過濾器篇(1)-----使用者登入驗證過濾器(LoginFilter)
阿新 • • 發佈:2019-02-04
1. 過濾器簡介
用過濾器實現登入和訪問許可權.
Java中的Filter 並不是一個標準的Servlet ,它不能處理使用者請求,也不能對客戶端生成響應。 主要用於對HttpServletRequest 進行預處理,也可以對HttpServletResponse 進行後處理,是個典型的處理鏈。
優點:過濾鏈的好處是,執行過程中任何時候都可以打斷,只要不執行chain.doFilter()就不會再執行後面的過濾器和請求的內容。而在實際使用時,就要特別注意過濾鏈的執行順序問題
2.登入過濾器Code案例
- 使用者登入介面(login.jsp)
<%--
Created by IntelliJ IDEA.
User: 網路黑寡婦
Date : 17-5-18
--%>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>登入介面</title>
</head>
<body>
<div align="center">
<form method="POST" name="frmLogin" action="LoginServlet">
<h1 align="center">使用者登入</h1 ><br/>
<table border=1>
<tr>
<td>使用者名稱:</td>
<td>
<input type="text" name="username" value="Your name" size="20" maxlength="20" autocomplete="off"
onfocus="if (this.value=='Your name') this.value='';" />
</td>
</tr>
<tr>
<td>密 碼:</td>
<td>
<input type="password" name="password" value="Your password" size="20" maxlength="20" autocomplete="off"
onfocus="if (this.value=='Your password') this.value='';"/>
</td>
</tr>
<tr align="center">
<td colspan="4" height="40px">
<input type="submit" name="Submit" value="提 交" onClick="return validateLogin()"/>
<input type="reset" name="Reset" value="重 置"/>
</td>
</tr>
</table>
</form>
</div>
<script language="javascript">
function validateLogin() {
var sUserName = document.frmLogin.username.value;
var sPassword = document.frmLogin.password.value;
if ((sUserName == "") || (sUserName == "Your name")) {
alert("請輸入使用者名稱!");
return false;
}
if ((sPassword == "") || (sPassword == "Your password")) {
alert("請輸入密碼!");
return false;
}
}
</script>
</body>
</html>
2.後臺(Servlet)處理Code (LoginServlet)
package com.Servlet;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
/**
* Created by dhc on 17-5-18.
* user: 網路黑寡婦
*/
@WebServlet("/LoginServlet")
public class LoginServlet extends HttpServlet{
private static final long serialVersionUID = 1L;
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
HttpSession session = request.getSession();
String adminName = request.getParameter("username");
String adminpsw = request.getParameter("password");
session.setAttribute("username", adminName); //儲存在Session中
if ( adminName.equals(admin) && adminpsw.equals(password))) {
//main.jsp檔案為要跳轉的jsp介面.
request.getRequestDispatcher("main.jsp").forward(request, response);
} else {
request.getRequestDispatcher("login.jsp").forward(request,response);
}
}
3.重點過濾器的編寫 (LoginFilter)
package com.Filter;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Arrays;
import java.util.List;
/**
* Created by dhc on 17-5-18.
* Description: 所有請求都走此過濾器來判斷使用者是否登入
* user: 網路黑寡婦
**/
public class LoginFilter implements Filter{
private String sessionKey;
private String redirectUrl;
private String uncheckedUrls;
@Override
public void init(FilterConfig filterConfig) throws ServletException {
ServletContext servletContext = filterConfig.getServletContext();
//獲取XML檔案中配置引數
sessionKey = servletContext.getInitParameter("userSessionKey");
//System.out.println("sessionKey======" + sessionKey);//除錯用
redirectUrl = servletContext.getInitParameter("redirectPage");
//System.out.println("redirectPage======" + redirectUrl);
uncheckedUrls = servletContext.getInitParameter("uncheckedUrls");
//System.out.println("uncheckedUrls=====" + uncheckedUrls);
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
// 獲得在下面程式碼中要用的request,response,session物件
HttpServletRequest httpRequest = (HttpServletRequest) servletRequest;
HttpServletResponse httpResponse = (HttpServletResponse) servletResponse;
//1.獲取請求URL
String servletPath = httpRequest.getServletPath();
//2.檢測1中獲取的servletPath是否為不需要檢測的URl中的一個.若是,放行
List<String> urls = Arrays.asList(uncheckedUrls.split(","));
if (urls.contains(servletPath)) {
filterChain.doFilter(httpRequest, httpResponse);
return;
}
//3.從session中獲取SessionKey對應值,若值不存在,則重定向到redirectUrl
Object user = httpRequest.getSession().getAttribute("username");
if ((user == null)) {
httpResponse.sendRedirect(httpRequest.getContextPath() + redirectUrl);
return;
}
//4.若存在,則放行
filterChain.doFilter(httpRequest, httpResponse);
}
@Override
public void destroy() {
}
}
4.配置 web.XML 檔案
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
version="3.1">
<!--檢測使用者是否登入的過濾器配置-->
<!--使用者資訊存放到session中的鍵的名字-->
<context-param>
<param-name>userSessionKey</param-name>
<param-value>username</param-value>
</context-param>
<!--若未登入,需要重定向的頁面-->
<context-param>
<param-name>redirectPage</param-name>
<param-value>/login.jsp</param-value>
</context-param>
<!--不需要攔截的URL列表;注意配置時不要攔截後臺對使用者和密碼判斷的頁面,否則可能登入登入不進主介面-->
<context-param>
<param-name>uncheckedUrls</param-name>
<param-value>/index.jsp,/LoginServlet</param-value>
</context-param>
<filter>
<filter-name>LoginFilter</filter-name>
<filter-class>com.Filter.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<!--過濾站點下所有檔案,也可設定成過濾某一類檔案如: "*.jsp" 或是過濾掉某一個資料夾下的所有檔案,如: "/目錄名/*" -->
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>