/**
* 访问控制过的过滤器
* 如果没有登录就重定向到登录页面
* 如果登录过就放弃该资源请求
* java web API可以过滤拦截web请求
* 拦截的时候增加业务逻辑
* 1.网页/浏览器天生支持跨服务器下载资源,可以提高网业加载效率,提高网站并发性能
* 一些敏感资源跨站下 载就有安全问题
*
* @author soft01
*/
public class AccessFilter implements Filter{
@Override
public void init(FilterConfig filterConfig) throws ServletException {
// TODO Auto-generated method stub
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
// TODO Auto-generated method stub
HttpServletRequest req=(HttpServletRequest)request;
HttpServletResponse res=(HttpServletResponse)response;
HttpSession session=((HttpServletRequest)request).getSession();
User user=(User)session.getAttribute("user");
if(user==null) {
System.out.println("没有登录,重定向到登录页面");
String path=req.getContextPath()+"/ShowLoginServlet";
res.sendRedirect(path);
return ;
}
System.out.println("已经登录,放过资源");
chain.doFilter(request, response);
}
@Override
public void destroy() {
// TODO Auto-generated method stub
}