带有用户登录功能的网站一般需要页面权限验证,以下是两种权限验证方法:
Jsp页面验证:
<%
//权限验证
if(session.getAttribute("currentUser")==null){
response.sendRedirect("index.jsp");
return;
}
%>
Servlet的Filter过滤器权限验证:
(1)web.xml拦截所有用户请求
<!-- 配置过滤器 -->
<filter>
<filter-name>loginFilter</filter-name>
<filter-class>com.java.filter.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>loginFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
(2)Servlet方法实现
public class LoginFilter implements Filter{
@Override
public void destroy() {
// TODO Auto-generated method stub
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request=(HttpServletRequest)servletRequest;
HttpServletResponse response=(HttpServletResponse)servletResponse;
HttpSession session=request.getSession();
Object o=session.getAttribute("currentUser");
//排除已经在登录页面的情况,防止死循环,同时防止静态对象的请求被拦截
String path=request.getServletPath();
if(o==null&&(path.indexOf("login")<0)&&(path.indexOf("css")<0)&&(path.indexOf("images")<0)&&(path.indexOf("bootstrap")<0)&&(path.indexOf("img")<0)&&(path.indexOf("supersized")<0)&&(path.indexOf("js")<0)&&(path.indexOf("userImages")<0)){
response.sendRedirect("login.jsp");
}else{
filterChain.doFilter(servletRequest, servletResponse);
}
}
@Override
public void init(FilterConfig arg0) throws ServletException {
// TODO Auto-generated method stub
}
}
总结:两者分别是前台验证和后台验证,个人感觉后台验证更安全可靠,当然struts等框架都提供了拦截器的功能,实现权限验证的方法都是类似的。