当我们访问系统的其他页面的时候, 需要判断是否是登录中的用户, 不然我们直接输入链接地址就可以直接链接到我们的主页面, 即使没有登录. 对于这个问题的解决, 采用Filter统一验证, 我们在调用的时候先调用Filter, 让Filter判断是否已经登录.
Filter统一验证代码:
- public class AuthFilter implements Filter, javax.servlet.Filter {
-
- @Override
- public void destroy() {
-
-
- }
-
- @Override
- public void doFilter(ServletRequest request, ServletResponse response,
- FilterChain chain) throws IOException, ServletException {
-
- HttpServletRequest req = (HttpServletRequest)request;
- HttpServletResponse res = (HttpServletResponse)response;
-
-
-
- String requestURI = req.getRequestURI().substring(req.getRequestURI().indexOf("/",1),req.getRequestURI().length());
-
-
- if(!"/login.jsp".equals(requestURI) && !"/servlet/AuthImageServlet".equals(requestURI))
- {
-
- HttpSession session = req.getSession(false);
-
- if(session == null ||session.getAttribute("user_info")==null)
- {
- res.sendRedirect(req.getContextPath() + "/login.jsp");
-
- return;
- }
-
- }
-
- chain.doFilter(req, res);
- }
- }
在web.xml中配置Filter:
- <filter>
- <filter-name>AuthFilter</filter-name>
- <filter-class>com.bjpowernode.drp.util.filter.AuthFilter</filter-class>
- </filter>
- <filter-mapping>
- <filter-name>AuthFilter</filter-name>
- <url-pattern>*.jsp</url-pattern>
- </filter-mapping>
-
- <filter-mapping>
- <filter-name>AuthFilter</filter-name>
- <url-pattern>/servlet/*</url-pattern>
- </filter-mapping>
这样在没有登录系统的时候, 会自动的跳转到我们的登录页面. 并且在没有登录的情况下, 即使链接到其他的页面, 也会跳转到登录页面.