Filter实现权限拦截

此方法应用于登录注册时 为了防止越级登陆后级目录页面  实现主页等只能从登录成功后进入

Loginservlet

 1 import javax.servlet.ServletException;
 2 import javax.servlet.http.HttpServlet;
 3 import javax.servlet.http.HttpServletRequest;
 4 import javax.servlet.http.HttpServletResponse;
 5 import java.io.IOException;
 6 
 7 public class Loginservlet extends HttpServlet {
 8     @Override
 9     protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
10         String username = req.getParameter("username");
11         if(username.equals("admin")){
12             req.getSession().setAttribute("USER_SESSION",req.getSession().getId());
13             resp.sendRedirect("/success.jsp");
14         }else{
15             resp.sendRedirect("/error.jsp");
16 
17         }
18     }
19 
20     @Override
21     protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
22         doGet(req, resp);
23     }
24 }

此方法的方便之处在于 在登录验证时 将repuest得来得值转化为Session，这样值就储存在服务器中并赋予一个ID唯一确定方便后面调取，并可以在多个页面得取值

过滤器SysFilter

注意！：HttpServletReques继承ServletReques 没有getSession方法

import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

public class SysFilter implements Filter {
    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
    }
    @Override
    public void doFilter(ServletRequest req, ServletResponse resp, FilterChain filterChain) throws IOException, ServletException {

        HttpServletRequest request = (HttpServletRequest) req;
        HttpServletResponse response = (HttpServletResponse) resp;
        if (request.getSession().getAttribute("USER_SESSION")==null) {
            response.sendRedirect("/error.jsp");
        }
        filterChain.doFilter(req,resp);
    }

    @Override
    public void destroy() {
    }
}

 XML配置

 1 <servlet>
 2             <servlet-name>Loginservlet</servlet-name>
 3             <servlet-class>com.zxy.servlet.Loginservlet</servlet-class>
 4         </servlet>
 5         <servlet-mapping>
 6             <servlet-name>Loginservlet</servlet-name>
 7             <url-pattern>/servlet/login</url-pattern>
 8         </servlet-mapping>
 9     
10         <servlet>
11             <servlet-name>Loginout</servlet-name>
12             <servlet-class>com.zxy.servlet.Loginout</servlet-class>
13         </servlet>
14         <servlet-mapping>
15             <servlet-name>Loginout</servlet-name>
16             <url-pattern>/servlet/out</url-pattern>
17         </servlet-mapping>
18 
19         <filter>
20             <filter-name>SysFilter</filter-name>
21             <filter-class>com.zxy.filter.SysFilter</filter-class>
22         </filter>
23         <filter-mapping>
24             <filter-name>SysFilter</filter-name>
25             <url-pattern>/success.jsp</url-pattern>
26         </filter-mapping>

注意！！！过滤器过滤路径一定要正确

loginout

 1 import javax.servlet.ServletException;
 2 import javax.servlet.http.HttpServlet;
 3 import javax.servlet.http.HttpServletRequest;
 4 import javax.servlet.http.HttpServletResponse;
 5 import java.io.IOException;
 6 
 7 public class Loginout extends HttpServlet {
 8     @Override
 9     protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
10         Object user_session = req.getSession().getAttribute("USER_SESSION");
11         if(user_session!=null){
12             req.getSession().removeAttribute("USER_SESSION");
13             resp.sendRedirect("/login.jsp");
14         }else{
15             resp.sendRedirect("/login.jsp");
16         }
17     }
18 
19     @Override
20     protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
21         doGet(req, resp);
22     }
23 }

 只把Session建立的ID名的进行移除，避免了反复创建和关闭Session所带来的负担

Constant实体类

1 public class Constant {
2     public static String USER_SESSION="USER_SESSION";
3 }

login.jsp

 1 <html>
 2 <head>
 3     <title>Title</title>
 4 </head>
 5 <body>
 6 <h1>登录</h1>
 7     <form action="/servlet/login" method="post">
 8         <input type="text" name="username">
 9         <input type="submit">
10     </form>
11 </body>
12 </html>

success.jsp

 1 <%@ page contentType="text/html;charset=UTF-8" language="java" %>
 2 <html>
 3 <head>
 4     <title>Title</title>
 5 </head>
 6 <body>
 7 <%--不用过滤器在jsp页面实现，主页面只能从登录成功跳转过来--%>
 8 <%--<%--%>
 9 <%--    Object userSession = request.getSession().getAttribute("USER_SESSION");--%>
10 <%--    if(userSession==null){--%>
11 <%--        pageContext.forward("login.jsp");--%>
12 <%--    }--%>
13 <%--%>--%>
14 <h1>Success</h1>
15 <p><a href="/servlet/out">注销</a> </p>
16 </body>
17 </html>

error.jsp

 1 <%@ page contentType="text/html;charset=UTF-8" language="java" %>
 2 <html>
 3 <head>
 4     <title>Title</title>
 5 </head>
 6 <body>
 7 <h1>错误</h1>
 8 <p><a href="/login.jsp">返回登录</a> </p>
 9 </body>
10 </html>