此例子为一个简单的登录拦截。
首先在web.xml中配置拦截类。
<filter-mapping> <filter-name>SessionFilter</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> </filter-mapping> <filter> <filter-name>SessionFilter</filter-name> <!-- 拦截类 --> <filter-class>com.skin.generate.user.UserLoginFilter</filter-class> <init-param> <param-name>loginUrl</param-name> <param-value>/finder/login.html</param-value> </init-param> <!-- 配置参数 比如不拦截的路径 --> <init-param> <param-name>excludes</param-name> <param-value> /register.html, /resource/**/*, /note/**/* </param-value> </init-param> </filter>
其次就是拦截类的编写。
package com.skin.generate.user; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import com.skin.finder.security.UserSession; import com.skin.finder.web.util.Client; import com.skin.finder.web.util.CookieUtil; import com.skin.generate.entity.User; public class UserLoginFilter implements Filter { /* * String nofilter; String nofilterFiles[]; String sendRedirect; */ public void destroy() { } public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) res; String path = request.getServletPath(); String url = request.getRequestURI(); // 如果不需要过滤的静态文件,直接放行 if (path.endsWith(".css") || path.endsWith(".js") || path.endsWith("Login.html") || url.indexOf("resource") > 0 || url.indexOf("note") > 0 || url.endsWith("login.jsp") || path.endsWith(".gif") || path.endsWith(".ico")) { chain.doFilter(request, response); return; } else { if (checkUser(request, response)) { chain.doFilter(request, response);// 如果用户已经登录,就放行 return; } else { // 没有登录,重定向到登录页面 String contextPath = getContextPath(request); response.sendRedirect(contextPath+ "/template/finder/login.jsp"); return; } } } protected String getContextPath(HttpServletRequest request) { String contextPath = request.getContextPath(); if ((contextPath == null) || (contextPath.equals("/"))) { return ""; } return contextPath; } private boolean isInArray(String path, String nofilterFiles[]) { for (int i = 0; i < nofilterFiles.length; i++) { String nofilterFile = nofilterFiles[i]; if (nofilterFile.equals(path)) { return true; } } return false; } private boolean checkUser(HttpServletRequest request, HttpServletResponse response) throws IOException { //1.判断cookie 是否存在 Cookie cookie = CookieUtil.getCookie(request, Client.COOKIE_NAME); if(cookie ==null ){ return false; } //2.校验session HttpSession session = request.getSession(false);// 如果不存在返回空 if (session == null) { return false; } //3.校验登录用户 Object obj = session.getAttribute(SessionUtils.USER_NAME); if (obj == null) { return false; } return true; } public void init(FilterConfig config) throws ServletException { /* * nofilter = config.getInitParameter("excludes"); * nofilterFiles =nofilter.split(","); sendRedirect = * config.getInitParameter("loginUrl"); */ // System.out.println(Arrays.asList(nofilterFiles)); } }