能配置例外
先写配置文件类
FilterConfig.java
package com.ty.tyzxtj.config; import javax.servlet.Filter; import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import com.ty.tyzxtj.fiter.SessionFilter; /** * 过滤器配置 * @author wangjiping * */ @Configuration public class FilterConfig { /** * 配置过滤器 * @return */ @Bean public FilterRegistrationBean someFilterRegistration() { FilterRegistrationBean registration = new FilterRegistrationBean(); registration.setFilter(sessionFilter()); registration.addUrlPatterns("/*"); registration.addInitParameter("paramName", "paramValue"); registration.setName("sessionFilter"); return registration; } /** * 创建一个bean * @return */ @Bean(name = "sessionFilter") public Filter sessionFilter() { return new SessionFilter(); } }
过滤器类:
对通过过滤器的url请求都查看对应session有没有值没有就跳转到登陆页面
package com.ty.tyzxtj.fiter; import javax.servlet.*; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Value; import java.io.IOException; import java.util.ArrayList; import java.util.List; import java.util.regex.Matcher; import java.util.regex.Pattern; public class SessionFilter implements Filter { private static final org.slf4j.Logger logger = LoggerFactory.getLogger(SessionFilter.class); @Value("$(serverurl)") private String serverurl; /** * 封装,不需要过滤的list列表 */ protected static List<Pattern> patterns = new ArrayList<Pattern>(); @Override public void init(FilterConfig filterConfig) throws ServletException { patterns.add(Pattern.compile("login/index.html")); patterns.add(Pattern.compile("login/login")); patterns.add(Pattern.compile("login.do")); patterns.add(Pattern.compile("main/autoFillty_rj_situation.*")); patterns.add(Pattern.compile("main/post.*")); patterns.add(Pattern.compile(".*[(\.js)||(\.css)||(\.png)]")); } @Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException { HttpServletRequest httpRequest = (HttpServletRequest) servletRequest; HttpServletResponse httpResponse = (HttpServletResponse) servletResponse; String url = httpRequest.getRequestURI().substring(httpRequest.getContextPath().length()); if (url.startsWith("/") && url.length() > 1) { url = url.substring(1); } if (isInclude(url)){ chain.doFilter(httpRequest, httpResponse); return; } else { HttpSession session = httpRequest.getSession(); if (session.getAttribute("loginName") != null){ // session存在 chain.doFilter(httpRequest, httpResponse); return; } else { // session不存在 准备跳转失败 httpResponse.sendRedirect("login.do?toLogin"); } } } @Override public void destroy() { } /** * 是否需要过滤 * @param url * @return */ private boolean isInclude(String url) { for (Pattern pattern : patterns) { Matcher matcher = pattern.matcher(url); if (matcher.matches()) { return true; } } return false; } }
注意:应用了过滤器,前提是所有请求都从服务器上走一次
例如:如果直接在浏览器中输入链接是服务器静态资源文件可能因为浏览器缓存的原因直接访问浏览器的缓存页面没有走过滤器从而想要实现的验证用户登陆没有成功