今天想用filter来限制,非法登录,就是不通过登录界面随意进入别的界面。
代码如下:
package com.me.filter; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import com.me.dao.UserDao; public class LoginFilter implements Filter { @Override public void destroy() { // TODO Auto-generated method stub } @Override public void doFilter(ServletRequest req, ServletResponse rep, FilterChain chain) throws IOException, ServletException { // TODO Auto-generated method stub HttpServletRequest request = (HttpServletRequest)req; HttpServletResponse response = (HttpServletResponse)rep; UserDao user = (UserDao) request.getSession().getAttribute("user"); System.out.println(user); if(user == null){ response.sendRedirect("login.jsp"); return; }else{ chain.doFilter(request, response); } } @Override public void init(FilterConfig arg0) throws ServletException { // TODO Auto-generated method stub } }
<filter> <filter-name>LFilter</filter-name> <filter-class>com.me.filter.LFilter</filter-class> </filter> <filter-mapping> <filter-name>LFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
两个filter-name需要对应,然后/*代表过滤所有请求
发现会存在无限次的重定向的错误,导致无法打开页面,因此需要加上一个判断条件。
String path = request.getRequestURI();//获取请求的uri
user==null && path.indexOf("login")==-1//if里面的判断条件
这个意思就是登陆了,并且界面不是login就会进行重定向。
继续执行虽然可以实现过滤功能,但是验证码却无法正常显示
调试之后发现是302状态,经查阅:302 (临时移动) 服务器目前从不同位置的网页响应请求,但请求者应继续使用原有位置来进行以后的请求。
刚开始不明白什么意思,后来知道原来这个CpachaServlet被过滤掉了,
我就想有没有能够不过滤的设置:
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd" id="WebApp_ID" version="4.0"> <display-name>XuQiuZhenJi</display-name> <welcome-file-list> <welcome-file>index.html</welcome-file> <welcome-file>index.htm</welcome-file> <welcome-file>index.jsp</welcome-file> <welcome-file>default.html</welcome-file> <welcome-file>default.htm</welcome-file> <welcome-file>default.jsp</welcome-file> </welcome-file-list> <filter> <filter-name>LFilter</filter-name> <filter-class>com.me.filter.LFilter</filter-class> <init-param> <param-name>excludedPages</param-name> <param-value>/CpachaServlet</param-value> </init-param> </filter> <filter-mapping> <filter-name>LFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> </web-app>
然后修改filter.java
package com.me.filter; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.annotation.WebFilter; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import org.apache.commons.lang.StringUtils; import com.me.dao.UserDao; /** * Servlet Filter implementation class LFilter */ @WebFilter("/LFilter") public class LFilter implements Filter { private FilterConfig _filterConfig = null; private String[] excludedPageArray; private String excludedPages; /** * Default constructor. */ public LFilter() { // TODO Auto-generated constructor stub } /** * @see Filter#destroy() */ public void destroy() { // TODO Auto-generated method stub _filterConfig=null; } /** * @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain) */ public void doFilter(ServletRequest req, ServletResponse rep, FilterChain chain) throws IOException, ServletException { // TODO Auto-generated method stub HttpServletRequest rq = (HttpServletRequest) req; HttpServletResponse rs=(HttpServletResponse)rep; boolean isExcludedPage = false; for (String page : excludedPageArray) { //判断是否在过滤url之外 if (rq.getServletPath().equals(page)) { isExcludedPage = true; break;} } if (isExcludedPage) { //在过滤url之外 chain.doFilter(rq, rs); } else { //不在过滤url之外,判断登录 HttpServletRequest request = (HttpServletRequest)req; HttpServletResponse response = (HttpServletResponse)rep; UserDao user = (UserDao) request.getSession().getAttribute("user"); String path = request.getRequestURI(); if(user==null && path.indexOf("login")==-1) { response.sendRedirect(request.getContextPath()+"/login.jsp"); return; } else { chain.doFilter(request, response); } } } // HttpServletRequest request = (HttpServletRequest)req; // HttpServletResponse response = (HttpServletResponse)rep; // UserDao user = (UserDao) request.getSession().getAttribute("user"); // String path = request.getRequestURI(); // if(user==null && path.indexOf("login")==-1) { // // response.sendRedirect(request.getContextPath()+"/login.jsp"); // return; // } // else { // chain.doFilter(request, response); // } /** * @see Filter#init(FilterConfig) */ public void init(FilterConfig fConfig) throws ServletException { // TODO Auto-generated method stub _filterConfig=fConfig; excludedPages = _filterConfig.getInitParameter("excludedPages"); System.out.println(excludedPages); if (StringUtils.isNotEmpty(excludedPages)) { excludedPageArray = excludedPages.split(","); } } }
init方法通过参数获得你设置的值,然后如果有多个值会进行分割,然后再doFilter,
通过加强for循环判断是否在不过滤的请求之内,如果在就doFilter,不在就进行登录过滤。
另外关于获取请求,对于下面这个url来说,下面的方法获取的值是不一样的,可以根据自己设置的不过滤的请求来选择合适的方法。
http://localhost:8080/ProjectName/ServletName/jsp/index.jsp?id=6
getRequestURL:http://localhost:8080/ProjectName/ServletName/jsp/index.jsp
getRequestURI:ProjectName/ServletName/jsp/index.jsp
getContextPath:/ProjectName
getPathInfo:/jsp/index.jsp
getServletPath:/ServletName
这样大家就可以根据自己想要不过滤的请求然后选择合适的方法进行过滤。
6