带有过滤器的session小应用
一个JSP登录页面
一个验证是否登录成功的Servlet类
重点中的重点:
一个基本用户和管理者可以操作的Query类
一个只有管理者可以操作的Update类
一个显示不同用户下不同页面效果的JSP
省略web.xml里面的配置
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%@ page import="com.mison.User"%>
<html>
<head>
<title>My JSP 'sessionLogin.jsp' starting page</title>
</head>
<body>
<%
String username=request.getParameter("username");
String authority=request.getParameter("authority");
%>
<form action="MyLoginCheck">
username1:<input type="text" name="username" value="<%= null==username?"":username%>"><br>
password:<input type="password" name="password" value=""><br>
authority:
<select name="authority">
<option value="boss" <%= "boss"==authority?"":"selected='selected'" %>>boss</option>
<option value="user" <%= "user"==authority?"":"selected='selected'" %>>user</option>
</select><br>
<input type="submit" value="submit">
</form>
</body>
</html>
一个验证是否登录成功的Servlet类
package com.mison;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class MyLoginCheck extends HttpServlet {
public void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
User user=new User();
HttpSession session =req.getSession();
String username=req.getParameter("username");
String password=req.getParameter("password");
String authority=req.getParameter("authority");
if("boss".equals(authority)){
if("chenjing".equals(username)&&"chenjing".equals(password)){
user.setName(username);
user.setPassword(password);
user.setAuthority(authority);
session.setAttribute("user", user);
req.getRequestDispatcher("index.jsp").forward(req, resp);
}
else{
resp.sendRedirect("sessionLogin.jsp?username="+username+"&authority="+authority);
// user.setName(username);
//
// user.setAuthority(authority);
//
// session.setAttribute("user", user);
//
// RequestDispatcher dp=req.getRequestDispatcher("sessionLogin.jsp");
//
// dp.forward(req, resp);
}
}
else if("user".equals(authority)){
if("chenfeng".equals(username)&&"chenfeng".equals(password)){
user.setName(username);
user.setPassword(password);
user.setAuthority(authority);
session.setAttribute("user", user);
req.getRequestDispatcher("sessionout.jsp").forward(req, resp);
}
else{
resp.sendRedirect("FilterTest.jsp?username="+username+"&authority="+authority);
// user.setName(username);
//
// user.setAuthority(authority);
//
// session.setAttribute("user", user);
//
// RequestDispatcher dp=req.getRequestDispatcher("sessionLogin.jsp");
//
// dp.forward(req, resp);
}
}
else{
resp.sendRedirect("FilterTest.jsp?username="+username+"&authority="+authority);
}
}
}
重点中的重点:
package com.mison1;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class MyFilter implements Filter{
public void destroy() {
}
public void doFilter(ServletRequest req, ServletResponse resp,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest request=(HttpServletRequest)req;
String requestURL=request.getRequestURI();
if(requestURL.endsWith("FilterTest.jsp")||requestURL.endsWith("MyLoginCheck")){
chain.doFilter(req, resp);
return;
}
HttpSession session=request.getSession();
if(null==session.getAttribute("user")){
((HttpServletResponse)resp).sendRedirect("FilterTest.jsp");
return;
}
else{
chain.doFilter(req, resp);
}
}
public void init(FilterConfig arg0) throws ServletException {
System.out.println("Filter start");
}
}
一个基本用户和管理者可以操作的Query类
package com.mison;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class MyQueryServlet extends HttpServlet {
/**
* The doGet method of the servlet. <br>
*
* This method is called when a form has its tag value method equals to get.
*
* @param request the request send by the client to the server
* @param response the response send by the server to the client
* @throws ServletException if an error occurred
* @throws IOException if an error occurred
*/
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
System.out.println("MyQueryServlet");
}
}
一个只有管理者可以操作的Update类
package com.mison;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class MyUpdateServlet extends HttpServlet {
/**
* The doGet method of the servlet. <br>
*
* This method is called when a form has its tag value method equals to get.
*
* @param request the request send by the client to the server
* @param response the response send by the server to the client
* @throws ServletException if an error occurred
* @throws IOException if an error occurred
*/
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
System.out.println("MyUpdateServlet");
}
}
一个显示不同用户下不同页面效果的JSP
<%@ page language="java" import="com.mison.User" pageEncoding="UTF-8"%>
<html>
<head>
<title>My JSP 'index.jsp' starting page</title>
</head>
<body>
<a href="MyQueryServlet">query</a>
<%if(((User)session.getAttribute("user")).getAuthority().equals("boss")){%>
<a href="MyUpdateServlet">update</a>
<% }%>
</body>
</html>
省略web.xml里面的配置