Filter过滤器兑现权限控制

Filter过滤器实现权限控制

在操作中经常性的要对用户是否登陆进行验证，那么如果要进行验证的话，则肯定有大量的代码要不断的判断session是否存在。那么此种代码实际上就可以直接放在过滤器中进行编写。

登录页面：Login.jsp

<script type="text/javascript"> //检查是否输入用户名 否则不予提交 function check(){ var username = document.getElementById("username").value; if(username==null||""==username){ alert("请输入用户名"); return false; } return true; } </script> <body> <center> <form action="loginServlet" method="post" onsubmit="return check()"> <table> <caption>用户登录</caption> <tr> <td>用户名</td><td><input type="text" id="username" name="username" /></td> </tr> <tr> <td>密码</td><td><input type="text" name="password"/></td> </tr> <tr> <td align="right" colspan="2"><input type="submit" value="登录"></td> </tr> </table> </form> </center> </body>
权限控制 用户其实就只有一个入口，即首先进行登录，登录后将信息保存在session中,如果session中没有内容，则无法进入其他页面或进行其他操作。

?

点击登录按钮进入loginServlet将信息保存。

LoginServlet.java

package com.org;import java.io.IOException;import java.io.PrintWriter;import javax.servlet.ServletException;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import javax.servlet.http.HttpSession;public class LoginServlet extends HttpServlet {public void doGet(HttpServletRequest request, HttpServletResponse response)throws ServletException, IOException {response.setContentType("text/html;charset=gbk");request.setCharacterEncoding("gbk");PrintWriter out = response.getWriter();String username = request.getParameter("username");HttpSession session = request.getSession();session.setAttribute("username", username); //用户登录加入到session中response.sendRedirect("jsp/success.jsp"); //登录成功 跳入success.jsp//测试 System.out.println("username: "+username);out.flush();out.close();}public void doPost(HttpServletRequest request, HttpServletResponse response)throws ServletException, IOException {this.doGet(request, response);}}
Filter拦截器： MyFilter.java

?

package com.org;import java.io.IOException;import java.io.PrintWriter;import java.io.UnsupportedEncodingException;import javax.servlet.Filter;import javax.servlet.FilterChain;import javax.servlet.FilterConfig;import javax.servlet.ServletException;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import javax.servlet.http.HttpSession;public class MyFilter implements Filter {public void destroy() {}public void doFilter(ServletRequest servletRequest,ServletResponse servletResponse, FilterChain filterChain)throws IOException, ServletException {HttpServletRequest req = (HttpServletRequest) servletRequest;HttpSession session = req.getSession();String username = (String)session.getAttribute("username");if (username != null&&username!="") {// 如果现在存在了session，则请求向下继续传递filterChain.doFilter(servletRequest, servletResponse);} else {// 跳转到提示登陆页面servletRequest.getRequestDispatcher("/error.jsp").forward(servletRequest, servletResponse);}}public void init(FilterConfig filterConfig) throws ServletException {}}
Filter从session中取出数据看是否已登录，如果session中有内容则执行 filterChain.doFilter()方法请求继续向下传递。否则返回登录页面。

?

为了测试还要有一个让其Session失效的类

InvalidateServlet.java

package com.org;import java.io.IOException;import java.io.PrintWriter;import javax.servlet.ServletException;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import javax.servlet.http.HttpSession;public class InvalidateServlet extends HttpServlet {public void doGet(HttpServletRequest request, HttpServletResponse response)throws ServletException, IOException {response.setContentType("text/html;charset=gbk");request.setCharacterEncoding("gbk");PrintWriter out = response.getWriter();HttpSession session =request.getSession(); //得到session对象session.invalidate(); //注销session 使其失效//然后跳转到登录页面request.getRequestDispatcher("/login.jsp").forward(request, response);out.flush();out.close();}public void doPost(HttpServletRequest request, HttpServletResponse response)throws ServletException, IOException {}}

?

如果在未登录时访问其他页面 则跳转到error.jsp页面

<body><center><h3>您还未登录，请先进行<a href="login.jsp">登录</a></h3></center></body>
登录成功页面 success.jsp

?

<body><center>欢迎<%=session.getAttribute("username")%>光临<br><a href="invalidateServlet">退出</a></center></body>
此外最好需要几个测试页面

?

test1.jsp test2.jsp 里面随便一些显示内容即可

配置web.xml实现拦截

<filter><filter-name>myfilter</filter-name><filter-class>com.org.MyFilter</filter-class></filter><filter-mapping><filter-name>myfilter</filter-name><url-pattern>/jsp/*</url-pattern></filter-mapping><servlet><servlet-name>LoginServlet</servlet-name><servlet-class>com.org.LoginServlet</servlet-class></servlet> <servlet> <servlet-name>InvalidateServlet</servlet-name> <servlet-class>com.org.InvalidateServlet</servlet-class> </servlet><servlet-mapping><servlet-name>LoginServlet</servlet-name><url-pattern>/loginServlet</url-pattern></servlet-mapping> <servlet-mapping> <servlet-name>InvalidateServlet</servlet-name> <url-pattern>/invalidateServlet</url-pattern> </servlet-mapping><welcome-file-list><welcome-file>index.jsp</welcome-file></welcome-file-list>
除login.jsp在webroot目录下 其余jsp页面在jsp文件夹下

?

可进行如下方法的测试

不先进入login.jsp进行登录访问http://localhost:8080/filter/jsp/test1.jsp则提示尚未登录。

然后进行登录随便输入一个用户名，再访问test1.jsp则可以进入或者关闭浏览器重新打开，还是可以进入

直至在success.jsp页面中进行注销 。

?