过滤器实现登录验证及拒绝直接输URL访问网页

package com.filter;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

public class AuthFilter implements Filter {

    public static final String LOGIN_PAGE = "/login.jsp";
    public static final String LOGOUT_PAGE = "/Administrator/public/logout.jsp";
    public static final String[] EXCEPT_PAGE = {"LoginCheck.jsp"};
    public void destroy() {

    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse,
            FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) servletRequest;
        /**
         * 如果处理HTTP请求,并且需要访问诸如getHeader或getCookies等在ServletRequest中
         * 无法得到的方法,就要把此request对象构造成HttpServletRequest
         */
        HttpServletResponse response = (HttpServletResponse) servletResponse;

        String currentURL = request.getRequestURI(); // 取得根目录所对应的绝对路径:

        HttpSession session = request.getSession(false);
       
        boolean bool = false;
        for (int i = 0; i< EXCEPT_PAGE.length; i++){
            if (currentURL.indexOf(EXCEPT_PAGE[i])>=0){
                bool = true;
                break;
            }
        }
        if (currentURL.indexOf(LOGIN_PAGE) == -1 && currentURL.indexOf(LOGOUT_PAGE) == -1 && currentURL.indexOf(".jsp") > -1 && !bool) {
            // 判断当前页是否是重定向以后的登录页面,如果是就不做session的判断,防止出现死循环
            String ref = request.getHeader("REFERER");  //是否是从地址栏直接输入的地址吗?
            if (session == null || session.getAttribute("USERNAME") == null || session.getAttribute("USERNAME").equals("") || (ref==null) || (ref.equals(""))) {
                response.sendRedirect(request.getContextPath()
                        + LOGOUT_PAGE);
                return;
            }
        }
        // 加入filter链继续向下执行
        filterChain.doFilter(request, response);
    }

    public void init(FilterConfig arg0) throws ServletException {

    }

}

-------------------------------------------------------------------------------------------------------

web.xml中设置如下:

    <!-- Login Check begin -->
    <filter>
        <filter-name>AuthFilter</filter-name>
        <filter-class>com.filter.AuthFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>AuthFilter</filter-name>
        <url-pattern>/Administrator/*</url-pattern>
    </filter-mapping>

    <!-- Login Check end-->

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值