百木园什么是Filter实现权限拦截,比如说我们登陆一个网站,登陆成功后可以访问其中的内容,退出登陆后就不能再对内容进行访问,这就用到了我们的Filter实现权限拦截。
那么具体是怎么实现的呢?
原理很简单,我们可以给已登录用户session存放一个用于标记登陆的数据,只需要在过滤器里看能否获取数据来进行是否有权访问的判断。
话不多说,我们直接开始。
一、建立一个登陆页面index.jsp
<%@ page language=\"java\" contentType=\"text/html; charset=UTF-8\" pageEncoding=\"UTF-8\"%> <!DOCTYPE html> <html> <head> <meta charset=\"UTF-8\"> <title>登录</title> </head> <body> <h1>登录</h1> <form action=\"/checkuser\"> 用户名:<input type=\"text\" name=\"username\" /> <input type=\"submit\" value=\"登录\"/> </form> </body> </html>
二、建立一个登陆成功的页面,具有注销功能
先建立一个sys文件,在sys文件下建立loginsuccess.jsp
<%@ page language=\"java\" contentType=\"text/html; charset=UTF-8\"
pageEncoding=\"UTF-8\"%>
<!DOCTYPE html>
<html>
<head>
<meta charset=\"UTF-8\">
<title>主界面</title>
</head>
<body>
<h1>登录成功</h1>
<h1><a href=\"/Logout\">注销</a></h1>
</body>
</html>
三、建立一个servlet用于验证登录CheckUser.class
1 package com.jms.servlet; 2 3 import java.io.IOException; 4 5 import javax.servlet.ServletException; 6 import javax.servlet.http.HttpServlet; 7 import javax.servlet.http.HttpServletRequest; 8 import javax.servlet.http.HttpServletResponse; 9 10 public class CheckUser extends HttpServlet{ 11 12 /** 13 * 14 */ 15 private static final long serialVersionUID = 1L; 16 17 @Override 18 protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { 19 String username = req.getParameter(\"username\"); 20 if(username.equals(\"admin\")) { 21 req.getSession().setAttribute(\"USER_ID\", req.getSession().getId()); 22 resp.sendRedirect(\"/sys/loginsuccess.jsp\"); 23 }else { 24 resp.sendRedirect(\"/index.jsp\"); 25 } 26 } 27 28 @Override 29 protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { 30 doGet(req, resp); 31 } 32 33 }
修改web.xml注册servelt
<servlet> <servlet-name>CheckUser</servlet-name> <servlet-class>com.jms.servlet.CheckUser</servlet-class> </servlet> <servlet-mapping> <servlet-name>CheckUser</servlet-name> <url-pattern>/checkuser</url-pattern> </servlet-mapping>
四、建立一个Servlet用于注销用户LogoutServlet.class
1 package com.jms.servlet; 2 3 import java.io.IOException; 4 5 import javax.servlet.ServletException; 6 import javax.servlet.http.HttpServlet; 7 import javax.servlet.http.HttpServletRequest; 8 import javax.servlet.http.HttpServletResponse; 9 10 public class LogoutServlet extends HttpServlet{ 11 12 /** 13 * 14 */ 15 private static final long serialVersionUID = 1L; 16 17 @Override 18 protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { 19 if(req.getSession().getAttribute(\"USER_ID\") != null) { 20 req.getSession().removeAttribute(\"USER_ID\"); 21 resp.sendRedirect(\"/index.jsp\"); 22 } 23 } 24 25 @Override 26 protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { 27 doGet(req, resp); 28 } 29 30 31 32 }
修改web.xml
<servlet> <servlet-name>LogoutServlet</servlet-name> <servlet-class>com.jms.servlet.LogoutServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>LogoutServlet</servlet-name> <url-pattern>/Logout</url-pattern> </servlet-mapping>
五、建立一个过滤器拦截未登陆的用户
1 package com.jms.filter; 2 3 import java.io.IOException; 4 5 import javax.servlet.Filter; 6 import javax.servlet.FilterChain; 7 import javax.servlet.ServletException; 8 import javax.servlet.ServletRequest; 9 import javax.servlet.ServletResponse; 10 import javax.servlet.http.HttpServletRequest; 11 import javax.servlet.http.HttpServletResponse; 12 13 public class UserFilter implements Filter{ 14 15 @Override 16 public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) 17 throws IOException, ServletException { 18 HttpServletRequest req = (HttpServletRequest)request; 19 HttpServletResponse resp = (HttpServletResponse)response; 20 if(req.getSession().getAttribute(\"USER_ID\") == null) { 21 resp.sendRedirect(\"/index.jsp\"); 22 }else { 23 resp.sendRedirect(\"/sys/loginsuccess.jsp\"); 24 } 25 chain.doFilter(request, response);//给其他过滤器放行 26 } 27 28 }
修改web.xml
<filter> <filter-name>UserFilter</filter-name> <filter-class>com.jms.filter.UserFilter</filter-class> </filter> <filter-mapping> <filter-name>UserFilter</filter-name> <url-pattern>/sys/*</url-pattern> </filter-mapping>
六、测试
首先输入错误用户名登陆
返回了登陆页面
接着我们输入正确用户名“admin”
成功登录
我们复制网址,点击注销后,直接输入网址进入
此时会直接跳转回登陆页面,无法再进入。
(本文仅作跟人学习记录用,如有纰漏,敬请指正)
来源:https://www.cnblogs.com/jmsstudy/p/16536913.html
本站部分图文来源于网络,如有侵权请联系删除。