(重点)JavaWeb(入门篇20)过滤器Filter实现对已注销用户强制访问登录后界面的拦截
一、过滤器Filter实现对已注销用户强制访问登录后界面的拦截
1.实现功能
实现用户登录后才能进入主页,注销后及时输入主页url也不能进入主页
2. 核心代码
在需要登录的文件夹加一个过滤器
HttpServletRequest request = (HttpServletRequest) servletRequest;
if (request.getSession().getAttribute(Constant.USER_SESSION)==null){
HttpServletResponse response = (HttpServletResponse) servletResponse;
response.sendRedirect(request.getContextPath()+"/LogOff");
}
filterChain.doFilter(servletRequest,servletResponse);//转发给其他过滤器或者Servlet
3.框架
4.代码
登录页面login.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
Login
登录界面login.jsp
2.实现登录逻辑的Servlet ,Login.java
package com.bmft.loginInterception;
import com.bmft.util.Constant;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* 这个类是用户在登录界面
* 点击登录后实现跳转逻辑的Servlet
*/
public class Login extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
String username = req.getParameter("username");
String password = req.getParameter("password");
if (username == null || password == null){
System.out.println("====登录失败null====");
resp.sendRedirect("loginFailed.jsp");
}
else if (username.equals("root") && password.equals("123456")) {
req.getSession().setAttribute(Constant.USER_SESSION, req.getSession().getId());
System.out.println("====登录成功====");
resp.sendRedirect("sys/homePage.jsp");
} else {
System.out.println("====登录失败====");
resp.sendRedirect("loginFailed.jsp");
}
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
doGet(req, resp);
}
}
3.登录失败的页面 loginFailed.jsp
<%--
Created by IntelliJ IDEA.
User: 25301
Date: 2020/6/19
Time: 10:39
To change this template use File | Settings | File Templates.
--%>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>登录失败</title>
</head>
<body>
<h1>登录失败!</h1>
<h2>账号或者密码错误</h2>
<a href="login.jsp">重新登录</a>
</body>
</html>
3.登录成功进入主页之前的过滤器LoginFilter.java
package com.bmft.filter;
import com.bmft.util.Constant;
import javax.servlet.*;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* 过滤器步骤
* 1.导包:到一个正确Servlet下的包,实现 Filter
* 2.实现方法都Filter
* (1)实现过滤
* (2)释放
* 3.配置过滤器web.xml
*/
public class LoginFilter implements Filter {
public void init(FilterConfig filterConfig) throws ServletException {
System.out.println("=====过滤器LoginFilter初始化=====");
}
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
System.out.println("=====LoginFilter过滤开始=====");
HttpServletRequest request = (HttpServletRequest) servletRequest;
if (request.getSession().getAttribute(Constant.USER_SESSION)==null){
HttpServletResponse response = (HttpServletResponse) servletResponse;
response.sendRedirect(request.getContextPath()+"/LogOff");
}
filterChain.doFilter(servletRequest,servletResponse);//转发给其他过滤器或者Servlet
System.out.println("=====LoginFilter转发完成,过滤结束======");
}
public void destroy() {
System.out.println("====LoginFilter过滤器销毁=====");
}
}
4.登录成功的主页sys/ 目录下的 homePage.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>主页</title>
</head>
<body>
<h1 style="color: aqua">登录成功!这里是主页homePage</h1>
<h2>登录成功!id = :<%=request.getSession().getId()%></h2>
<a href="<%=request.getContextPath()%>/LogOff">注销登录</a>
</body>
</html>
5.登录主页下点击注销执行的Servlet,LogOff.java
package com.bmft.loginInterception;
import com.bmft.util.Constant;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
/**
* 这个类在用户的登录成功进入主页的
* 时候点击注销登录触发 注销操作,销毁对应的 USER_SESSION 的值
* 然后跳转登录页面
*/
public class LogOff extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
req.getSession().setAttribute(Constant.USER_SESSION,null);
resp.sendRedirect("login.jsp");
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
doGet(req, resp);
}
}
6.编码过滤器 Filter01.java 实现编码的设置
package com.bmft.filter;
import javax.servlet.*;
import java.io.IOException;
/**
* 过滤器步骤
* 1.导包:到一个正确Servlet下的包,实现 Filter
* 2.实现方法都Filter
* (1)实现过滤
* (2)释放
* 3.配置过滤器web.xml
*/
public class Filter01 implements Filter {
public void init(FilterConfig filterConfig) throws ServletException {
System.out.println("=====Filter01过滤器初始化=====");
}
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
System.out.println("=====Filter01过滤开始=====");
servletRequest.setCharacterEncoding("utf-8");
servletResponse.setCharacterEncoding("utf-8");
servletResponse.setContentType("text/html;charset=UTF-8");
filterChain.doFilter(servletRequest,servletResponse);//转发给其他过滤器或者Servlet
System.out.println("=====Filter01转发完成,过滤结束======");
}
public void destroy() {
System.out.println("====Filter01过滤器销毁=====");
}
}
7.web.xml的配置
<!--Login Servlet映射-->
<servlet>
<servlet-name>Login</servlet-name>
<servlet-class>com.bmft.loginInterception.Login</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Login</servlet-name>
<url-pattern>/Login</url-pattern>
</servlet-mapping>
<!--LogOff Servlet映射-->
<servlet>
<servlet-name>LogOff</servlet-name>
<servlet-class>com.bmft.loginInterception.LogOff</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>LogOff</servlet-name>
<url-pattern>/LogOff</url-pattern>
</servlet-mapping>
<!--编码过滤-->
<filter>
<filter-name>Filter01</filter-name>
<filter-class>com.bmft.filter.Filter01</filter-class>
</filter>
<filter-mapping>
<filter-name>Filter01</filter-name>
<url-pattern>/*
LoginFilter
com.bmft.filter.LoginFilter
LoginFilter
/sys/*
5.页面展示
1.登录页面login.jsp
2.错误登录测试
3。返回重新登录正确测试
4.不注销的情况下复制登录成功主页链接,在另一个窗口打开
4.不注销的情况下复制登录成功主页链接,在另一个浏览器(edge)打开
5.注销后
刷新另一个窗口
二、错误与解决
1. 点击登录显示404(相对路径和绝对路劲的问题)
了解相对路径和绝对路径的区别使用
我的项目结构
1.绝对路径
使用 /(反斜杠)会使用绝对路径自动定义到 localhost:8080 目录,而不是项目目录,所以反斜杠一般配合项目路径使用(例如)
<a href="<%=request.getContextPath()%>/LogOff">注销登录</a>
response.sendRedirect(request.getContextPath()+"/LogOff");
2.相对路径:
不适用反斜杠,就是相对路径,定义到 http://localhost:8080/filter02_war 目录 (/filter02_war是你的项目)
相对路径区别于绝对路径(例如)
<a href="login.jsp">登录</a>
resp.sendRedirect("login.jsp");
2.获取的账号密码为空
原因:使用req.getAttribute()获取参数,应该是使用
req.getParameter(“password”);