在进行B/S开发的时候,我们经常会遇到虽然我们写了登录界面,但是直接根据路径也能进入主界面,这样的话登录界面就成了摆设,因此在这种条件下我们就要用到了一个比较重要的东西:过滤器,使得将未登录的界面拦截下来并跳转到登录界面,从而达到未登录则不能进入系统内部的目的。
过滤器的构建分为以下三部:1.在登录接口中加入session 2.配置过滤器LoginFilter 3.进行过滤器的声明
1.在登录接口中加入session
当登录验证通过后,在其中加入session,为之后的多次request服务
request.getSession().setAttribute("userName", userBean.USER_ID);
2.配置过滤器LoginFilter
public class LoginFilter implements Filter {
public static final String loginPage ="/ERMS/Log.html";
@Override
public void destroy() {
// TODO Auto-generated method stub
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse,
FilterChain filterChain) throws IOException, ServletException {
// TODO Auto-generated method stub
HttpServletRequest request =(HttpServletRequest) servletRequest;
HttpServletResponse response=(HttpServletResponse) servletResponse;
String currentUrl =request.getRequestURI();
String currentPath=request.getContextPath();
//出掉项目名称时访问当前路径
String targetUrl=currentUrl.substring(currentPath.length());
HttpSession session=request.getSession();
String ssString=(String)session.getAttribute("userName");
if(targetUrl.indexOf("Log.html")>0||targetUrl.equals("/")){
filterChain.doFilter(request, response);
return;
}
else {
if(ssString==null){
response.sendRedirect(loginPage);
}else {
filterChain.doFilter(request, response);
}
}
}
@Override
public void init(FilterConfig arg0) throws ServletException {
// TODO Auto-generated method stub
}
}
3.进行过滤器的声明
过滤器的声明需要在web.xml中进行
<!-- 过滤器,过滤所有的html访问 -->
<filter>
<filter-name>LoginFilter</filter-name>
<filter-class>com.erms.interceptor.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>*.html</url-pattern>
</filter-mapping>