在servlet中过滤器的使用,这个例子实现对用户登录的验证,当前用户的session为空的时候,不允许查看数据:
下面看具体的例子:
1.编写过滤器:
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class SessionFilter implements Filter{
@Override
public void init(FilterConfig config) throws ServletException {
// TODO Auto-generated method stub
String username = config.getInitParameter("sessionKey");
System.out.println(username);
}
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
// TODO Auto-generated method stub
HttpServletRequest req = (HttpServletRequest)request;
HttpSession session = req.getSession();
//由于web.xml中设置Filter过滤全部请求,可以排除不需要过滤的url
String requestURI = req.getRequestURI();
if(requestURI.endsWith("login.jsp")
|| requestURI.endsWith("error.jsp")
|| requestURI.endsWith("LoginServlet")
|| requestURI.endsWith("/")){
chain.doFilter(request, response);
return;
}
//判断用户是否登录,进行页面的处理
if(null == session.getAttribute("user")){
//未登录用户,重定向到登录页面
session.setAttribute("error", "当前用户未登录");
((HttpServletResponse)response).sendRedirect("error.jsp");
return;
} else {
//已登录用户,允许访问
chain.doFilter(request, response);
}
}
@Override
public void destroy() {
// TODO Auto-generated method stub
System.out.println("destory");
}
}
2.在web.xml中进行相应的配置:
<!-- 过滤器的使用 -->
<filter>
<filter-name>SessionFilter</filter-name>
<filter-class>com.filter.SessionFilter</filter-class>
<init-param>
<param-name>sessionKey</param-name>
<param-value>user</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>SessionFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 过滤器结束 -->
3.存放session对象,这里为user:
request.getSession().setAttribute("user", userItem);
4.这样在页面访问时,如果遇到session为空的情况就会自动跳转到登录页面