- 在Servlet中进行登陆验证的局限性
在用户是否登陆的验证中,我们可以通过在HeroListServlet中增加对session的判断代码来做到登陆验证。
但是按照这样的做法,所有的Servlet都要加上一样的代码,就会显得比较累赘。
与通过Filter处理中文问题一样,也可以通过Filter一次性解决所有的登陆验证问题 - 使用Filter处理
创建一个AuthFilter 类
首先判断是否是访问的login.html和loginHero,因为这两个页面就是在还没有登陆之前就需要访问的String uri = request.getRequestURI(); if (uri.endsWith("login.html") || uri.endsWith("login")) { chain.doFilter(request, response); return; }
从Session中获取userName,如果没有,就表示不曾登陆过,跳转到登陆页面。String userName = (String) request.getSession().getAttribute("userName"); if (null == userName) { response.sendRedirect("login.html"); return; }
package filter; import java.io.IOException; import java.text.SimpleDateFormat; import java.util.Date; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class AuthFilter implements Filter { @Override public void destroy() { } @Override public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) res; String uri = request.getRequestURI(); if (uri.endsWith("login.html") || uri.endsWith("login")) { chain.doFilter(request, response); return; } String userName = (String) request.getSession().getAttribute("userName"); if (null == userName) { response.sendRedirect("login.html"); return; } chain.doFilter(request, response); } @Override public void init(FilterConfig arg0) throws ServletException { } }
- 配置web.xml
配置AuthFilter
<filter> <filter-name>AuthFilter</filter-name> <filter-class>filter.AuthFilter</filter-class> </filter> <filter-mapping> <filter-name>AuthFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>