Filter过滤器实现权限控制

在操作中经常性的要对用户是否登陆进行验证，那么如果要进行验证的话，则肯定有大量的代码要不断的判断session是否存在。那么此种代码实际上就可以直接放在过滤器中进行编写。

登录页面：Login.jsp

<script type="text/javascript">
   //检查是否输入用户名  否则不予提交  
   function check(){
	   var username = document.getElementById("username").value;
	   if(username==null||""==username){
		   alert("请输入用户名");
		   return false;
	   }
	   return true;
   }
   
</script>
  
  <body>
	   <center>
	      <form action="loginServlet" method="post" onsubmit="return check()">
	         <table>
	             <caption>用户登录</caption>
	             <tr>
	                <td>用户名</td><td><input type="text" id="username" name="username" /></td>
	             </tr>
	             <tr>
	                <td>密码</td><td><input type="text" name="password"/></td>
	             </tr>
	             <tr>
	                <td align="right" colspan="2"><input type="submit" value="登录"></td>
	             </tr>
	         </table>
	      </form>
	   </center>
  </body>

权限控制 用户其实就只有一个入口，即首先进行登录，登录后将信息保存在session中,如果session中没有内容，则无法进入其他页面或进行其他操作。

点击登录按钮 进入loginServlet将信息保存。

LoginServlet.java

package com.org;

import java.io.IOException;
import java.io.PrintWriter;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

public class LoginServlet extends HttpServlet {

	
	public void doGet(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {

		response.setContentType("text/html;charset=gbk");
		request.setCharacterEncoding("gbk");
		PrintWriter out = response.getWriter();
		
		String username = request.getParameter("username");
		HttpSession session = request.getSession();
		session.setAttribute("username", username);  //用户登录加入到session中
		
		response.sendRedirect("jsp/success.jsp");    //登录成功 跳入success.jsp
		
		//测试 
		System.out.println("username: "+username);
		
		out.flush();
		out.close();
	}

	public void doPost(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {

		this.doGet(request, response);
	}

}

Filter 拦截器： MyFilter.java

package com.org;

import java.io.IOException;
import java.io.PrintWriter;
import java.io.UnsupportedEncodingException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

public class MyFilter implements Filter {

	public void destroy() {
	}

	public void doFilter(ServletRequest servletRequest,
			ServletResponse servletResponse, FilterChain filterChain)
			throws IOException, ServletException {

		HttpServletRequest req = (HttpServletRequest) servletRequest;
		HttpSession session = req.getSession();
		
		String username = (String)session.getAttribute("username");
		
		if (username != null&&username!="") {
			// 如果现在存在了session，则请求向下继续传递
			filterChain.doFilter(servletRequest, servletResponse);
		} else {
			// 跳转到提示登陆页面
			servletRequest.getRequestDispatcher("/error.jsp").forward(servletRequest, servletResponse);
		}
	}

	public void init(FilterConfig filterConfig) throws ServletException {
	}
}

Filter从session中取出数据 看是否已登录，如果session中有内容 则执行 filterChain.doFilter()方法 请求继续向下传递。否则返回登录页面。

为了测试 还要有一个让其Session失效的类

InvalidateServlet.java

package com.org;

import java.io.IOException;
import java.io.PrintWriter;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

public class InvalidateServlet extends HttpServlet {

	
	public void doGet(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {

		response.setContentType("text/html;charset=gbk");
		request.setCharacterEncoding("gbk");
		PrintWriter out = response.getWriter();
		HttpSession session =request.getSession(); //得到session对象
		session.invalidate();                      //注销session  使其失效
		//然后跳转到登录页面
		request.getRequestDispatcher("/login.jsp").forward(request, response);
		out.flush();
		out.close();
	}

	public void doPost(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {

		
	}

}

如果在未登录时访问其他页面 则跳转到error.jsp页面

<body>
		<center>
			<h3>
				您还未登录，请先进行<a href="login.jsp">登录</a>
			</h3>
		</center>
	</body>

登录成功页面 success.jsp

<body>
		<center>
			欢迎<%=session.getAttribute("username")%>光临
			<br>
			<a href="invalidateServlet">退出</a>
		</center>
	</body>

此外最好需要几个测试页面

test1.jsp  test2.jsp 里面随便一些显示内容即可

配置web.xml实现拦截

<filter>
		<filter-name>myfilter</filter-name>
		<filter-class>com.org.MyFilter</filter-class>
	</filter>
	<filter-mapping>
		<filter-name>myfilter</filter-name>
		<url-pattern>/jsp/*</url-pattern>
	</filter-mapping>
	
	<servlet>
		<servlet-name>LoginServlet</servlet-name>
		<servlet-class>com.org.LoginServlet</servlet-class>
	</servlet>
  <servlet>
    <servlet-name>InvalidateServlet</servlet-name>
    <servlet-class>com.org.InvalidateServlet</servlet-class>
  </servlet>

	<servlet-mapping>
		<servlet-name>LoginServlet</servlet-name>
		<url-pattern>/loginServlet</url-pattern>
	</servlet-mapping>
  <servlet-mapping>
    <servlet-name>InvalidateServlet</servlet-name>
    <url-pattern>/invalidateServlet</url-pattern>
  </servlet-mapping>
	<welcome-file-list>
		<welcome-file>index.jsp</welcome-file>
	</welcome-file-list>

除login.jsp在webroot目录下  其余jsp页面在jsp文件夹下

可进行如下方法的测试

不先进入login.jsp进行登录 访问 http://localhost:8080/filter/jsp/test1.jsp 则提示尚未登录。

然后进行登录 随便输入一个用户名，再访问test1.jsp 则可以进入 或者关闭浏览器重新打开，还是可以进入

直至在success.jsp页面中进行注销 。