beanutils-1.8.0.jar
    commons-logging-1.2.jar
3.自动setter或是手动setter都可以：
    自动：（需要：JavaBean类的成员对象和login.jsp的name能对应得上）
        BeanUtils.populate(user, map);
    
    手动：
        user.setName(map.get("username")[0]);
        user.setPassword(map.get("password")[0]);

3.LoginServlet

package DemoFilter;
import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.websocket.Session;
import org.apache.commons.beanutils.BeanUtils;
import JavaBeanClass.User;

@WebServlet("/LoginServlet")
public class LoginServlet extends HttpServlet {
	private static final long serialVersionUID = 1L;
 
	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		doPost(request, response);
		
	}
	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		Map<String, String[]> map = request.getParameterMap();
		System.out.println("username:"+map.get("username")[0]);
		System.out.println("password:"+map.get("password")[0]);
		
		User user = new User();
		try {
			BeanUtils.populate(user, map);
			System.out.println("BUusername:"+user.getUsername());
			System.out.println("BUpassword:"+user.getPassword());
//			手动设置
//			user.setName(map.get("username")[0]);
//			user.setPassword(map.get("password")[0]);;
		} catch (IllegalAccessException | InvocationTargetException e) {
			e.printStackTrace();
		}
		//相当于直接当做数据库中有此数据
		if(true) {
			request.getSession().setAttribute("user",user);
			request.getRequestDispatcher("/ServletDemo1").forward(request,response);
		}
	}

}

User:

package JavaBeanClass;

import java.text.SimpleDateFormat;
import java.util.Date;

public class User {
private String username;
private String password;
private int age;
private Date loginTime;
public User() {
}

public Date getLoginTime() {
	return loginTime;
}

public void setLoginTime(Date loginTime) {
	this.loginTime = loginTime;
}

public String getLogTimeStr() {
	SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy:MM:dd HH:mm:ss");
	return simpleDateFormat.format(loginTime);
}



public String getUsername() {
	return username;
}

public void setUsername(String username) {
	this.username = username;
}

public String getPassword() {
	return password;
}
public void setPassword(String password) {
	this.password = password;
}
public int getAge() {
	return age;
}
public void setAge(int age) {
	this.age = age;
}

@Override
public String toString() {
	return "User [username=" + username + ", password=" + password + ", age=" + age + ", loginTime=" + loginTime + "]";
}

}