filter实现登录验证,并实现页面跳转到登录前浏览的页面(同步异步皆可)
框架使用SSH
1、首先写好filter,如下
package com.alpha.web.filter;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class CheckLoginFilter implements Filter {
private String redirectURL = "";
private List notCheckURLList = null;
@Override
public void destroy() {
this.notCheckURLList.clear();
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse,
FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest)servletRequest;
HttpServletResponse response = (HttpServletResponse)servletResponse;
HttpSession session= request.getSession();
/**
* loginKey为用户登录成功后写到session中的,在这里通过获取loginKey判断是否登录成功
* 如果登录成功,则跳转到登录前浏览的页面,如果登录前是从login.jsp过来的,则不跳转
*/
Object loginKey = session.getAttribute("loginKey");
if(loginKey != null && loginKey.toString().equals("success")) {
session.removeAttribute("loginKey");
Object uri = session.getAttribute("requestURI");
if(uri != null) {
response.sendRedirect(uri.toString());
return;
}
}
/**
* 判断是否是不需要执行过滤的页面,如果是则直接放行
*/
String requestURI = request.getRequestURI();
for(String url : this.notCheckURLList){
if(requestURI.indexOf(url) != -1) {
filterChain.doFilter(request, response);
return;
}
}
/**
* 如果用户未登录,记录目前访问的页面,并跳转到登录页面
*/
if(session.getAttribute("user") == null) {
if(requestURI.endsWith("jsp"))
session.setAttribute("requestURI", requestURI);
response.sendRedirect(request.getContextPath() + "/" + redirectURL);
return;
}
filterChain.doFilter(request, response);
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
//初始化配置的参数
redirectURL = filterConfig.getInitParameter("redirectURL");
String notCheckURLStr = filterConfig.getInitParameter("notCheckURLList");
if(notCheckURLStr != null) {
notCheckURLList = new ArrayList();
notCheckURLList.clear();
String[] urls = notCheckURLStr.split(",");
for (String url : urls) {
notCheckURLList.add(url);
}
}
}
}
2、接下来在web.xml中配置filter,如下
checkLoginFilter
com.alpha.web.filter.CheckLoginFilter
检查失败后需要定向到的页面
redirectURL
Login/Login.jsp
不用检查用户的页面列表,用","分隔
notCheckURLList
Login.jsp,login.action
checkLoginFilter
*.jsp
checkLoginFilter
*.action
struts2
org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter
struts2
/action/*
注意:要将filter的配置放在struts配置前面,否则filter将过滤不到action
3、用户验证的action,这里简单写下思路
//这是刚开始写的action,打算在action处理时直接跳转,若为同步请求,直接由jsp中的form请求过来,可以直接在action中跳转成功,后来发现ajax请求时根本跳不过去public void login(){ User user = validateUser(username,password); if(user != null) {
request.getSession().setAttribute("user",user); Object obj = request.getSession().getAttribute("requestURI");
if(obj != null) {
try {
response.sendRedirect(obj.toString());
return;
} catch (IOException e) {
e.printStackTrace();
} }
}//以下是不分同步异步的,通过在session中添加标记的方式,然后在filter中判断是否登录成功 public void login() {
User user = userManagerService.validate(username, password);
if(user != null){
this.session.put("user", user);
this.session.put("loginKey", "success");
}else{
message = "用户名或密码错误!";
}
//通过json方式和客户端交互的代码,可以写在下面
}