由于页面可以通过路径及文件名直接访问,出于安全考虑,使用Filter拦截器进行拦截,判断是否已经登录,否则跳转到登陆页面通过实现Filter,关键代码如下
private FilterConfig config = null;
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest request1 = (HttpServletRequest)request;
HttpServletResponse response1 = (HttpServletResponse)response;
HttpSession session = request1.getSession();
request.setCharacterEncoding("UTF-8");
response.setContentType("text/html;charset=UTF-8");
Users user = (Users) session.getAttribute(Conts.SESSION_NAME);
String pat = request1.getRequestURI();
//!pat.endsWith("login.jsp") 不过滤登录页
if(null == user && !pat.endsWith("login.jsp")){
System.out.println("没有登录");
response1.sendRedirect(request1.getContextPath()+"/login.jsp");
} else{
System.out.println("已经登录");
chain.doFilter(request,response);
}
}
web.xml配置
<filter>
<filter-name>control</filter-name>
<filter-class>com.sms.servlet.control</filter-class>
</filter>
<filter-mapping>
<filter-name>control</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
由于我这是后台,所以我这里过滤所有的jsp,也可以写成 <url-pattern>/xxx目录</url-pattern>即表示过滤这个目录下所有文件
这里的Conts.SESSION_NAME 是一个静态SESSION常量,方便于后期修改 如下:
public class Conts {
public final static String SESSION_NAME = "Login";
}