这是一道j2ee老师布置的题目!
新建一个项目,项目包含login.jsp和index.jsp两个jsp页面,和UserLoginServlet、UpdateServlet、QueryServlet三个Servlet。在login.jsp页面用户输入用户名和密码,并且选择相应的登录角色(包含普通用户和、超级用户两个角色),提交给UserLoginServlet,如果用户选择的是普通用户,提交的用户名和密码分别是“zhangsan”,“123456”,或者用户选择的是超级用户,输入的用户名和密码分别是“lisi”,“654321”,则表示用户登录成功,页面跳转到index.jsp页面,否则跳回登录页面。如果是普通用户则在index.jsp页面只显示一个“查询链接”,该链接访问QueryServlet,如果是超级用户,index.jsp除了有“查询链接”还有一个“修改链接”,访问UpdateServlet。UpdateServlet、QueryServlet可以简单的返回一个提示信息。并且要求对index.jsp、QueryServlet、UpdateServlet的访问要进行权限验证。登录用户才能访问,并且UpdateServlet只能是超级用户登录后才能访问。
题目意思就是通过login.jsp界面登录,发送请求给UserLoginServlet, 然后再通过这个Servlet验证权限看是否能通过。这里为了符合提议,就应该用到过滤器这个东西。
作业文件:
User存储用户信息,MyFilter是过滤类,GetRight类用来检测账号密码是否正确,UserLoginServlet类是用来对登录界面提交的请求进行相应处理的Servlet。QueryServlet和UpdateServlet不是重点,里面就只out.print了一句话表示你的<a>访问到了这个Servlet,还能单独访问以检测session是否添加成功!index是登录的目标界面,里面有两个链接,访问两个操作Servlet。
先看代码,后面具体讲解实现原理和操作流程:
这是web.xml的内容,对Servlet和过滤器进行了注册:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" id="WebApp_ID" version="3.1">
<display-name>homework</display-name>
<servlet>
<servlet-name>UserLoginServlet</servlet-name>
<servlet-class>cn.jxufe.homework.servlet.UserLoginServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>UpdateServlet</servlet-name>
<servlet-class>cn.jxufe.homework.servlet.UpdateServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>QueryServlet</servlet-name>
<servlet-class>cn.jxufe.homework.servlet.QueryServlet</servlet-class>
</servlet>
<filter>
<filter-name>MyFilter</filter-name>
<filter-class>cn.jxufe.homework.filter.MyFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>MyFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet-mapping>
<servlet-name>UserLoginServlet</servlet-name>
<url-pattern>/userlogin</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>UpdateServlet</servlet-name>
<url-pattern>/update</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>QueryServlet</servlet-name>
<url-pattern>/query</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>
</web-app>然后是login.jsp:
<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" contentType="text/html;charset=utf-8">
<html>
<head>
<base href="<%=basePath%>">
<title>My JSP 'login.jsp' starting page</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<style>
table{
width:400px;
height: auto;
margin: 200 auto;
}
h1{
letter-spacing:20px;
width: 200px;
height: auto;
margin: 150px auto;
}
</style>
</head>
<body>
<form action="/homework/userlogin" method="post">
<h1>登录</h1>
<table>
<tr><td><label for="admin">账号:</label></td>
<td><input type="text" placeholder="请输入账号" id="admin" name="admin"></td></tr>
<tr><td><label for="password">密码:</label></td>
<td><input type="password" name="password" id="password"></td></tr>
<tr><td><label for="authority">用户权限:</label></td>
<td><input type="radio" name="authority" value="normal" id="normal"><label for="normal">普通</label>
<input type="radio" name="authority" value="super" id="super"><label for="super">超级</label></td></tr>
<tr><td><input type="submit" value=" 登录 "></td><td><input type="reset" value="清空内容"></td></tr>
</table>
</form>
</body>
</html>
界面如图:
然后是过滤器代码:
package cn.jxufe.homework.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import cn.jxufe.homework.model.User;
public class MyFilter implements Filter {
@Override
public void destroy() {
// TODO Auto-generated method stub
System.out.println("MyFilter.class.destroy()");
}
@Override
public void doFilter(ServletRequest arg0, ServletResponse arg1,
FilterChain arg2) throws IOException, ServletException {
System.out.println("MyFilter.class.doFilter()");
HttpServletRequest request = (HttpServletRequest) arg0;
HttpServletResponse response = (HttpServletResponse) arg1;
String uri = request.getRequestURI();
if(uri.contains("login.jsp") || uri.contains("userlogin")){
arg2.doFilter(arg0, arg1);
System.out.println("uri.contains(\"login.jsp\") || uri.contains(\"userlogin\")");
return;
}
HttpSession session = request.getSession();
User user = (User)session.getAttribute("user");
if(user == null){
response.sendRedirect("login.jsp");
}else{
arg2.doFilter(arg0, arg1);
}
}
@Override
public void init(FilterConfig arg0) throws ServletException {
System.out.println("MyFilter.class.init()");
}
}
UserLoginServlet代码:
package cn.jxufe.homework.servlet;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import cn.jxufe.homework.model.User;
import cn.jxufe.homework.service.GetRight;
public class UserLoginServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doPost(request, response);
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
System.out.println("UserLoginServlet.class");
String admin = request.getParameter("admin");
String password = request.getParameter("password");
String authority = request.getParameter("authority");
boolean infoIsRight = GetRight.isRight(authority, admin, password);
System.out.println("is info right " + infoIsRight);
if(infoIsRight){
User user = new User(admin, password, authority);
request.getSession().setAttribute("user", user);
response.sendRedirect("index.jsp");
}else
response.sendRedirect("login.jsp");
}
}
User类:
当我们直接执行UpdateServlet时就会直接跳转至login.jsp。
并且控制台显示
web.xml中将filter的url-pattern设置为/*,这表示给过滤器过滤的是这个web项目下的每一个程序。
所以我们访问UpdateServlet时,先执行过滤器中的doFilter()函数
因为其request的uri不符合uri.contains("login.jsp") || uri.contains("userlogin")而且也没有添加过session(可以看下这两个很好的讲解:浅谈Session与Cookie的区别与联系 和 Http Session和Cookie)。
所以就只直接跳转至登录界面!而访问登录界面,又得过滤一次,这时候就满足:
所以就有了后两句。
现在我们登录试试,输入账号:zhangsan 密码:123456 选择超级用户单选框,然后在界面就能看到这个:
控制台内容:
MyFilter.class.doFilter()
uri.contains("login.jsp") || uri.contains("userlogin")
UserLoginServlet.class
GetRight.class
MyFilter.class.doFilter()
流程就是login提交表单后,myfilter过滤,然后再通过,到UserLoginServlet,通过GetRight类验证账号密码是否正确,如果正确返回true,回到UserLoginServlet,servlet将request中的账号密码权限信息封装成一个User对象,添加进session中,然后再跳转至index.jsp,这之前还要过一次过滤器!
整个文件这里下载 密码:bdyk
以上。