javaweb-27:Filter实现权限拦截

用户登录之后才能进入主页,用户注销后就不能进入主页了!

1.用户登录之后,向session中放入用户的数据

2.进入主页的时候,要判断用户是否已经登录 。要求:在过滤器中实现

代码show

SysFilter.java

package com.gongyi.filter;

import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;


public class SysFilter implements Filter {
    public void init(FilterConfig filterConfig) throws ServletException {

    }

    public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException {
        //ServletRequest HttpServletRequest
        HttpServletRequest request = (HttpServletRequest) req;
        HttpServletResponse response = (HttpServletResponse) resp;
        if(request.getSession().getAttribute("USER_SESSION") == null) {
            response.sendRedirect("/error.jsp");
        }
        chain.doFilter(request,response);
    }

    public void destroy() {

    }
}

LoginServlet.java

package com.gongyi.servlet;

import com.gongyi.util.Constant;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;


public class LoginServlet extends HttpServlet {
    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        //获取前端请求的参数
        String username = req.getParameter("username");
        if(username.equals("admin")) {//登录成功
            req.getSession().setAttribute(Constant.USER_SESSION,req.getSession().getId());
            resp.sendRedirect("/sys/success.jsp");
        } else {//登录失败

            resp.sendRedirect("/error.jsp");
        }

    }

    @Override
    protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        doGet(req, resp);
    }
}

LogoutServlet.java

package com.gongyi.servlet;

import com.gongyi.util.Constant;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;


public class LogoutServlet extends HttpServlet {
    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        Object user_session = req.getSession().getAttribute(Constant.USER_SESSION);
        if(user_session != null) {
            req.getSession().removeAttribute(Constant.USER_SESSION);
            resp.sendRedirect("/Login.jsp");
        } else {
            resp.sendRedirect("/Login.jsp");
        }
    }

    @Override
    protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        doGet(req, resp);
    }
}

Constant.java

package com.gongyi.util;


public class Constant {
    public final static String USER_SESSION = "USER_SESSION";
}

web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd"
         version="4.0">
    <servlet>
        <servlet-name>LoginServlet</servlet-name>
        <servlet-class>com.gongyi.servlet.LoginServlet</servlet-class>
    </servlet>
    <servlet-mapping>
        <servlet-name>LoginServlet</servlet-name>
        <url-pattern>/servlet/login</url-pattern>
    </servlet-mapping>

    <servlet>
        <servlet-name>LogoutServlet</servlet-name>
        <servlet-class>com.gongyi.servlet.LogoutServlet</servlet-class>
    </servlet>
    <servlet-mapping>
        <servlet-name>LogoutServlet</servlet-name>
        <url-pattern>/servlet/logout</url-pattern>
    </servlet-mapping>

    <servlet>
        <servlet-name>ShowServlet</servlet-name>
        <servlet-class>com.gongyi.servlet.ShowServlet</servlet-class>
    </servlet>
    <servlet-mapping>
        <servlet-name>ShowServlet</servlet-name>
        <url-pattern>/show</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
        <servlet-name>ShowServlet</servlet-name>
        <url-pattern>/servlet/show</url-pattern>
    </servlet-mapping>
    <filter>
        <filter-name>CharacterEncodingFilter</filter-name>
        <filter-class>com.gongyi.filter.CharacterEncodingFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>CharacterEncodingFilter</filter-name>
        <!--只要是/servlet的任何请求,会经过这个过滤器-->
        <url-pattern>/servlet/*</url-pattern>
        <!--<url-pattern>/*</url-pattern>-->
    </filter-mapping>

    <filter>
        <filter-name>SysFilter</filter-name>
        <filter-class>com.gongyi.filter.SysFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>SysFilter</filter-name>
        <url-pattern>/sys/*</url-pattern>
    </filter-mapping>
   <!-- 注册监听器-->
    <listener>
        <listener-class>com.gongyi.listener.OnlineCountListener</listener-class>
    </listener>
    <session-config>
        <session-timeout>1</session-timeout>
    </session-config>
</web-app>

sys/success.jsp

<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
    <head>
        <title>Title</title>
    </head>
    <body>
        <%--一般用过滤器实现,jsp只负责展示--%>
        <%--<%
            Object userSession = request.getSession().getAttribute("USER_SESSION");
            if(userSession == null) {
                response.sendRedirect("/Login.jsp");
            }
        %>--%>
        <h1>主页</h1>
        <p>
            <a href="/servlet/logout">注销</a>
        </p>
    </body>
</html>

error.jsp

<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
    <head>
        <title>Title</title>
    </head>
    <body>
        <h1>错误</h1>
        <h3>没有权限,用户名错误</h3>
        <a href="/Login.jsp">返回登录页面</a>
    </body>
</html>

Login.jsp

<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
    <head>
        <title>Title</title>
    </head>
    <body>
        <h1>登录</h1>
        <form action="/servlet/login" method="post">
            <input type="text" name="username">
            <input type="submit">
        </form>
    </body>
</html>

彩蛋

1.一个页面如何限制只有登录才能访问

1)jsp控制

<%
    Object userSession = request.getSession().getAttribute("USER_SESSION");
    if(userSession == null) {
        response.sendRedirect("/Login.jsp");
    }
%>

2)过滤器控制

public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException {
        //ServletRequest HttpServletRequest
        HttpServletRequest request = (HttpServletRequest) req;
        HttpServletResponse response = (HttpServletResponse) resp;
        if(request.getSession().getAttribute("USER_SESSION") == null) {
            response.sendRedirect("/error.jsp");
        }
        chain.doFilter(request,response);
    }

2.“USER_SESSION” 与Constant.USER_SESSION对比

体会:提取常量的好处

3.发散思维:

用vip1.jsp,vip2.jsp,vip3.jsp简单模拟不同vip看到的页面不同效果

4.程序不是一下写好的

先完成基本功能

再不断完善,优化

上一篇:spring boot实现超轻量级网关(反向代理、转发)


下一篇:【Go语言入门教程】Go语言容器(container)