转自:http://blog.csdn.net/qq_34614629/article/details/52760957
实现登陆成功后才能访问主页面,否则直接输入主页面的地址会自动跳转到登陆界面
*.jsp
),然后过滤器会对要跳转网页的地址进行分析,如果不是login.jsp(登录页面)页面的话就判断session中有没有值,如果有值,说明用户已经登陆,如果为null说明用户没登陆,然后将地址重定向到login.jsp(登录页面)页面,大致就这样。 代码中很多地方用的System在控制台输出的,并没有提示到页面(因为太懒)
如果你细心的话,你会发现在get和post方法中我并没有对中文乱码进行处理,因为我直接写了一个过滤器。
这篇文章我会讲到用过滤器进行中文乱码及敏感词汇的处理,点这里!!!!
下面是部分代码:
UserServlet代码如下:
package com.gpf.servlet;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import com.gpf.model.User;
import com.gpf.service.UserService;
import com.gpf.serviceImpl.UserServiceImpl;
/**
* @author 朝九晚十
*
*/
public class UserServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
UserService service = new UserServiceImpl();
User user = null;
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String type = request.getParameter("type");
//退出系统
if("exit".equals(type)){
HttpSession session = request.getSession(false);
String sessionUser = (String) session.getAttribute("user");
if(sessionUser!=null){
session.removeAttribute("user");
System.out.println("退出成功!");
}else{
System.out.println("退出失败,用户已经退出登录!");
}
request.getRequestDispatcher("index.jsp").forward(request, response);
}
}
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String type = request.getParameter("type");
//登陆验证
if("login".equals(type)){
String userName = request.getParameter("userName");
String userPwd = request.getParameter("userPwd");
user = service.login(userName);
if(user!=null){
if(user.getUserPwd().equals(userPwd)){
HttpSession session = request.getSession();
session.setAttribute("user", userName);
request.getRequestDispatcher("index.jsp").forward(request, response);
}else{
System.out.println("密码部不正确!");
request.setAttribute("userName", userName);
request.setAttribute("message", "输入密码错误!请重新输入!");
request.getRequestDispatcher("login.jsp").forward(request, response);
}
}else{
System.out.println("用户名不存在!");
}
}
}
}
过滤器代码如下:
package com.gpf.util;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
/**
* 过滤器(拦截器),查看用户是否登陆过,未登录禁止访问页面
*
* @author 朝九晚十
*
*/
public class AuthFilter implements Filter {
/**
* 销毁
*/
@Override
public void destroy() {
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
//获取根目录所对应的绝对路径
String currentURL = request.getRequestURI();
//截取到当前文件名用于比较
String targetURL = currentURL.substring(currentURL.indexOf("/",1),currentURL.length());
//System.out.println(targetURL);
//如果session不为空就返回该session,如果为空就返回null
HttpSession session = request.getSession(false);
if(!"/login.jsp".equals(targetURL)){
//判断当前页面是否是重顶次昂后的登陆页面页面,如果是就不做session的判断,防止死循环
if(session==null||session.getAttribute("user")==null){
//如果session为空表示用户没有登陆就重定向到login.jsp页面
//System.out.println("request.getContextPath()=" + request.getContextPath());
response.sendRedirect(request.getContextPath()+"/login.jsp");
return;
}
}
//继续向下执行
chain.doFilter(request, response);
}
/**
* 初始化
*/
@Override
public void init(FilterConfig arg0) throws ServletException {
}
}
在web.xml中添加如下代码:
<filter>
<filter-name>AuthFilterfilter-name>
<filter-class>com.gpf.util.AuthFilterfilter-class>
filter>
<filter-mapping>
<filter-name>AuthFilterfilter-name>
<url-pattern>*.jspurl-pattern>
filter-mapping>
(2)javaweb关于用户是否登录全局判断,没有登录跳转到登录界面
有这样一个需求,用户密码登录网站,在session中保留了用户的信息,但是用户很长时间没有再操作该界面,用户的session则被浏览器清除,而一些业务逻辑则是需要用到用户的信息,那么用户再执行操作后,则会引起业务代码报错,这时我们就需要在用户访问的时候判断一下用户的信息是否存在,如何实现这个功能,我们这里用到了过滤器这个功能,在用户访问特定界面或者特定接口的时候,先进行过滤,复合条件再执行下一步操作,具体代码如下:
package com.demo.filter; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import com.demo.entity.User; /** * 全站判断用户是否登录过滤器 * @author zhangdi * */ public class AuthFilter implements Filter{ @Override public void destroy() { } @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletResponse resp = (HttpServletResponse)response; HttpServletRequest req = (HttpServletRequest)request; HttpSession session = req.getSession(); User user = (User)session.getAttribute("user"); String uri = req.getRequestURI(); //简单判断缓存中是否有用户 if(user==null){//没有用户 //判断用户是否是选择跳到登录界面 if(uri.endsWith("login.jsp")||uri.endsWith("login.do")){ chain.doFilter(request, response); }else{ resp.sendRedirect(req.getContextPath()+"/login.jsp"); } }else{//有用户 chain.doFilter(request, response); } chain.doFilter(request, response); } @Override public void init(FilterConfig filterConfig) throws ServletException { } }
注意,这个过滤器需要在web.xml中声明,不然不会被项目调用,代码如下:
<filter> <filter-name>authfilter-name> <filter-class>com.demo.filter.AuthFilterfilter-class> filter> <filter-mapping> <filter-name>authfilter-name> <url-pattern>*.jspurl-pattern> filter-mapping> <filter-mapping> <filter-name>authfilter-name> <url-pattern>*.dourl-pattern> filter-mapping>
这里配置过滤的范围是所有的jsp界面以及所有以.do结尾的接口