在web项目中写一个过滤器实现用户不登陆,直接给链接,无法进入页面,而重定向到登陆界面的功能。
项目是用springMVC+spring+hibernate实现 (和这个没有多大关系)
第一步:
首先写一个登录权限过滤类--LoginFilter类实现Filter接口
1 package com.agen.util; 2 3 import java.io.IOException; 4 5 import javax.servlet.Filter; 6 import javax.servlet.FilterChain; 7 import javax.servlet.FilterConfig; 8 import javax.servlet.ServletException; 9 import javax.servlet.ServletRequest; 10 import javax.servlet.ServletResponse; 11 import javax.servlet.http.HttpServletRequest; 12 import javax.servlet.http.HttpServletResponse; 13 import javax.servlet.http.HttpSession; 14 15 import org.springframework.util.Assert; 16 import org.springframework.util.StringUtils; 17 18 import com.agen.entity.User; 19 20 /** 21 * 首先写一个登录权限过滤类--LoginFilter类实现Filter接口 22 * @author 申旭栋 23 *下面这三个方法是必须要实现的 24 */ 25 public class LoginFilter implements Filter { 26 27 @Override 28 public void init(FilterConfig filterConfig) throws ServletException { 29 // TODO Auto-generated method stub 30 } 31 32 33 @Override 34 public void doFilter(ServletRequest request, ServletResponse response,FilterChain chain) throws IOException, ServletException { 35 // 获得在下面代码中要用的request,response,session对象 36 HttpServletRequest servletRequest = (HttpServletRequest) request; 37 HttpServletResponse servletResponse = (HttpServletResponse) response; 38 HttpSession session = servletRequest.getSession(); 39 40 // 获得用户请求的URI 41 String path = servletRequest.getRequestURI(); 42 43 // 从session里取用户 44 User user = (User) session.getAttribute("user"); 45 46 // 登陆页面无需过滤 47 if("/biologyInfo/".equals(path) || "/biologyInfo/login/login1.htmls".equals(path)) { 48 chain.doFilter(servletRequest, servletResponse); 49 return; 50 } 51 52 // 判断如果没有取到用户信息,说明这个请求是没有登录就在请求 就跳转到登陆页面 53 if (user == null) { 54 // 跳转到登陆页面 55 servletResponse.sendRedirect("/biologyInfo/login/login1.htmls"); 56 } else { 57 // 已经登陆,继续此次请求 58 chain.doFilter(request, response); 59 } 60 61 } 62 63 @Override 64 public void destroy() { 65 // TODO Auto-generated method stub 66 } 67 68 }
第二步:
在web.xml中配置一下filter
1 <!-- 配置 登陆 过滤器 --> 2 <filter> 3 <filter-name>login</filter-name> 4 <filter-class>com.agen.util.LoginFilter</filter-class> 5 </filter> 6 7 <filter-mapping> 8 <filter-name>login</filter-name> 9 <url-pattern>*.htmls</url-pattern><!--此处写/*代表浏览器地址栏中的所有请求都会被拦截 包括css文件和js文件 .htmls这是仅拦截以.htmls结尾的请求 --> 10 </filter-mapping>
这样这个过滤器就写成了。
说明:
1.在web.xml中配置的filter的 <url-pattern>参数中的值,意思就是拦截的请求路径,就是浏览器的地址栏中的URL,因为页面上不论是页面,还是js文件,还是css文件都是通过请求得到的。
2.而上面的web.xml中配置的 <url-pattern>*.htmls</url-pattern>表示拦截仅拦截.htmls结尾的URL,而将js或者css文件结尾的URL都放过。
3.而访问页面都是通过以下这样的请求去访问的页面,
http://192.168.16.104:8080/biologyInfo/login/geneinfo.htmls
http://192.168.16.104:8080/biologyInfo/login/welcome1.htmls
而这些都是先去找了后台的controller,从服务器才去的页面
贴出服务器端的代码:
1 package com.agen.controller; 2 3 import java.util.UUID; 4 5 import javax.annotation.Resource; 6 import javax.servlet.http.HttpServletRequest; 7 import javax.servlet.http.HttpSession; 8 9 import org.hibernate.Criteria; 10 import org.hibernate.Session; 11 import org.hibernate.SessionFactory; 12 import org.hibernate.criterion.Criterion; 13 import org.hibernate.criterion.Restrictions; 14 import org.springframework.beans.factory.annotation.Autowired; 15 import org.springframework.http.HttpRequest; 16 import org.springframework.stereotype.Controller; 17 import org.springframework.ui.Model; 18 import org.springframework.util.Assert; 19 import org.springframework.web.bind.annotation.RequestMapping; 20 import org.springframework.web.bind.annotation.ResponseBody; 21 22 import com.agen.entity.User; 23 import com.agen.service.AuthorityService; 24 import com.agen.service.RoleService; 25 import com.agen.service.UserSevice; 26 import com.fasterxml.jackson.annotation.JsonCreator.Mode; 27 28 29 @Controller() 30 @RequestMapping("login") 31 public class LoginController { 32 33 @Resource(name="userSevice") 34 private UserSevice userService; 35 36 @Resource(name="roleService") 37 private RoleService roleService; 38 39 @Resource(name="authorityService") 40 private AuthorityService authorityService; 41 42 @Autowired 43 private SessionFactory sessionFactory; 44 45 public Session getCurrentSession() { 46 // 需要开启事物,才能得到CurrentSession getCurrentSession()是获取已有的 没有 就创建新的 47 return sessionFactory.getCurrentSession(); 48 } 49 50 51 @RequestMapping("/login1") 52 public String login(User user, Model model,HttpServletRequest request){ 53 if(user.getUserName()==null &&user.getPassword()==null){ 54 model.addAttribute("error", "0"); 55 return "../../../index"; 56 }else{ 57 Criteria criteria = getCurrentSession().createCriteria(User.class); 58 criteria.add(Restrictions.eq("userName", user.getUserName())); 59 User user2 = userService.uniqueResult(criteria); 60 if(user2 == null) { 61 model.addAttribute("error", "1"); 62 return "../../../index"; 63 } else if(!( user2.getPassword() .equals(user.getPassword()) )){ 64 model.addAttribute("error", "2"); 65 return "../../../index"; 66 } 67 Assert.notNull(user); 68 HttpSession session = request.getSession(); 69 session.setAttribute("user", user); 70 return "/index/index"; 71 } 72 73 } 74 75 @RequestMapping("/register") 76 @ResponseBody 77 public boolean register(User user){ 78 boolean flag = false; 79 user.setUserId(UUID.randomUUID().toString()); 80 Criteria criteria = getCurrentSession().createCriteria(User.class); 81 criteria.add(Restrictions.eq("userName", user.getUserName())); 82 User user2 = userService.uniqueResult(criteria); 83 if(user2 != null){ 84 flag = false; 85 }else{ 86 userService.save(user); 87 flag = true; 88 } 89 return flag; 90 } 91 92 93 /** 94 * 页面二级菜单 95 * @return 96 */ 97 @RequestMapping("/welcome1") 98 public String welcome(){ 99 100 return "/index/welcome"; 101 } 102 @RequestMapping("/geneinfo") 103 public String geneinfo(){ 104 return "/geneinfo/geneinfoone"; 105 } 106 107 }