在web.xml中配置过滤:
<filter>
<filter-name>LoginFilter</filter-name>
<filter-class>com.thunisoft.verification.action.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>/artery/form/dealParse.do</url-pattern>
</filter-mapping>/* 拦截所有请求
/.do 拦截以“.do”结尾的请求
/index.jsp 拦截指定的jsp
/artery/form/* 拦截该目录下的所有请求
等等
拦截器,拦截请求类:
思路:比较“由登录页面登录后的session中属性值”和“通过url直接访问的session中的属性值”,找到其中不一样的,这就是判断依据。(判断依据可以参考登录逻辑类的代码)
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
/**
* 主页面拦截,必须从登陆页面进入index
*/
public class LoginFilter implements Filter {
@Override
public void destroy() {
}
@Override
public void doFilter(ServletRequest servletRequest,
ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
HttpSession hs = request.getSession();
if ("ture".equals(hs.getAttribute("isLogin"))) {//登录后,进入session查看session中的登录状态找到判断依据,
chain.doFilter(request, response);
return;
}
response.sendRedirect(request.getContextPath() + "/login.jsp");
}
@Override
public void init(FilterConfig arg0) throws ServletException {
}
}登录逻辑代码:
import javax.crypto.spec.DESedeKeySpec;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.struts.action.Action;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;
import com.thunisoft.artery.module.config.ArteryConfigUtil;
import com.thunisoft.summer.component.crypto.CryptFactory;
import com.thunisoft.summer.component.crypto.CryptUtil;
import com.thunisoft.verification.bean.IdentityBean;
/**
* 登录页身份认证
* @author sunwenhao
*/
public class IdentityVerificationAction extends Action {
private final Log logger = LogFactory.getLog(IdentityVerificationAction.class);
private static final String IS_LOGIN_KEY = "isLogin";//在此处设置了登录的判断属性
private static final String IS_LOGIN_VALUE = "ture";//在此处设置了登录的属性的判断初始属性
private static final String SEC_STR="Hso2ThxNiSofHso2ThxNiSof";
@Override
public ActionForward execute(ActionMapping mapping, ActionForm form,
HttpServletRequest request, HttpServletResponse response)
throws Exception {
IdentityBean identityInfo = (IdentityBean)form;
boolean success = verificationInfo(identityInfo);
//如果验证身份成功或者不使用登录页
if(success) {
request.getSession().setAttribute(IS_LOGIN_KEY, IS_LOGIN_VALUE);
return mapping.findForward("success");
}
request.setAttribute("msg", "用户名或密码错误");
return mapping.findForward("fail");
}
/**
* 是否登录
*
* @param request
* @param response
*
* @return
*/
public static boolean isLogin(HttpServletRequest request, HttpServletResponse response) {
String isLogin = (String)request.getSession().getAttribute(IS_LOGIN_KEY);
return IS_LOGIN_VALUE.equals(isLogin);
}
/**
* 验证登录信息
*
* @param request
* @param response
*
* @return
*/
private boolean verificationInfo(IdentityBean identityInfo) {
String user = identityInfo.getUsername();
String pwd = identityInfo.getPassword();
pwd=CryptUtil.encrypt(CryptFactory.ALGORITHM_3DES, pwd, SEC_STR);
String username = ArteryConfigUtil.getProperty("username");
String password = ArteryConfigUtil.getProperty("password");
try {
if(username.equals(user) && password.equals(pwd))
return true;
return false;
} catch (Exception e) {
logger.error("验证用户名和密码时出现错误.");
return false;
}
}
}