如何通過過濾器實現防止使用者直接使用網址訪問頁面,跳過使用者登入驗證?
阿新 • • 發佈:2019-02-06
思路:使用者輸入使用者名稱和密碼(資料庫中無需存在該使用者名稱和密碼,表示有登入行為)後,建立一個session儲存該使用者物件,在過濾器中讀取這個session,若是session不為null,通過過濾器過濾,若是為null,不能通過過濾器,跳轉到error.jsp頁
login.jsp頁面
</head> <script type="text/javascript"> function validate(){ //驗證 var userCode = document.getElementById("userCode").value; var userPassword = document.getElementById("userPassword").value; var userCodeSpan = document.getElementById("userCodeSpan"); var userPasswordSpan = document.getElementById("userPasswordSpan"); var flag = true; if(userCode == null || userCode == ''){ userCodeSpan.innerHTML = "請輸入使用者名稱"; flag = false; } if(userPassword == null || userPassword == ''){ userPasswordSpan.innerHTML = "請輸入密碼"; flag = false; } //提交 var actionForm = document.getElementById("actionForm"); if(flag){ actionForm.submit(); } } </script> <body> <form action="${pageContext.request.contextPath }/servlet/LonginServlet" name="actionForm" id="actionForm" method="post" > <dl> <dt>使用者名稱:</dt> <dd><input type="text" id="userCode" name="userCode"/> <span id="userCodeSpan"></span> </dd> <dt>密 碼:</dt> <dd><input type="password" id="userPassword" name="userPassword"/><span id="userPasswordSpan"></span></dd> </dl> <div class="buttons"> ${error } <input type="button" value="登入系統" onclick="validate();" /> <input type="reset" value="重 填" class="input-button" /> </div> </form> </body> </html
loginServlet.java
package com.kgc.servlet; import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import com.kgc.pojo.User; public class LonginServlet extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { this.doPost(request, response); } public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String userCode=request.getParameter("userCode"); String userPassword=request.getParameter("userPassword"); //呼叫service方法, User user=new User(); user.setUserCode(userCode); user.setUserPassword(userPassword); // if(user!=null){//不為null,使用者有登入行為 request.getSession().setAttribute("userSession", user); response.sendRedirect("/web05/jsp/admin.jsp"); }else{ System.out.println("使用者沒有登入行為"); } } }
loginFilter.java
package com.kgc.filter; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import com.kgc.pojo.User; public class LoginFilter implements Filter{ @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain arg2) throws IOException, ServletException { // TODO Auto-generated method stub //通過過濾器進行登入過濾,不是進行合法使用者名稱密碼登入的,不可以跳轉到下一頁面,防止通過路徑直接訪問網頁 HttpServletRequest requ=(HttpServletRequest)request; HttpServletResponse res=(HttpServletResponse)response; User userSession=(User)requ.getSession().getAttribute("userSession"); if(userSession==null){ res.sendRedirect("/web05/error.jsp"); }else{ arg2.doFilter(request, response); } } @Override public void destroy() { // TODO Auto-generated method stub } @Override public void init(FilterConfig arg0) throws ServletException { // TODO Auto-generated method stub } }
web.xml
<filter>
<filter-name>LoginFilter</filter-name>
<filter-class>com.kgc.filter.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>/jsp/*</url-pattern> //error.jsp頁面千萬不能放在jsp目錄的下面,這樣就跳轉不到error.jsp頁面
</filter-mapping>