基于Filter<过滤器>登录权限验证设计心得
2012-06-05 09:51
387 查看
捣鼓了一上午的一点点心得,贴出来大家分享下,见笑了。
上图为项目框架
(一). PowerFilter.java代码部分:
package filters;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class PowerFilter implements Filter{
public void init(FilterConfig arg0) throws ServletException {
}
public void doFilter(ServletRequest request,ServletResponse response,FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
HttpSession session = req.getSession(true);
System.out.println("+-+-+-+-+-+权限验证测试+-+-+-+-+-+-+");
if (session.getAttribute("adminName") != null) {
chain.doFilter(request, response);
} else {
res.sendRedirect("../adminlogin.jsp");
// RequestDispatcher dispatcher = request.getRequestDispatcher("../adminlogin.jsp");
// dispatcher.forward(request, response);
System.out.println("验证失败!");
}
}
public void destroy() {
}
}
(二). web.xml中的Filter配置信息(为了看的清晰我就全贴出来了)
<filter>
<filter-name>Set Character Encoding</filter-name>
<filter-class>filters.SetCharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>gb2312</param-value>
</init-param>
</filter>
<filter>
<filter-name>struts2</filter-name>
<filter-class>org.apache.struts2.dispatcher.FilterDispatcher</filter-class>
</filter>
<filter>
<filter-name>PowerFilter</filter-name>
<filter-class>filters.PowerFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>Set Character Encoding</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>PowerFilter</filter-name>
<url-pattern>/bakpages/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<welcome-file-list>
<welcome-file>jump.jsp</welcome-file>
</welcome-file-list>
注意一下在判断session为空时的情况,实验多次,每次都是进入死循环,走了不少弯路,后来领悟到adminlogin.jsp页面的位置有问题,一开始是放在/bakpages/下面,导致在过滤不存在重定向的时候再次进入了doFilter方法,所以循环继续。因此需要把adminlogin.jsp放到/bakpages/文件夹之外,当与其同目录层次时写成../adminlogin.jsp
,OK,至此问题得意解决。
上图为项目框架
(一). PowerFilter.java代码部分:
package filters;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class PowerFilter implements Filter{
public void init(FilterConfig arg0) throws ServletException {
}
public void doFilter(ServletRequest request,ServletResponse response,FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
HttpSession session = req.getSession(true);
System.out.println("+-+-+-+-+-+权限验证测试+-+-+-+-+-+-+");
if (session.getAttribute("adminName") != null) {
chain.doFilter(request, response);
} else {
res.sendRedirect("../adminlogin.jsp");
// RequestDispatcher dispatcher = request.getRequestDispatcher("../adminlogin.jsp");
// dispatcher.forward(request, response);
System.out.println("验证失败!");
}
}
public void destroy() {
}
}
(二). web.xml中的Filter配置信息(为了看的清晰我就全贴出来了)
<filter>
<filter-name>Set Character Encoding</filter-name>
<filter-class>filters.SetCharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>gb2312</param-value>
</init-param>
</filter>
<filter>
<filter-name>struts2</filter-name>
<filter-class>org.apache.struts2.dispatcher.FilterDispatcher</filter-class>
</filter>
<filter>
<filter-name>PowerFilter</filter-name>
<filter-class>filters.PowerFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>Set Character Encoding</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>PowerFilter</filter-name>
<url-pattern>/bakpages/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<welcome-file-list>
<welcome-file>jump.jsp</welcome-file>
</welcome-file-list>
注意一下在判断session为空时的情况,实验多次,每次都是进入死循环,走了不少弯路,后来领悟到adminlogin.jsp页面的位置有问题,一开始是放在/bakpages/下面,导致在过滤不存在重定向的时候再次进入了doFilter方法,所以循环继续。因此需要把adminlogin.jsp放到/bakpages/文件夹之外,当与其同目录层次时写成../adminlogin.jsp
,OK,至此问题得意解决。
相关文章推荐
- 事件ID 18456:用户<域\计算机名>登录失败。 原因: 基于令牌的服务器访问验证失败,出现基础结构错误
- 关于Unity 获得和使用GetComponent<MeshFilter>().mesh时的心得
- Qt5.6 用SQLite数据库验证做登录框,并查删改xml文件做记住密码和自动登录<二>
- Qt5.6 用SQLite数据库验证做登录框,并查删改xml文件做记住密码和自动登录<三>
- android基于openfire+spark+amack 即时聊天--------<2>登录遇到的问题和重要类解析
- 使用MvcHandler设计自定义系统权限<上>
- 单点登录CAS解决方案<四>:验证后返回数据
- SSH 常见权限设计四:如何得到<s:a action="url">kkk</s:a>里面的url
- 【Qt编程】基于Qt的词典开发系列<八>--用户登录及API调用的实现
- php+js+mysql设计的仿webQQ-<2>其他验证
- 基于权限安全框架Shiro的登录验证功能实现
- 【Qt编程】基于Qt的词典开发系列<六>--界面美化设计
- 【Qt编程】基于Qt的词典开发系列<八>--用户登录及API调用的实现
- php+js+mysql设计的仿webQQ-<2>其他验证
- Qt5.6 用SQLite数据库验证做登录框,并查删改xml文件做记住密码和自动登录<一>
- Filter登录验证过滤器(全局)
- 从头认识Spring-2.7 自动检测Bean(3)-过滤器<context:exclude-filter/>
- Web API 登录接口,查询接口权限验证设计(理论)
- Java web实现登录验证和过滤器权限设置
- php+js+mysql设计的仿webQQ-<2>其他验证