简述
在常见的网站上,我们需要登录才能访问到其他资源。一般来说我们的登录信息会用session存储,所以我们可以使用filter进行一个登录验证的过滤。
package cn.itcast.web.filter; import com.sun.deploy.net.HttpRequest; import javax.servlet.*; import javax.servlet.annotation.WebFilter; import javax.servlet.http.HttpServletRequest; import java.io.IOException; @WebFilter("/*") public class LoginFilter implements Filter { @Override public void init(FilterConfig filterConfig) throws ServletException { } @Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { //0.强转或者一个http req 和 response HttpServletRequest request = (HttpServletRequest) servletRequest; //1.判断是否是登录相关的资源 String uri = request.getRequestURI(); //2.判断是否包含登录相关资源路径,注意要排除css和js资源 if(uri.contains("/login.jsp") || uri.contains("/loginServlet") || uri.contains("/css/") || uri.contains("/js/") || uri.contains("/fronts/") || uri.contains("/checkCodeServlet")){ //包含,证明想去登录 filterChain.doFilter(servletRequest,servletResponse); }else{ //不包含,需要验证用户是否登录 //3.从session中获取user Object user = request.getSession().getAttribute("user"); if(user != null){ //登录了,放行 filterChain.doFilter(servletRequest,servletResponse); }else{ //证明没有登录,跳转到登录页面 request.setAttribute("login_msg","您尚未登录"); request.getRequestDispatcher("login.jsp").forward(request,servletResponse); } } } @Override public void destroy() { } }