一、要求
用户登陆之后才能进入主页,用户注销之后不能进入首页
二、思路
- 用户登陆之后,向session中放入用户的数据
- 进入主页的时候要判断用户是否已经登陆(在过滤器中实现)
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) resp;
Object user_session = request.getSession().getAttribute(Constant.USER_SESSION);
if (user_session == null){
response.sendRedirect("/error.jsp");
}
chain.doFilter(request,response);
}
三、案例步骤
- 首先我们需要创建一个登录页面,进入登录页面就会提交一个请求,
地址为 /servlet/login :
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>Title</title>
</head>
<body>
<form action="/servlet/login" method="post">
<input type="text" name="username">
<input type="submit">
</form>
</body>
</html>
- 该地址映射的类是LoginServlet类,继承了HttpServlet类。代码如下:
public class LoginServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
//获取前端请求的参数
String username = req.getParameter("username");
if (username.equals("admin")){
//登陆成功
req.getSession().setAttribute(Constant.USER_SESSION,req.getSession().getId());
resp.sendRedirect("/sys/success.jsp");
}else {
//登陆失败
resp.sendRedirect("/error.jsp");
}
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
doGet(req,resp);
}
}
- 验证过程中会出现两种情况,要么成功进入success.jsp页面,要么失败进入error.jsp页面,代码分别为:
success.jsp页面:
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>Title</title>
</head>
<body>
<h1>主页</h1>
<p><a href="/servlet/logout">注销</a></p>
</body>
</html>
error.jsp页面:
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>Title</title>
</head>
<body>
<h1>错误</h1>
<h3>没有权限,或者密码错误</h3>
<a href="/Login.jsp">返回登陆页面</a>
</body>
</html>
- 接下来我们需要一个过滤器,给它加一个权限验证:
public class SysFilter implements Filter {
public void init(FilterConfig filterConfig) throws ServletException {
}
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) resp;
Object user_session = request.getSession().getAttribute(Constant.USER_SESSION);
if (user_session == null){
response.sendRedirect("/error.jsp");
}
chain.doFilter(request,response);
}
public void destroy() {
}
}
经过以上拦截操作,如果我们想直接访问登录成功页面会被重定向到error.jsp页面:
