过滤器篇(1)-----用户登录验证过滤器(LoginFilter)

1. 过滤器简介

用过滤器实现登录和访问权限.

Java中的Filter 并不是一个标准的Servlet ，它不能处理用户请求，也不能对客户端生成响应。 主要用于对HttpServletRequest 进行预处理，也可以对HttpServletResponse 进行后处理，是个典型的处理链。

优点：过滤链的好处是，执行过程中任何时候都可以打断，只要不执行chain.doFilter()就不会再执行后面的过滤器和请求的内容。而在实际使用时，就要特别注意过滤链的执行顺序问题

2.登录过滤器Code案例

用户登录界面(login.jsp)

<%--
Created by IntelliJ IDEA.
User: 网络黑寡妇
Date: 17-5-18
--%>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>登录界面</title>
</head>
<body>
<div align="center">
<form method="POST" name="frmLogin" action="LoginServlet">
<h1 align="center">用户登录</h1><br/>
<table border=1>
<tr>
<td>用户名：</td>
<td>
<input type="text" name="username" value="Your name" size="20" maxlength="20" autocomplete="off"
onfocus="if (this.value=='Your name')  this.value='';"/>
</td>
</tr>
<tr>
<td>密  码：</td>
<td>
<input type="password" name="password" value="Your password" size="20" maxlength="20" autocomplete="off"
onfocus="if (this.value=='Your password')  this.value='';"/>
</td>
</tr>
<tr align="center">
<td colspan="4" height="40px">
<input type="submit" name="Submit" value="提 交" onClick="return validateLogin()"/>    
<input type="reset" name="Reset" value="重 置"/>
</td>
</tr>
</table>
</form>
</div>
<script language="javascript">
function validateLogin() {
var sUserName = document.frmLogin.username.value;
var sPassword = document.frmLogin.password.value;
if ((sUserName == "") || (sUserName == "Your name")) {
alert("请输入用户名!");
return false;
}
if ((sPassword == "") || (sPassword == "Your password")) {
a
4000
lert("请输入密码!");
return false;
}
}
</script>
</body>
</html>

2.后台(Servlet)处理Code (LoginServlet)

package com.Servlet;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;

/**
* Created by dhc on 17-5-18.
* user: 网络黑寡妇
*/
@WebServlet("/LoginServlet")
public class LoginServlet extends HttpServlet{
private static final long serialVersionUID = 1L;

protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
HttpSession session = request.getSession();
String adminName = request.getParameter("username");
String adminpsw = request.getParameter("password");

session.setAttribute("username", adminName); //存储在Session中

if ( adminName.equals(admin) && adminpsw.equals(password))) {
//main.jsp文件为要跳转的jsp界面.
request.getRequestDispatcher("main.jsp").forward(request, response);
} else {
request.getRequestDispatcher("login.jsp").forward(request,response);
}
}

3.重点过滤器的编写 (LoginFilter)

package com.Filter;

import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Arrays;
import java.util.List;

/**
* Created by dhc on 17-5-18.
* Description: 所有请求都走此过滤器来判断用户是否登录
* user: 网络黑寡妇
**/
public class LoginFilter implements Filter{
private String sessionKey;
private String redirectUrl;
private String uncheckedUrls;

@Override
public void init(FilterConfig filterConfig) throws ServletException {
ServletContext servletContext = filterConfig.getServletContext();
//获取XML文件中配置参数
sessionKey = servletContext.getInitParameter("userSessionKey");
//System.out.println("sessionKey======" + sessionKey);//调试用
redirectUrl = servletContext.getInitParameter("redirectPage");
//System.out.println("redirectPage======" + redirectUrl);
uncheckedUrls = servletContext.getInitParameter("uncheckedUrls");
//System.out.println("uncheckedUrls=====" + uncheckedUrls);
}

@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
// 获得在下面代码中要用的request,response,session对象
HttpServletRequest httpRequest = (HttpServletRequest) servletRequest;
HttpServletResponse httpResponse = (HttpServletResponse) servletResponse;
//1.获取请求URL
String servletPath = httpRequest.getServletPath();

//2.检测1中获取的servletPath是否为不需要检测的URl中的一个.若是,放行
List<String> urls = Arrays.asList(uncheckedUrls.split(","));
if (urls.contains(servletPath)) {
filterChain.doFilter(httpRequest, httpResponse);
return;
}

//3.从session中获取SessionKey对应值,若值不存在,则重定向到redirectUrl
Object user = httpRequest.getSession().getAttribute("username");
if ((user == null)) {
httpResponse.sendRedirect(httpRequest.getContextPath() + redirectUrl);
return;
}

//4.若存在,则放行
filterChain.doFilter(httpRequest, httpResponse);
}

@Override
public void destroy() {
}
}

4.配置 web.XML 文件

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" version="3.1">

<!--检测用户是否登录的过滤器配置-->
<!--用户信息存放到session中的键的名字-->
<context-param>
<param-name>userSessionKey</param-name>
<param-value>username</param-value>
</context-param>
<!--若未登录，需要重定向的页面-->
<context-param>
<param-name>redirectPage</param-name>
<param-value>/login.jsp</param-value>
</context-param>
<!--不需要拦截的URL列表;注意配置时不要拦截后台对用户和密码判断的页面,否则可能登录登录不进主界面-->
<context-param>
<param-name>uncheckedUrls</param-name>
<param-value>/index.jsp,/LoginServlet</param-value>
</context-param>

<filter>
<filter-name>LoginFilter</filter-name>
<filter-class>com.Filter.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<!--过滤站点下所有文件,也可设置成过滤某一类文件如:  "*.jsp" 或是过滤掉某一个文件夹下的所有文件,如: "/目录名/*" -->
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>