web.xml
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5"> <display-name>sp1</display-name> <filter> <filter-name>sessionFilter</filter-name> <filter-class>me.xuzs.sp1.web.filter.SessionFilter</filter-class> <init-param> <param-name>noFilterUrls</param-name> <param-value>/login/authn.jsp,/login/authnServlet</param-value> </init-param> <init-param> <param-name>redirectUrl</param-name> <param-value>/login/login.jsp</param-value> </init-param> </filter> <filter-mapping> <filter-name>sessionFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <servlet> <servlet-name>authnServlet</servlet-name> <servlet-class>me.xuzs.sp1.web.login.AuthnServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>authnServlet</servlet-name> <url-pattern>/login/authnServlet</url-pattern> </servlet-mapping> <welcome-file-list> <welcome-file>index.html</welcome-file> <welcome-file>index.htm</welcome-file> <welcome-file>index.jsp</welcome-file> </welcome-file-list> </web-app>
SessionFilter
package me.xuzs.sp1.web.filter; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; public class SessionFilter implements Filter { /** * 不需要过滤的url */ private String noFilterUrls; /** * 过滤后需要跳转的url */ private String redirectUrl; /** * 当前的contextPath */ private String contextPath; @Override public void destroy() { System.out.println("Session is destory."); } @Override public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) resp; // 获取请求的url String url = String.valueOf(request.getRequestURI()); HttpSession session = request.getSession(false); // 因为jsp默认会创建session,这里需双重判断 if (null == session || null == session.getAttribute("userName")) { // 被跳转到的URL,直接放行 if(url.equals(redirectUrl)){ chain.doFilter(req, resp); return; } String[] notUrls = noFilterUrls.split(","); for (String s : notUrls) { if (url.equals(contextPath + s)) { chain.doFilter(req, resp); return; } } response.sendRedirect(redirectUrl); return; } chain.doFilter(req, resp); } @Override public void init(FilterConfig config) throws ServletException { System.out.println("Session is init."); noFilterUrls = config.getInitParameter("noFilterUrls"); contextPath = config.getServletContext().getContextPath(); redirectUrl = contextPath + config.getInitParameter("redirectUrl"); } }
可实现简单的session过滤!