javaweb的登录验证过滤器的实现

首先创建过滤器

public class SecurityServlet extends HttpServlet implements Filter{
private static final long serialVersionUID = 1L;

public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2) throws IOException, ServletException {
HttpServletRequest request=(HttpServletRequest)arg0;
HttpServletResponse response  =(HttpServletResponse) arg1;
Integer count =  (Integer) request.getSession().getAttribute("countOfLogin");
String url=request.getRequestURI();
if(url.indexOf("login")<0){
if(count==null || "".equals(count) ) {
response.sendRedirect(request.getContextPath()+"/login.jsp");
}else{
arg2.doFilter(arg0, arg1);
}
}else{
arg2.doFilter(arg0, arg1);
}

}
public void init(FilterConfig arg0) throws ServletException {
}

Integer count =  (Integer) request.getSession().getAttribute("countOfLogin");

countOfLogin是我在登录时存在session中的一个数值，此时刚好可以验证该session是否存在。

if(url.indexOf("login")<0)

把登录页排除在外

接下来需要配置WEB.XML

<filter>
<filter-name>SecurityServlet</filter-name>
<filter-class>com.zh.fillter.SecurityServlet</filter-class>
</filter>
<filter-mapping>
<filter-name>SecurityServlet</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

我过滤的是所有请求 /*

当然，前提是把除登录页以外的所有页面放在WEB-INF目录下

=====================================================================================

在JSP页面中也可以来判断是否有SESSION，没有的话则返回登录页

<%
if(session.getAttribute("username") == null) {
%>
<script type="text/javascript" language="javascript">
alert("您还没有登录，请登录...");
top.location.href="login.jsp";
</script>
<%
}
%>

Session拦截

<%
if(session.getAttribute("account") == null) {
%>
<script type="text/javascript" language="javascript">
alert("您还没有登录，请登录...");
top.location.href="../login.jsp";
</script>
<%
}
%>