过滤器篇(1)-----用户登录验证过滤器(LoginFilter)
2017-05-19 13:58
459 查看
1. 过滤器简介
用过滤器实现登录和访问权限.
Java中的Filter 并不是一个标准的Servlet ,它不能处理用户请求,也不能对客户端生成响应。 主要用于对HttpServletRequest 进行预处理,也可以对HttpServletResponse 进行后处理,是个典型的处理链。
优点:过滤链的好处是,执行过程中任何时候都可以打断,只要不执行chain.doFilter()就不会再执行后面的过滤器和请求的内容。而在实际使用时,就要特别注意过滤链的执行顺序问题
2.登录过滤器Code案例
用户登录界面(login.jsp)<%-- Created by IntelliJ IDEA. User: 网络黑寡妇 Date: 17-5-18 --%> <%@ page contentType="text/html;charset=UTF-8" language="java" %> <html> <head> <title>登录界面</title> </head> <body> <div align="center"> <form method="POST" name="frmLogin" action="LoginServlet"> <h1 align="center">用户登录</h1><br/> <table border=1> <tr> <td>用户名:</td> <td> <input type="text" name="username" value="Your name" size="20" maxlength="20" autocomplete="off" onfocus="if (this.value=='Your name') this.value='';"/> </td> </tr> <tr> <td>密 码:</td> <td> <input type="password" name="password" value="Your password" size="20" maxlength="20" autocomplete="off" onfocus="if (this.value=='Your password') this.value='';"/> </td> </tr> <tr align="center"> <td colspan="4" height="40px"> <input type="submit" name="Submit" value="提 交" onClick="return validateLogin()"/> <input type="reset" name="Reset" value="重 置"/> </td> </tr> </table> </form> </div> <script language="javascript"> function validateLogin() { var sUserName = document.frmLogin.username.value; var sPassword = document.frmLogin.password.value; if ((sUserName == "") || (sUserName == "Your name")) { alert("请输入用户名!"); return false; } if ((sPassword == "") || (sPassword == "Your password")) { a 4000 lert("请输入密码!"); return false; } } </script> </body> </html>
2.后台(Servlet)处理Code (LoginServlet)
package com.Servlet; import javax.servlet.ServletException; import javax.servlet.annotation.WebServlet; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import java.io.IOException; /** * Created by dhc on 17-5-18. * user: 网络黑寡妇 */ @WebServlet("/LoginServlet") public class LoginServlet extends HttpServlet{ private static final long serialVersionUID = 1L; protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { HttpSession session = request.getSession(); String adminName = request.getParameter("username"); String adminpsw = request.getParameter("password"); session.setAttribute("username", adminName); //存储在Session中 if ( adminName.equals(admin) && adminpsw.equals(password))) { //main.jsp文件为要跳转的jsp界面. request.getRequestDispatcher("main.jsp").forward(request, response); } else { request.getRequestDispatcher("login.jsp").forward(request,response); } }
3.重点过滤器的编写 (LoginFilter)
package com.Filter; import javax.servlet.*; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; import java.util.Arrays; import java.util.List; /** * Created by dhc on 17-5-18. * Description: 所有请求都走此过滤器来判断用户是否登录 * user: 网络黑寡妇 **/ public class LoginFilter implements Filter{ private String sessionKey; private String redirectUrl; private String uncheckedUrls; @Override public void init(FilterConfig filterConfig) throws ServletException { ServletContext servletContext = filterConfig.getServletContext(); //获取XML文件中配置参数 sessionKey = servletContext.getInitParameter("userSessionKey"); //System.out.println("sessionKey======" + sessionKey);//调试用 redirectUrl = servletContext.getInitParameter("redirectPage"); //System.out.println("redirectPage======" + redirectUrl); uncheckedUrls = servletContext.getInitParameter("uncheckedUrls"); //System.out.println("uncheckedUrls=====" + uncheckedUrls); } @Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { // 获得在下面代码中要用的request,response,session对象 HttpServletRequest httpRequest = (HttpServletRequest) servletRequest; HttpServletResponse httpResponse = (HttpServletResponse) servletResponse; //1.获取请求URL String servletPath = httpRequest.getServletPath(); //2.检测1中获取的servletPath是否为不需要检测的URl中的一个.若是,放行 List<String> urls = Arrays.asList(uncheckedUrls.split(",")); if (urls.contains(servletPath)) { filterChain.doFilter(httpRequest, httpResponse); return; } //3.从session中获取SessionKey对应值,若值不存在,则重定向到redirectUrl Object user = httpRequest.getSession().getAttribute("username"); if ((user == null)) { httpResponse.sendRedirect(httpRequest.getContextPath() + redirectUrl); return; } //4.若存在,则放行 filterChain.doFilter(httpRequest, httpResponse); } @Override public void destroy() { } }
4.配置 web.XML 文件
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" version="3.1"> <!--检测用户是否登录的过滤器配置--> <!--用户信息存放到session中的键的名字--> <context-param> <param-name>userSessionKey</param-name> <param-value>username</param-value> </context-param> <!--若未登录,需要重定向的页面--> <context-param> <param-name>redirectPage</param-name> <param-value>/login.jsp</param-value> </context-param> <!--不需要拦截的URL列表;注意配置时不要拦截后台对用户和密码判断的页面,否则可能登录登录不进主界面--> <context-param> <param-name>uncheckedUrls</param-name> <param-value>/index.jsp,/LoginServlet</param-value> </context-param> <filter> <filter-name>LoginFilter</filter-name> <filter-class>com.Filter.LoginFilter</filter-class> </filter> <filter-mapping> <filter-name>LoginFilter</filter-name> <!--过滤站点下所有文件,也可设置成过滤某一类文件如: "*.jsp" 或是过滤掉某一个文件夹下的所有文件,如: "/目录名/*" --> <url-pattern>/*</url-pattern> </filter-mapping> </web-app>
相关文章推荐
- 用户登录(login)过滤器(Filter)
- 使用Servlet过滤器实现用户登录验证
- Struts2.0里的过滤器interceptor之用户只可以访问Login.action与Register.action,访问其它.action的链接时,自动切换到登录页面
- .net mvc 中的用户登录验证过滤器
- JFinal学习笔记(三) 过滤器实现用户登录验证
- JavaWeb-过滤器Filter学习(三)实现用户的自动登录与IP黑名单过滤
- Filter登录验证过滤器(全局)
- 购物网站21:过滤器----购物车---用户登录---员工登录---登录验证---编码转换
- 通用的用户登录过滤器(SessionFilter)
- ASP.Net MVC Filter验证用户登录
- Filter --- 验证用户是否登录
- 校验用户是否登录过滤器Filter
- 通用的用户登录过滤器(SessionFilter)
- MVC中利用Filter验证用户登录状态
- UsernamePasswordAuthenticationFilter是登陆用户密码验证过滤器,
- android loginDemo +WebService用户登录验证
- 基于Filter<过滤器>登录权限验证设计心得
- 通用的用户登录过滤器(SessionFilter)
- 过滤器(filter)实现用户登录拦截
- Filter 验证当前访问用户是否登录