自定义过滤器,当用户没有登录时,来访问就会跳转到登录页面,有利于后台数据的安全性
package com.hzit.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class AuthorFilter implements Filter {
private static String loginPath = "/login.jsp";
public void destroy() {
// TODO Auto-generated method stub
}
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest)req;
HttpServletResponse response = (HttpServletResponse)res;
String currentURL = request.getRequestURI();
//请求为http://127.0.0.1:8080/bookTest/login.jsp的值为/bookTest/login.jsp 请求的项目名加文件名的路径
String ctxPath = request.getContextPath();
//请求为http://127.0.0.1:8080/bookTest/login.jsp的值为/bookTest 请求的项目名的路径
String targetURL = currentURL.substring(ctxPath.length());
//根据上面的字符串截取请求的文件名
//=======/login.jsp ctxPath: /bookTest currentURL: /bookTest/login.jsp
System.out.println("targetURL"+ targetURL +" ctxPath: "+ctxPath+" currentURL: "+currentURL);
HttpSession session = request.getSession(false);
if(targetURL.endsWith(".css")||targetURL.endsWith(".js")||targetURL.endsWith(".jpg") ||targetURL.endsWith(".gif")||targetURL.endsWith(".png")) {
chain.doFilter(request, response);//给登录界面的静态资源放行
return;
}
if(("/toLogin".equals(targetURL))) {//当做表单提交时,也要去放行,让控制层去判断账号和密码是否正确
chain.doFilter(request, response);
return;
}
if(!(loginPath.equals(targetURL))) {//非法请求,重定向到登录界面
if(session == null || session.getAttribute("user") == null) {
response.sendRedirect("/bookTest/login.jsp");
return;
}else {
//合法的请求,放行
chain.doFilter(request, response);
return;
}
}else {
chain.doFilter(request, response);//当前为登录界面,直接进入登录界面
return;
}
}
public void init(FilterConfig arg0) throws ServletException {
}
}
web.xml配置
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<display-name>Archetype Created Web Application</display-name>
<!-- 处理乱码 -->
<filter>
<filter-name>characterEncodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter>
<filter-name>SecureFilter</filter-name>
<filter-class>com.hzit.filter.AuthorFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>SecureFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>characterEncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring-mybatis.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>SpringMVC</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:springMVC-servlet.xml</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>SpringMVC</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- 设置欢迎界面 -->
<welcome-file-list>
<welcome-file>login.jsp</welcome-file>
</welcome-file-list>
</web-app>
我在做的时候遇到的问题:没有透彻的理解过滤器的的工作原理,导致静态资源被拦截。在定义登录名时,没有加上/,导致在登录时不能进行正确的判断进入那个if分支里面。在非法进入时,做页面跳转时,未加上项目名,导致404错误,总之,经过自己的细心检查,最终搞定了着这些问题,希望对看的朋友有点帮助