JavaWeb23（Filter实现权限拦截）

过滤器和监听器常见应用

监听器：GUI编程中经常使用

管理员登录示例

1.在java包下创建一个util包，创建一个静态变量类

constant.java

package com.util;

public class constant {
    
    
    public final static String userSession = "USER_SESSION";

}

2.写 mainPage.jsp，login.jsp，logout.jsp，error.jsp四个前端页面

mainPage（在新建的sys包下）

<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
    <title>Title</title>
</head>
<body>

<h1>管理员页面</h1>
<a href="/servlet/logout"> <h2>退出登录</h2></a>
</body>
</html>

login.jsp

<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
    <title>Title</title>
</head>
<body>
<h1>LOGIN</h1>

<form action="/servlet/login" method="post">
    用户名:<input type="username" name="username" style="text-align: center">
    <input type="submit" name="submit">
</form>
</body>
</html>

logout.jsp

<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
    <title>Title</title>
</head>
<body>
<a href="/servlet/logout">注销</a>
</body>
</html>

error.jsp

<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
    <title>Title</title>
</head>
<body>
<h1>登陆失败</h1>
<a href="/login.jsp">返回登陆页面</a>
</body>
</html>

3.编写loginServlet，logoutServlet，loginFilter

loginServlet.java

package com.servlet;

import com.util.constant;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

public class loginServlet extends HttpServlet {
    
    
    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
    
    
        doPost(req, resp);
    }

    @Override
    protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
    
    
        String username = req.getParameter("username");
        if (username.equals("admin")){
    
    
            //登陆成功
            req.getSession().setAttribute(constant.userSession,req.getSession().getId());
            //经过过滤器，看是否正常登录，如果不是正常登录，将会被拦截
            resp.sendRedirect("/sys/mainPage.jsp");
        }else{
    
    
            //登陆失败
            resp.sendRedirect("/error.jsp");
        }
    }
}

logoutServlet.java

package com.servlet;

import com.util.constant;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

public class logoutServlet extends HttpServlet {
    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        doPost(req, resp);
    }

    @Override
    protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        Object username = req.getSession().getAttribute(constant.userSession);
        if (username!=null){
            //session不为空shi时删除sessionID
            req.getSession().removeAttribute(constant.userSession);
            resp.sendRedirect("/login.jsp");
        }else {
            resp.sendRedirect("/login.jsp");
        }
    }
}

LogiinFilter.java

package com.hao.filter;

import com.util.constant;
import org.omg.CORBA.Request;

import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

public class LoginFilter implements Filter {
    @Override
    public void init(FilterConfig filterConfig) throws ServletException {

    }

    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) servletRequest;
        HttpServletResponse response = (HttpServletResponse) servletResponse;
        //直接访问mainPage.jsp会访问失败，因为没有向session中存入sessionID
        if (request.getSession().getAttribute(constant.userSession)==null){
            response.sendRedirect("/error.jsp");
        }else{

        }
        filterChain.doFilter(request,response);
    }

    @Override
    public void destroy() {

    }
}

4.配置web.xml

    <servlet>
        <servlet-name>loginServlet</servlet-name>
        <servlet-class>com.servlet.loginServlet</servlet-class>
    </servlet>
    <servlet-mapping>
        <servlet-name>loginServlet</servlet-name>
        <url-pattern>/servlet/login</url-pattern>
    </servlet-mapping>

    <servlet>
        <servlet-name>logoutServlet</servlet-name>
        <servlet-class>com.servlet.logoutServlet</servlet-class>
    </servlet>
    <servlet-mapping>
        <servlet-name>logoutServlet</servlet-name>
        <url-pattern>/servlet/logout</url-pattern>
    </servlet-mapping>

<!--    注册过滤器-->
    <filter>
        <filter-name>LoginFilter</filter-name>
        <filter-class>com.hao.filter.LoginFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>LoginFilter</filter-name>
        <url-pattern>/sys/*</url-pattern>
    </filter-mapping>

测试访问

1.正常登录（输入admin为用户名）

输入admin后点击提交

点击退出登录回到登陆页面

2.正常登录，不输入admin（输入源浩）

点击返回登陆页面返回登录界面

3.非正常登录，直接访问mainPage页面网址