Filter-登录验证，session在线过滤

Filter-登录验证，session在线过滤

public class LoginFilter implements Filter{

    private String uri;

    /*
     * 分析
     * 1.先指定放行的资源，哪些资源不需要拦截：
     *  login.jsp + /login(request对象可以获取)
     * 2.获取session,从session中获取登陆对象
     * 3.判断是否为空：
     *  为空，说明没有登录，跳转到登录
     *  不为空，已经登录，放行
     * */

    @Override
    public void destroy() {
        // TODO Auto-generated method stub

    }

    @Override
    public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain)
            throws IOException, ServletException {
        // TODO Auto-generated method stub
        //0.转换
        HttpServletRequest request = (HttpServletRequest) req;
        HttpServletResponse response = (HttpServletResponse) resp;

        //1.获取请求资源，截取   /emp_sys/login.jsp
        uri = request.getRequestURI();  
        //截取    login.jsp
        String requestPath = uri.substring(uri.lastIndexOf("/")+1,uri.length());

        //2.判断：先放行一些资源：/login.jsp  /login
        if("LoginServlet".equals(requestPath) || "login.jsp".equals(requestPath)){
            chain.doFilter(request, response);
        }else {
            //3.对其他资源进行拦截
            //3.1获取session,获取session中的登录用户(loginInfo)
            HttpSession session = request.getSession();

            if(session != null){
                //3.3不为空，已经登录，放行
                Object object = session.getAttribute("loginInfo");
                if(object != null){
                    chain.doFilter(request,response);
                }else {
                    uri = "/login.jsp";
                }
            }else {
                //3.2为空，说明没有登录，跳转到登录
                uri = "/login.jsp";
            }
            request.getRequestDispatcher(uri).forward(request,response);
        }   
    }

    @Override
    public void init(FilterConfig arg0) throws ServletException {
        // TODO Auto-generated method stub

    }

}