1. 我们可以在web.xml中配置filter来对指定的URL进行过滤,进行一些特殊操作如权限验证等。
<!– session过滤filter –> <filter> <filter-name>SessionFilter</filter-name> <filter-class>com.xm.chris.SessionFilter</filter-class> </filter> <filter-mapping> <filter-name>SessionFilter</filter-name> <url-pattern>/resources/*</url-pattern> </filter-mapping>
public class SessionFilter implements Filter { private static final String CONTENT_TYPE = "text/html; charset=UTF-8"; private FilterConfig _filterConfig = null; public void init(FilterConfig filterConfig) throws ServletException { _filterConfig = filterConfig; } public void destroy() { _filterConfig = null; } public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest rq = (HttpServletRequest) request; HttpSession httpSession = rq.getSession(); Long userId = (Long) httpSession.getAttribute("userId"); if (userId == null) { response.setContentType(CONTENT_TYPE); PrintWriter out = response.getWriter(); out.println("<html>"); out.println("<head><title>Error</title></head>"); out.println("<body>"); out.println("<p id='Message'>错误.</p>"); out.println("</body></html>"); out.close(); } else { chain.doFilter(request, response); } } }
这时所有请求了contextPath/resources/*路径的request都会被SessionFilter验证是否登录。
2. 但是我们有一些特定的url不想验证登录,想要直接能够访问,怎么办呢?
这时可以配置一个参数,告诉Filter哪些url不想验证。
<filter> <filter-name>SecurityFilter</filter-name> <filter-class>com.oracle.ccsc.jcs.sx.filter.SecurityFilter</filter-class> <init-param> <param-name>excludedPages</param-name> <param-value>/xm/portal/notice</param-value> </init-param> </filter>
然后在Filter中就可以根据参数判断是否需要过滤。
public class SecurityFilter implements Filter { private static final String CONTENT_TYPE = "text/html; charset=UTF-8"; private FilterConfig _filterConfig = null; private String excludedPages; private String[] excludedPageArray; public void init(FilterConfig filterConfig) throws ServletException { _filterConfig = filterConfig; excludedPages = filterConfig.getInitParameter("excludedPages"); if (StringUtils.isNotEmpty(excludedPages)) { excludedPageArray = excludedPages.split(","); } } public void destroy() { _filterConfig = null; } public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest rq = (HttpServletRequest) request; boolean isExcludedPage = false; for (String page : excludedPageArray) { //判断是否在过滤url之外if (rq.getPathInfo().equals(page)) { isExcludedPage = true; break; } } if (isExcludedPage) { //在过滤url之外 chain.doFilter(request, response); } else { //不在过滤url之外,判断登录 HttpSession httpSession = rq.getSession(); Long userId = (Long) httpSession.getAttribute("userId"); if (userId == null) { response.setContentType(CONTENT_TYPE); PrintWriter out = response.getWriter(); out.println("<html>"); out.println("<head><title>Error</title></head>"); out.println("<body>"); out.println("<p id='Message'>错误.</p>"); out.println("</body></html>"); out.close(); } else { chain.doFilter(request, response); } } } }
3. 关于用Servlet获取URL地址。
在HttpServletRequest类里,有以下六个取URL的函数
getContextPath 取得项目名
getServletPath 取得Servlet名
getPathInfo 取得Servlet后的URL名,不包括URL参数
getRequestURL 取得不包括参数的URL
getRequestURI 取得不包括参数的URI,即去掉协议和服务器名的URL
具体如下图:
相对应的函数的值如下:
getContextPath:/ServletTest
getServletPath:/main
getPathInfo:/index/testpage/test
getRequestURL:http://localhost:8080/ServletTest/main/index/testpage/test
getRequestURI:/ServletTest/main/index/testpage/test