过滤器实现登录验证及拒绝直接输URL访问网页
2009-01-15 16:51
477 查看
package com.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class AuthFilter implements Filter {
public static final String LOGIN_PAGE = "/login.jsp";
public static final String LOGOUT_PAGE = "/Administrator/public/logout.jsp";
public static final String[] EXCEPT_PAGE = {"LoginCheck.jsp"};
public void destroy() {
}
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse,
FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
/**
* 如果处理HTTP请求,并且需要访问诸如getHeader或getCookies等在ServletRequest中
* 无法得到的方法,就要把此request对象构造成HttpServletRequest
*/
HttpServletResponse response = (HttpServletResponse) servletResponse;
String currentURL = request.getRequestURI(); // 取得根目录所对应的绝对路径:
HttpSession session = request.getSession(false);
boolean bool = false;
for (int i = 0; i< EXCEPT_PAGE.length; i++){
if (currentURL.indexOf(EXCEPT_PAGE[i])>=0){
bool = true;
break;
}
}
if (currentURL.indexOf(LOGIN_PAGE) == -1 && currentURL.indexOf(LOGOUT_PAGE) == -1 && currentURL.indexOf(".jsp") > -1 && !bool) {
// 判断当前页是否是重定向以后的登录页面,如果是就不做session的判断,防止出现死循环
String ref = request.getHeader("REFERER"); //是否是从地址栏直接输入的地址吗?
if (session == null || session.getAttribute("USERNAME") == null || session.getAttribute("USERNAME").equals("") || (ref==null) || (ref.equals(""))) {
response.sendRedirect(request.getContextPath()
+ LOGOUT_PAGE);
return;
}
}
// 加入filter链继续向下执行
filterChain.doFilter(request, response);
}
public void init(FilterConfig arg0) throws ServletException {
}
}
-------------------------------------------------------------------------------------------------------
web.xml中设置如下:
<!-- Login Check begin -->
<filter>
<filter-name>AuthFilter</filter-name>
<filter-class>com.filter.AuthFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AuthFilter</filter-name>
<url-pattern>/Administrator/*</url-pattern>
</filter-mapping>
<!-- Login Check end-->
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class AuthFilter implements Filter {
public static final String LOGIN_PAGE = "/login.jsp";
public static final String LOGOUT_PAGE = "/Administrator/public/logout.jsp";
public static final String[] EXCEPT_PAGE = {"LoginCheck.jsp"};
public void destroy() {
}
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse,
FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
/**
* 如果处理HTTP请求,并且需要访问诸如getHeader或getCookies等在ServletRequest中
* 无法得到的方法,就要把此request对象构造成HttpServletRequest
*/
HttpServletResponse response = (HttpServletResponse) servletResponse;
String currentURL = request.getRequestURI(); // 取得根目录所对应的绝对路径:
HttpSession session = request.getSession(false);
boolean bool = false;
for (int i = 0; i< EXCEPT_PAGE.length; i++){
if (currentURL.indexOf(EXCEPT_PAGE[i])>=0){
bool = true;
break;
}
}
if (currentURL.indexOf(LOGIN_PAGE) == -1 && currentURL.indexOf(LOGOUT_PAGE) == -1 && currentURL.indexOf(".jsp") > -1 && !bool) {
// 判断当前页是否是重定向以后的登录页面,如果是就不做session的判断,防止出现死循环
String ref = request.getHeader("REFERER"); //是否是从地址栏直接输入的地址吗?
if (session == null || session.getAttribute("USERNAME") == null || session.getAttribute("USERNAME").equals("") || (ref==null) || (ref.equals(""))) {
response.sendRedirect(request.getContextPath()
+ LOGOUT_PAGE);
return;
}
}
// 加入filter链继续向下执行
filterChain.doFilter(request, response);
}
public void init(FilterConfig arg0) throws ServletException {
}
}
-------------------------------------------------------------------------------------------------------
web.xml中设置如下:
<!-- Login Check begin -->
<filter>
<filter-name>AuthFilter</filter-name>
<filter-class>com.filter.AuthFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AuthFilter</filter-name>
<url-pattern>/Administrator/*</url-pattern>
</filter-mapping>
<!-- Login Check end-->
相关文章推荐
- 过滤器实现登录验证及拒绝直接输url访问网页
- anglarjs1.6.3+owin 实现验证之一:统一拒绝非登录访问。
- jsp实现网站浏览过滤器(没有登录就不能访问其他网页)
- 【Filter 不登陆无法访问】web项目中写一个过滤器实现用户不登陆,直接给链接,无法进入页面的功能
- servlet+jsp实现过滤器 防止用户未登录访问
- php动态网页实现页面静态化 通过在初次被访问时生成html文件保存起来,下次该PHP程序被访问时就直接找到以前被访问过的html页面
- 使用Servlet过滤器实现用户登录验证
- php动态网页实现页面静态化 通过在初次被访问时生成html文件保存起来,下次该PHP程序被访问时就直接找到以前被访问过的html页面
- web中定义过滤器验证登录(未登录没有权限访问页面)
- python通过本地保存的cookie文件实现登录并访问相关网页
- javaWeb项目用过滤器filter实现登陆成功后才能访问主页面,否则直接输入主页面的地址自动跳转到登陆界面
- 防止未登录的用户直接重写URL访问系统
- Codeigniter实现处理用户登录验证后的URL跳转
- php动态网页实现页面静态化 通过在初次被访问时生成html文件保存起来,下次该PHP程序被访问时就直接找到以前被访问过的html页面
- JAVAWEB开发之Servlet Filter(过滤器)详解包括post和get编码过滤器、URL访问权限控制、自动登录。以及装饰模式的使用
- 在jsp页面使用session来验证未经登录的访问 并完成直接跳转
- 网页中怎样禁止通过输入url直接访问?
- asp.net的登录验证方法 Web.config 的作用范围 拒绝与巧用允许 访问权限
- 没有登录就访问受控的网页则转向的实现
- 使用shiro的的表单过滤器重写shiro默认的认证规则来实现先验证验证码再验证登录所遇到的问题