在操作中经常性的要对用户是否登陆进行验证,那么如果要进行验证的话,则肯定有大量的代码要不断的判断session是否存在。那么此种代码实际上就可以直接放在过滤器中进行编写。
登录页面:Login.jsp
- <script type="text/javascript">
- //检查是否输入用户名 否则不予提交
- function check(){
- var username = document.getElementById("username").value;
- if(username==null||""==username){
- alert("请输入用户名");
- return false;
- }
- return true;
- }
- </script>
- <body>
- <center>
- <form action="loginServlet" method="post" onsubmit="return check()">
- <table>
- <caption>用户登录</caption>
- <tr>
- <td>用户名</td><td><input type="text" id="username" name="username" /></td>
- </tr>
- <tr>
- <td>密码</td><td><input type="text" name="password"/></td>
- </tr>
- <tr>
- <td align="right" colspan="2"><input type="submit" value="登录"></td>
- </tr>
- </table>
- </form>
- </center>
- </body>
权限控制 用户其实就只有一个入口,即首先进行登录,登录后将信息保存在session中,如果session中没有内容,则无法进入其他页面或进行其他操作。
点击登录按钮 进入loginServlet将信息保存。
LoginServlet.java
- package com.org;
- import java.io.IOException;
- import java.io.PrintWriter;
- import javax.servlet.ServletException;
- import javax.servlet.http.HttpServlet;
- import javax.servlet.http.HttpServletRequest;
- import javax.servlet.http.HttpServletResponse;
- import javax.servlet.http.HttpSession;
- public class LoginServlet extends HttpServlet {
- public void doGet(HttpServletRequest request, HttpServletResponse response)
- throws ServletException, IOException {
- response.setContentType("text/html;charset=gbk");
- request.setCharacterEncoding("gbk");
- PrintWriter out = response.getWriter();
- String username = request.getParameter("username");
- HttpSession session = request.getSession();
- session.setAttribute("username", username); //用户登录加入到session中
- response.sendRedirect("jsp/success.jsp"); //登录成功 跳入success.jsp
- //测试
- System.out.println("username: "+username);
- out.flush();
- out.close();
- }
- public void doPost(HttpServletRequest request, HttpServletResponse response)
- throws ServletException, IOException {
- this.doGet(request, response);
- }
- }
Filter 拦截器: MyFilter.java
- package com.org;
- import java.io.IOException;
- import java.io.PrintWriter;
- import java.io.UnsupportedEncodingException;
- import javax.servlet.Filter;
- import javax.servlet.FilterChain;
- import javax.servlet.FilterConfig;
- import javax.servlet.ServletException;
- import javax.servlet.ServletRequest;
- import javax.servlet.ServletResponse;
- import javax.servlet.http.HttpServletRequest;
- import javax.servlet.http.HttpServletResponse;
- import javax.servlet.http.HttpSession;
- public class MyFilter implements Filter {
- public void destroy() {
- }
- public void doFilter(ServletRequest servletRequest,
- ServletResponse servletResponse, FilterChain filterChain)
- throws IOException, ServletException {
- HttpServletRequest req = (HttpServletRequest) servletRequest;
- HttpSession session = req.getSession();
- String username = (String)session.getAttribute("username");
- if (username != null&&username!="") {
- // 如果现在存在了session,则请求向下继续传递
- filterChain.doFilter(servletRequest, servletResponse);
- } else {
- // 跳转到提示登陆页面
- servletRequest.getRequestDispatcher("/error.jsp").forward(servletRequest, servletResponse);
- }
- }
- public void init(FilterConfig filterConfig) throws ServletException {
- }
- }
Filter从session中取出数据 看是否已登录,如果session中有内容 则执行 filterChain.doFilter()方法 请求继续向下传递。否则返回登录页面。
为了测试 还要有一个让其Session失效的类
InvalidateServlet.java
- package com.org;
- import java.io.IOException;
- import java.io.PrintWriter;
- import javax.servlet.ServletException;
- import javax.servlet.http.HttpServlet;
- import javax.servlet.http.HttpServletRequest;
- import javax.servlet.http.HttpServletResponse;
- import javax.servlet.http.HttpSession;
- public class InvalidateServlet extends HttpServlet {
- public void doGet(HttpServletRequest request, HttpServletResponse response)
- throws ServletException, IOException {
- response.setContentType("text/html;charset=gbk");
- request.setCharacterEncoding("gbk");
- PrintWriter out = response.getWriter();
- HttpSession session =request.getSession(); //得到session对象
- session.invalidate(); //注销session 使其失效
- //然后跳转到登录页面
- request.getRequestDispatcher("/login.jsp").forward(request, response);
- out.flush();
- out.close();
- }
- public void doPost(HttpServletRequest request, HttpServletResponse response)
- throws ServletException, IOException {
- }
- }
如果在未登录时访问其他页面 则跳转到error.jsp页面
- <body>
- <center>
- <h3>
- 您还未登录,请先进行<a href="login.jsp">登录</a>
- </h3>
- </center>
- </body>
登录成功页面 success.jsp
- <body>
- <center>
- 欢迎<%=session.getAttribute("username")%>光临
- <br>
- <a href="invalidateServlet">退出</a>
- </center>
- </body>
此外最好需要几个测试页面
test1.jsp test2.jsp 里面随便一些显示内容即可
配置web.xml实现拦截
- <filter>
- <filter-name>myfilter</filter-name>
- <filter-class>com.org.MyFilter</filter-class>
- </filter>
- <filter-mapping>
- <filter-name>myfilter</filter-name>
- <url-pattern>/jsp/*</url-pattern>
- </filter-mapping>
- <servlet>
- <servlet-name>LoginServlet</servlet-name>
- <servlet-class>com.org.LoginServlet</servlet-class>
- </servlet>
- <servlet>
- <servlet-name>InvalidateServlet</servlet-name>
- <servlet-class>com.org.InvalidateServlet</servlet-class>
- </servlet>
- <servlet-mapping>
- <servlet-name>LoginServlet</servlet-name>
- <url-pattern>/loginServlet</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>InvalidateServlet</servlet-name>
- <url-pattern>/invalidateServlet</url-pattern>
- </servlet-mapping>
- <welcome-file-list>
- <welcome-file>index.jsp</welcome-file>
- </welcome-file-list>
除login.jsp在webroot目录下 其余jsp页面在jsp文件夹下
可进行如下方法的测试
不先进入login.jsp进行登录 访问 http://localhost:8080/filter/jsp/test1.jsp 则提示尚未登录。
然后进行登录 随便输入一个用户名,再访问test1.jsp 则可以进入 或者关闭浏览器重新打开,还是可以进入
直至在success.jsp页面中进行注销 。