利用Session驗證是否登陸
阿新 • • 發佈:2018-11-24
自定義過濾器,當用戶沒有登入時,來訪問就會跳轉到登入頁面,有利於後臺資料的安全性
package com.hzit.filter; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; public class AuthorFilter implements Filter { private static String loginPath = "/login.jsp"; public void destroy() { // TODO Auto-generated method stub } public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest)req; HttpServletResponse response = (HttpServletResponse)res; String currentURL = request.getRequestURI(); //請求為http://127.0.0.1:8080/bookTest/login.jsp的值為/bookTest/login.jsp 請求的專案名加檔名的路徑 String ctxPath = request.getContextPath(); //請求為http://127.0.0.1:8080/bookTest/login.jsp的值為/bookTest 請求的專案名的路徑 String targetURL = currentURL.substring(ctxPath.length()); //根據上面的字串擷取請求的檔名 //=======/login.jsp ctxPath: /bookTest currentURL: /bookTest/login.jsp System.out.println("targetURL"+ targetURL +" ctxPath: "+ctxPath+" currentURL: "+currentURL); HttpSession session = request.getSession(false); if(targetURL.endsWith(".css")||targetURL.endsWith(".js")||targetURL.endsWith(".jpg") ||targetURL.endsWith(".gif")||targetURL.endsWith(".png")) { chain.doFilter(request, response);//給登入介面的靜態資源放行 return; } if(("/toLogin".equals(targetURL))) {//當做表單提交時,也要去放行,讓控制層去判斷賬號和密碼是否正確 chain.doFilter(request, response); return; } if(!(loginPath.equals(targetURL))) {//非法請求,重定向到登入介面 if(session == null || session.getAttribute("user") == null) { response.sendRedirect("/bookTest/login.jsp"); return; }else { //合法的請求,放行 chain.doFilter(request, response); return; } }else { chain.doFilter(request, response);//當前為登入介面,直接進入登入介面 return; } } public void init(FilterConfig arg0) throws ServletException { } }
web.xml配置
<?xml version="1.0" encoding="UTF-8"?> <web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"> <display-name>Archetype Created Web Application</display-name> <!-- 處理亂碼 --> <filter> <filter-name>characterEncodingFilter</filter-name> <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class> <init-param> <param-name>encoding</param-name> <param-value>UTF-8</param-value> </init-param> <init-param> <param-name>forceEncoding</param-name> <param-value>true</param-value> </init-param> </filter> <filter> <filter-name>SecureFilter</filter-name> <filter-class>com.hzit.filter.AuthorFilter</filter-class> </filter> <filter-mapping> <filter-name>SecureFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>characterEncodingFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <context-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:spring-mybatis.xml</param-value> </context-param> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <servlet> <servlet-name>SpringMVC</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <init-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:springMVC-servlet.xml</param-value> </init-param> </servlet> <servlet-mapping> <servlet-name>SpringMVC</servlet-name> <url-pattern>/</url-pattern> </servlet-mapping> <!-- 設定歡迎介面 --> <welcome-file-list> <welcome-file>login.jsp</welcome-file> </welcome-file-list> </web-app>
我在做的時候遇到的問題:沒有透徹的理解過濾器的的工作原理,導致靜態資源被攔截。在定義登入名時,沒有加上/,導致在登入時不能進行正確的判斷進入那個if分支裡面。在非法進入時,做頁面跳轉時,未加上專案名,導致404錯誤,總之,經過自己的細心檢查,最終搞定了著這些問題,希望對看的朋友有點幫助