大概思路是 建一个filter 过滤除登陆页面的其他所有页面 在filter 里取到session 判断里面是否有值 如果有 则正常跳转 否则跳转到登陆页或你需要的指定页面即可~代码如下:
在web.xml里面加上filter :
<!-- 用户登录过滤器开始 -->
<!-- 用户登录过滤器开始 --> <filter> <filter-name>checkLoginFilter </filter-name> <filter-class>CheckLoginFilter </filter-class> <init-param> <param-name>checkSessionKey </param-name> <param-value>LoginUser </param-value> </init-param> <init-param> <param-name>redirectURL </param-name> <param-value>/login.jsf </param-value> </init-param> <init-param> <param-name>notCheckURLList </param-name> <param-value>/login.jsf </param-value> </init-param> </filter> <filter-mapping> <filter-name>checkLoginFilter </filter-name> <url-pattern>*.jsf </url-pattern> </filter-mapping> <!-- 用户登录过滤器结束 -->
/** * 用于检测用户是否登陆的过滤器,如果未登录,则重定向到指的登录页面 <p> * 配置参数 <p> * checkSessionKey 需检查的在 Session 中保存的关键字 <br/> * redirectURL 如果用户未登录,则重定向到指定的页面,URL不包括 ContextPath <br/> * notCheckURLList 不做检查的URL列表,以分号分开,并且 URL 中不包括 ContextPath <br/> */ public class CheckLoginFilter implements Filter { protected FilterConfig filterConfig = null; private String redirectURL = null; private List <String> notCheckURLList = new ArrayList <String>(); private String sessionKey = null; public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException{ HttpServletRequest request = (HttpServletRequest) servletRequest; HttpServletResponse response = (HttpServletResponse) servletResponse; HttpSession session = request.getSession(); response.setHeader("Cache-Control","no-cache"); response.setHeader("Pragma","no-cache"); response.setDateHeader ("Expires", -1); if(sessionKey == null){ filterChain.doFilter(request, response); return; } if((!checkRequestURIIntNotFilterList(request)) && session.getAttribute(sessionKey) == null){ response.sendRedirect(request.getContextPath() + redirectURL); return; } filterChain.doFilter(servletRequest, servletResponse); } public void destroy(){ notCheckURLList.clear(); } private boolean checkRequestURIIntNotFilterList(HttpServletRequest request){ String uri = request.getServletPath() + (request.getPathInfo() == null ? "" : request.getPathInfo()); return notCheckURLList.contains(uri); } public void init(FilterConfig filterConfig) throws ServletException{ this.filterConfig = filterConfig; redirectURL = filterConfig.getInitParameter("redirectURL"); sessionKey = filterConfig.getInitParameter("checkSessionKey"); String notCheckURLListStr = filterConfig.getInitParameter("notCheckURLList"); if(notCheckURLListStr != null){ StringTokenizer st = new StringTokenizer(notCheckURLListStr, ";"); notCheckURLList.clear(); while(st.hasMoreTokens()){ notCheckURLList.add(st.nextToken()); } } } }
此方法不足之处在于jsf的filter生命周期在jsf之前,登录页面的标签样式无法正常显示