用户登录(login)过滤器(Filter)
2016-12-16 22:06
393 查看
在一个web应用中,通常需要用户认证,通过了用户认证才能访问网页。
几乎所有网页在访问前,都需要通过用户认证,所以用户认证可以做成一个过滤器。访问一个Servlet或JSP时,会自动的调用过滤器,过滤器里判断是否已经用户认证过了,如果已经认证通过,则显示页面,如果没有通过,则跳转至用户登录页面。
下面是用户登录过滤器的代码:
(根据网上搜索到的一个例子,修改而成)
------ LoginFilter.java ------
package common.filter;
import javax.servlet.*;
import javax.servlet.http.*;
import java.util.*;
import java.io.*;
/**
* 检测用户是否登录,如果没有登录,则重定向到登录页面
*/
public class LoginFilter implements Filter
{
private String loginURL = null;
private List notCheckURLList = null;
private String loginSessionKey = null;
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException
{
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
String servletPath = request.getServletPath();
// Pass if not need to check login
if (loginSessionKey == null) {
filterChain.doFilter(request, response);
return;
}
// Pass if already logged in
HttpSession session = request.getSession();
if (session.getAttribute(loginSessionKey) != null) {
filterChain.doFilter(servletRequest, servletResponse);
return;
}
// Pass if it is configured not checking
if (checkRequestURIIntNotFilterList(request)) {
filterChain.doFilter(servletRequest, servletResponse);
return;
}
// Redirect to login page
response.sendRedirect(request.getContextPath() + loginURL);
return;
}
private boolean checkRequestURIIntNotFilterList(HttpServletRequest request) {
String uri = request.getServletPath() + (request.getPathInfo() == null ? "" : request.getPathInfo());
return notCheckURLList.contains(uri);
}
@Override
public void destroy() {
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
notCheckURLList = new ArrayList();
loginURL = filterConfig.getServletContext().getInitParameter("loginURL");
loginSessionKey = filterConfig.getServletContext().getInitParameter("loginSessionKey");
String notCheckURLListStr = filterConfig.getServletContext().getInitParameter("notCheckURLList");
if (notCheckURLListStr != null) {
StringTokenizer st = new StringTokenizer(notCheckURLListStr, ";");
while (st.hasMoreTokens()) {
notCheckURLList.add(st.nextToken());
}
}
}
}
------ web.xml ------
<context-param>
<param-name>loginURL</param-name>
<param-value>/login.jsp</param-value>
</context-param>
<context-param>
<param-name>loginSessionKey</param-name>
<param-value>userName</param-value>
</context-param>
<context-param>
<param-name>notCheckURLList</param-name>
<param-value>/login.jsp;/login;/jsp/NewFile.jsp</param-value>
</context-param>
<filter>
<filter-name>loginFilter</filter-name>
<filter-class>common.filter.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>loginFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
几乎所有网页在访问前,都需要通过用户认证,所以用户认证可以做成一个过滤器。访问一个Servlet或JSP时,会自动的调用过滤器,过滤器里判断是否已经用户认证过了,如果已经认证通过,则显示页面,如果没有通过,则跳转至用户登录页面。
下面是用户登录过滤器的代码:
(根据网上搜索到的一个例子,修改而成)
------ LoginFilter.java ------
package common.filter;
import javax.servlet.*;
import javax.servlet.http.*;
import java.util.*;
import java.io.*;
/**
* 检测用户是否登录,如果没有登录,则重定向到登录页面
*/
public class LoginFilter implements Filter
{
private String loginURL = null;
private List notCheckURLList = null;
private String loginSessionKey = null;
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException
{
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
String servletPath = request.getServletPath();
// Pass if not need to check login
if (loginSessionKey == null) {
filterChain.doFilter(request, response);
return;
}
// Pass if already logged in
HttpSession session = request.getSession();
if (session.getAttribute(loginSessionKey) != null) {
filterChain.doFilter(servletRequest, servletResponse);
return;
}
// Pass if it is configured not checking
if (checkRequestURIIntNotFilterList(request)) {
filterChain.doFilter(servletRequest, servletResponse);
return;
}
// Redirect to login page
response.sendRedirect(request.getContextPath() + loginURL);
return;
}
private boolean checkRequestURIIntNotFilterList(HttpServletRequest request) {
String uri = request.getServletPath() + (request.getPathInfo() == null ? "" : request.getPathInfo());
return notCheckURLList.contains(uri);
}
@Override
public void destroy() {
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
notCheckURLList = new ArrayList();
loginURL = filterConfig.getServletContext().getInitParameter("loginURL");
loginSessionKey = filterConfig.getServletContext().getInitParameter("loginSessionKey");
String notCheckURLListStr = filterConfig.getServletContext().getInitParameter("notCheckURLList");
if (notCheckURLListStr != null) {
StringTokenizer st = new StringTokenizer(notCheckURLListStr, ";");
while (st.hasMoreTokens()) {
notCheckURLList.add(st.nextToken());
}
}
}
}
------ web.xml ------
<context-param>
<param-name>loginURL</param-name>
<param-value>/login.jsp</param-value>
</context-param>
<context-param>
<param-name>loginSessionKey</param-name>
<param-value>userName</param-value>
</context-param>
<context-param>
<param-name>notCheckURLList</param-name>
<param-value>/login.jsp;/login;/jsp/NewFile.jsp</param-value>
</context-param>
<filter>
<filter-name>loginFilter</filter-name>
<filter-class>common.filter.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>loginFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
相关文章推荐
- 过滤器篇(1)-----用户登录验证过滤器(LoginFilter)
- 过滤器(filter)实现用户登录拦截
- 通用的用户登录过滤器(SessionFilter)
- 过滤器(Filter)应用之------设置页面缓存、用户的自动登录和敏感词过滤
- JavaWeb-过滤器Filter学习(三)实现用户的自动登录与IP黑名单过滤
- javaweb过滤器filter-判断用户是否登录
- Filter实际应用--检查用户是否登录的过滤器
- 通用的用户登录过滤器(SessionFilter)
- 通用的用户登录过滤器(SessionFilter)--【web.xml中配置】
- Struts2.0里的过滤器interceptor之用户只可以访问Login.action与Register.action,访问其它.action的链接时,自动切换到登录页面
- 通用的用户登录过滤器(SessionFilter)
- 通用的用户登录过滤器(SessionFilter)
- 通用的用户登录过滤器(SessionFilter)
- 校验用户是否登录过滤器Filter
- filter 过滤器用户登录并判断是否属于电脑端或者手机端访问
- 过滤器(filter)判断用户是否登录
- 通用的用户登录过滤器(SessionFilter)
- JavaEE之--------利用过滤器实现用户自动登录,安全登录,取消自动登录黑用户禁止登录
- discuz X3用户登录uc_user_login()函数详解
- Servlet学习之用户登录Demo——ServletLoginDemo(一)