第一步要创建一个登录界面
<form action="/servlet/login" method="post">
<input type="text" name="username">
<input type="submit" name="提交">
</form>
提交到/servlet/login跟xml的mapping对应
然后提交到LoginServlet去验证输入的用户名
如果用户名正确将session的id保存到session中
如果不正确跳转到另一个界面/error.jsp中
public class LoginServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
//获取前端请求的参数
String username = req.getParameter("username");
if(username.equals("admin")){//登录成功
req.getSession().setAttribute("user-session",req.getSession().getId());
resp.sendRedirect("/sys/success.jsp");
}else {//登录失败
resp.sendRedirect("/error.jsp");
}
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
doGet(req, resp);
}
}
登录成功界面里边设置一个注销session的servlet
如果点击注销到LoginOut.java中,
首先要获取在登录成功的时候保存的session的id
然后判断是否存在如果不为空则存在,调用req.getSession.removeAttribute进行删除
接着跳转回原来的界面
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>Title</title>
</head>
<body>
<h1>主页</h1>
<a href="/servlet/logout">注销</a>
</body>
</html>
public class LoginOut extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
Object user_name = req.getSession().getAttribute("user-session");
if (user_name!=null){
req.getSession().removeAttribute("user_name");
resp.sendRedirect("/Login.jsp");
}else {
resp.sendRedirect("/Login.jsp");
}
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
doGet(req, resp);
}
}
最重要的是过滤器
public class SysFilter implements Filter {
public void init(FilterConfig filterConfig) throws ServletException {
}
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest servletRequest1= (HttpServletRequest) servletRequest;
HttpServletResponse servletResponse1 = (HttpServletResponse) servletResponse;
if (servletRequest1.getSession().getAttribute("user_session")==null){
((HttpServletResponse) servletResponse).sendRedirect("/error.jsp");
}
filterChain.doFilter(servletRequest,servletResponse);
}
public void destroy() {
}
}
因为是不是HttpServletRequest所以要进行一下强转
然后进行判断是否存在
如果不存在的话就直接拦截住让他去没有权限的那个界面