什麼是Filter實現許可權攔截,比如說我們登陸一個網站,登陸成功後可以訪問其中的內容,退出登陸後就不能再對內容進行訪問,這就用到了我們的Filter實現許可權攔截。 那麼具體是怎麼實現的呢? 原理很簡單,我們可以給已登錄用戶session存放一個用於標記登陸的數據,只需要在過濾器里看能否獲取數據來進行 ...
什麼是Filter實現許可權攔截,比如說我們登陸一個網站,登陸成功後可以訪問其中的內容,退出登陸後就不能再對內容進行訪問,這就用到了我們的Filter實現許可權攔截。
那麼具體是怎麼實現的呢?
原理很簡單,我們可以給已登錄用戶session存放一個用於標記登陸的數據,只需要在過濾器里看能否獲取數據來進行是否有權訪問的判斷。
話不多說,我們直接開始。
一、建立一個登陸頁面index.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title>登錄</title> </head> <body> <h1>登錄</h1> <form action="/checkuser"> 用戶名:<input type="text" name="username" /> <input type="submit" value="登錄"/> </form> </body> </html>
二、建立一個登陸成功的頁面,具有註銷功能
先建立一個sys文件,在sys文件下建立loginsuccess.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>主界面</title>
</head>
<body>
<h1>登錄成功</h1>
<h1><a href="/Logout">註銷</a></h1>
</body>
</html>
三、建立一個servlet用於驗證登錄CheckUser.class
1 package com.jms.servlet; 2 3 import java.io.IOException; 4 5 import javax.servlet.ServletException; 6 import javax.servlet.http.HttpServlet; 7 import javax.servlet.http.HttpServletRequest; 8 import javax.servlet.http.HttpServletResponse; 9 10 public class CheckUser extends HttpServlet{ 11 12 /** 13 * 14 */ 15 private static final long serialVersionUID = 1L; 16 17 @Override 18 protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { 19 String username = req.getParameter("username"); 20 if(username.equals("admin")) { 21 req.getSession().setAttribute("USER_ID", req.getSession().getId()); 22 resp.sendRedirect("/sys/loginsuccess.jsp"); 23 }else { 24 resp.sendRedirect("/index.jsp"); 25 } 26 } 27 28 @Override 29 protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { 30 doGet(req, resp); 31 } 32 33 }
修改web.xml註冊servelt
<servlet> <servlet-name>CheckUser</servlet-name> <servlet-class>com.jms.servlet.CheckUser</servlet-class> </servlet> <servlet-mapping> <servlet-name>CheckUser</servlet-name> <url-pattern>/checkuser</url-pattern> </servlet-mapping>
四、建立一個Servlet用於註銷用戶LogoutServlet.class
1 package com.jms.servlet; 2 3 import java.io.IOException; 4 5 import javax.servlet.ServletException; 6 import javax.servlet.http.HttpServlet; 7 import javax.servlet.http.HttpServletRequest; 8 import javax.servlet.http.HttpServletResponse; 9 10 public class LogoutServlet extends HttpServlet{ 11 12 /** 13 * 14 */ 15 private static final long serialVersionUID = 1L; 16 17 @Override 18 protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { 19 if(req.getSession().getAttribute("USER_ID") != null) { 20 req.getSession().removeAttribute("USER_ID"); 21 resp.sendRedirect("/index.jsp"); 22 } 23 } 24 25 @Override 26 protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { 27 doGet(req, resp); 28 } 29 30 31 32 }
修改web.xml
<servlet> <servlet-name>LogoutServlet</servlet-name> <servlet-class>com.jms.servlet.LogoutServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>LogoutServlet</servlet-name> <url-pattern>/Logout</url-pattern> </servlet-mapping>
五、建立一個過濾器攔截未登陸的用戶
1 package com.jms.filter; 2 3 import java.io.IOException; 4 5 import javax.servlet.Filter; 6 import javax.servlet.FilterChain; 7 import javax.servlet.ServletException; 8 import javax.servlet.ServletRequest; 9 import javax.servlet.ServletResponse; 10 import javax.servlet.http.HttpServletRequest; 11 import javax.servlet.http.HttpServletResponse; 12 13 public class UserFilter implements Filter{ 14 15 @Override 16 public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) 17 throws IOException, ServletException { 18 HttpServletRequest req = (HttpServletRequest)request; 19 HttpServletResponse resp = (HttpServletResponse)response; 20 if(req.getSession().getAttribute("USER_ID") == null) { 21 resp.sendRedirect("/index.jsp"); 22 }else { 23 resp.sendRedirect("/sys/loginsuccess.jsp"); 24 } 25 chain.doFilter(request, response);//給其他過濾器放行 26 } 27 28 }
修改web.xml
<filter> <filter-name>UserFilter</filter-name> <filter-class>com.jms.filter.UserFilter</filter-class> </filter> <filter-mapping> <filter-name>UserFilter</filter-name> <url-pattern>/sys/*</url-pattern> </filter-mapping>
六、測試
首先輸入錯誤用戶名登陸
返回了登陸頁面
接著我們輸入正確用戶名“admin”
成功登錄
我們複製網址,點擊註銷後,直接輸入網址進入
此時會直接跳轉回登陸頁面,無法再進入。
(本文僅作跟人學習記錄用,如有紕漏,敬請指正)
