Filter过滤器实现登录权限拦截

实现：用户登陆之后才能进入主页，注销之后就不能进入主页
1、用户登录后，向Session中存入用户数据。
2、进入主页的时候要判断用户是否已经登录。

例：

先编写主页.jsp，即用户登录后的页面

%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
    <title>主页title>
    <style>
        h1{
            color: cadetblue;
        }
    style>
head>
<body>
<h1>这是主页，欢迎登录！h1>
<hr>
<a href="/servlet/Logout">注销a>
body>
html>

然后是登陆界面

<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
    <title>欢迎登录title>
head>
<body>
<form action="/servlet/Login" method="post">
    <input type="text" name="username" >
    <input type="submit" value="登录">
form>
<hr>
body>
html>

**
**
还有一个错误页面，作用是当作当用户错误输入信息或被拦截后的页面

<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
    <title>错误页面title>
head>
<body>
<h1>很抱歉，你输入的密码不太对！h1>

<hr>
<a href="/Login.jsp">返回登陆页面a>
body>
html>

编写LoginServlet类处理登录事件

public class LoginServlet extends HttpServlet {
    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
      //获得前端传过来的参数
        String username = req.getParameter("username");
        if (username.equals("admin")){
            //登陆成功将登录信息放在Session中
            req.getSession().setAttribute(Constant.USER_SESSION,req.getSession().getId());
            resp.sendRedirect("/sys/success.jsp");
        }else{
            resp.sendRedirect("/Error.jsp");
        }
    }

    @Override
    protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        doGet(req, resp);
    }
}

上述代码是将前端传统过来的参数username做比对，当比对成功时，将用户信息存到Session中，然后servlet重定向到登陆成功界面Success.jsp,当比对失败时，返回到错误界面。

然后是编写一个Logout类实现注销，用户注销后，清除Session，回到登陆界面

public class Logout extends HttpServlet {
    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        Object user_session = req.getSession().getAttribute(Constant.USER_SESSION);
        if (user_session!=null){
            req.getSession().removeAttribute(Constant.USER_SESSION);
            resp.sendRedirect("/Login.jsp");
        }else{
          resp.sendRedirect("/Login.jsp");
        }
    }

    @Override
    protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
       doGet(req, resp);
    }
}

接下来编写SysFilter过滤器，原理是要访问Success.jsp时，必须要经过该过滤器。在用户点击注销时，Session被清空，所以经过过滤器时会被拦截下来，回到错误页面。

public class SysFilter implements Filter {
    @Override
    public void doFilter(ServletRequest req, ServletResponse resp, FilterChain filterChain) throws IOException, ServletException {

        HttpServletRequest request = (HttpServletRequest) req;
        HttpServletResponse response = (HttpServletResponse) resp;

        if (request.getSession().getAttribute(Constant.USER_SESSION)==null){
            response.sendRedirect("/Error.jsp");
        }

        filterChain.doFilter(req,resp);
    }

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {

    }

    @Override
    public void destroy() {

    }
}

别忘了配置web.xml

<servlet>
        <servlet-name>LoginServletservlet-name>
        <servlet-class>com.tt.servlet.LoginServletservlet-class>
    servlet>
    <servlet-mapping>
        <servlet-name>LoginServletservlet-name>
        <url-pattern>/servlet/Loginurl-pattern>
    servlet-mapping>


    <servlet>
        <servlet-name>Logoutservlet-name>
        <servlet-class>com.tt.servlet.Logoutservlet-class>
    servlet>
    <servlet-mapping>
        <servlet-name>Logoutservlet-name>
        <url-pattern>/servlet/Logouturl-pattern>
    servlet-mapping>
    
    <filter>
        <filter-name>SysFilterfilter-name>
        <filter-class>com.tt.filter.SysFilterfilter-class>
    filter>
    <filter-mapping>
        <filter-name>SysFilterfilter-name>
        <url-pattern>/sys/*url-pattern>
    filter-mapping>