实现的功能是:当用户登录之前,拦截当前url,跳转到登录页面,用户登录,登录成功后跳转至拦截的url页面;用户登录之后,直接将页面跳转至该url。
原理很简单:拦截器拦截请求,判断是否登录:如果是,则不处理,直接跳转;如果没有,则跳转到登录的路径,并将该url作为参数传递到登录页面,在登录页面通过一个隐藏域将url传递给登录的处理逻辑,处理完登录成功后跳转至url。
拦截器,拦截请求Myfilter.java
import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; /** * 邮件链接拦截器 * * @author */ public class Myfilter implements Filter { public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest httpreq = (HttpServletRequest)request; HttpServletResponse httpres = (HttpServletResponse)response; String url = ""; String contextPathStr = httpreq.getContextPath(); com.eos.data.datacontext.UserObject uo = (com.eos.data.datacontext.UserObject)httpreq.getSession().getAttribute("userObject"); if(!httpreq.getRequestURL().toString().endsWith("login.jsp")&&!httpreq.getRequestURL().toString().endsWith(".jpg") &&!httpreq.getRequestURL().toString().endsWith(".css")&&!httpreq.getRequestURL().toString().endsWith(".js") &&!httpreq.getRequestURL().toString().endsWith(".gzip")&&!httpreq.getRequestURL().toString().endsWith(".gif") &&!httpreq.getRequestURL().toString().endsWith("Login.flow")&&!httpreq.getRequestURL().toString().endsWith("login") &&!httpreq.getRequestURL().toString().endsWith("logout")&&!httpreq.getRequestURL().toString().endsWith("index.jsp") &&!httpreq.getRequestURL().toString().endsWith("error.jsp")){//过滤掉一些request的路径 if(uo==null||(uo.getUserId()==null || uo.getUserId()==""))//如果没有登录 { url = com.phfund.rap.common.MyRedirect.dealurl(httpreq);//记录当前地址和请求参数,dealurl将实际url处理了避免和要请求url有干扰,因为会有& 字符 //System.out.println(com.phfund.rap.common.MyRedirect.geturl(url)+"=="); httpres.sendRedirect(contextPathStr+"/auth/login.jsp?tourl="+url) ;//重定向到登录页面 }else{ chain.doFilter(request, response); //进入下一个拦截器 } }else{ chain.doFilter(request, response); } } public void init(FilterConfig arg0) throws ServletException { // TODO Auto-generated method stub } public void destroy() { // TODO Auto-generated method stub } }
web.xml里添加拦截器的配置
<filter> <filter-name>MyFilter</filter-name> <filter-class>com.phfund.rap.common.Myfilter</filter-class> </filter> <filter-mapping> <filter-name>MyFilter</filter-name> <url-pattern>/*</url-pattern> <dispatcher>FORWARD</dispatcher> <dispatcher>REQUEST</dispatcher> <dispatcher>INCLUDE</dispatcher> </filter-mapping>
MyRedirect.java跳转的url的处理类。
import java.util.Enumeration; import javax.servlet.http.HttpServletRequest; /** * 邮件链接用的控制跳转url的类 * */ public class MyRedirect { /** * @param request 请求 * @return 经过处理的加密后的url * */ public static String dealurl(HttpServletRequest request) { String url = ""; try { DesUtils des = new DesUtils("leemenz"); url = request.getRequestURL() + "?"; url += param(request); if (url.indexOf("&") > -1) url = url.replaceAll("&", "@#@");// 实际上就是把有&的字符转化成了@#@ url = des.encrypt(url); } catch (Exception e) { e.printStackTrace(); } return url; } /** * @param url 经过处理的加密的url * @return 正常的url */ public static String geturl(String url)// 这个是还原方法 { try { DesUtils des = new DesUtils("leemenz"); url = des.decrypt(url); if (url.indexOf("@#@") > -1) url = url.replaceAll("@#@", "&"); } catch (Exception e) { e.printStackTrace(); } return url; } /** * @param request * @return */ public static String param(HttpServletRequest request) { String url = ""; Enumeration param = request.getParameterNames();// 得到所有参数名 while (param.hasMoreElements()) { String pname = param.nextElement().toString(); url += pname + "=" + request.getParameter(pname) + "&"; } if (url.endsWith("&")) { url = url.substring(0, url.lastIndexOf("&")); } return url; } }
加密类:DesUtils.java
import java.security.Key; import java.security.Security; import javax.crypto.Cipher; /** * DES加密和解密工具,可以对字符串进行加密和解密操作 。 */ public class DesUtils { /** 字符串默认键值 */ private static String strDefaultKey = "national"; /** 加密工具 */ private Cipher encryptCipher = null; /** 解密工具 */ private Cipher decryptCipher = null; /** * 将byte数组转换为表示16进制值的字符串, 如:byte[]{8,18}转换为:0813, 和public static byte[] * hexStr2ByteArr(String strIn) 互为可逆的转换过程 * * @param arrB * 需要转换的byte数组 * @return 转换后的字符串 * @throws Exception * 本方法不处理任何异常,所有异常全部抛出 */ public static String byteArr2HexStr(byte[] arrB) throws Exception { int iLen = arrB.length; // 每个byte用两个字符才能表示,所以字符串的长度是数组长度的两倍 StringBuffer sb = new StringBuffer(iLen * 2); for (int i = 0; i < iLen; i++) { int intTmp = arrB[i]; // 把负数转换为正数 while (intTmp < 0) { intTmp = intTmp + 256; } // 小于0F的数需要在前面补0 if (intTmp < 16) { sb.append("0"); } sb.append(Integer.toString(intTmp, 16)); } return sb.toString(); } /** * 将表示16进制值的字符串转换为byte数组, 和public static String byteArr2HexStr(byte[] arrB) * 互为可逆的转换过程 * * @param strIn * 需要转换的字符串 * @return 转换后的byte数组 * @throws Exception * 本方法不处理任何异常,所有异常全部抛出 * @author <a href="mailto:[email protected]">LiGuoQing</a> */ public static byte[] hexStr2ByteArr(String strIn) throws Exception { byte[] arrB = strIn.getBytes(); int iLen = arrB.length; // 两个字符表示一个字节,所以字节数组长度是字符串长度除以2 byte[] arrOut = new byte[iLen / 2]; for (int i = 0; i < iLen; i = i + 2) { String strTmp = new String(arrB, i, 2); arrOut[i / 2] = (byte) Integer.parseInt(strTmp, 16); } return arrOut; } /** * 默认构造方法,使用默认密钥 * * @throws Exception */ public DesUtils() throws Exception { this(strDefaultKey); } /** * 指定密钥构造方法 * * @param strKey * 指定的密钥 * @throws Exception */ public DesUtils(String strKey) throws Exception { Security.addProvider(new com.sun.crypto.provider.SunJCE()); Key key = getKey(strKey.getBytes()); encryptCipher = Cipher.getInstance("DES"); encryptCipher.init(Cipher.ENCRYPT_MODE, key); decryptCipher = Cipher.getInstance("DES"); decryptCipher.init(Cipher.DECRYPT_MODE, key); } /** * 加密字节数组 * * @param arrB * 需加密的字节数组 * @return 加密后的字节数组 * @throws Exception */ public byte[] encrypt(byte[] arrB) throws Exception { return encryptCipher.doFinal(arrB); } /** * 加密字符串 * * @param strIn * 需加密的字符串 * @return 加密后的字符串 * @throws Exception */ public String encrypt(String strIn) throws Exception { return byteArr2HexStr(encrypt(strIn.getBytes())); } /** * 解密字节数组 * * @param arrB * 需解密的字节数组 * @return 解密后的字节数组 * @throws Exception */ public byte[] decrypt(byte[] arrB) throws Exception { return decryptCipher.doFinal(arrB); } /** * 解密字符串 * * @param strIn * 需解密的字符串 * @return 解密后的字符串 * @throws Exception */ public String decrypt(String strIn) throws Exception { return new String(decrypt(hexStr2ByteArr(strIn))); } /** * 从指定字符串生成密钥,密钥所需的字节数组长度为8位 不足8位时后面补0,超出8位只取前8位 * * @param arrBTmp * 构成该字符串的字节数组 * @return 生成的密钥 * @throws java.lang.Exception */ private Key getKey(byte[] arrBTmp) throws Exception { // 创建一个空的8位字节数组(默认值为0) byte[] arrB = new byte[8]; // 将原始字节数组转换为8位 for (int i = 0; i < arrBTmp.length && i < arrB.length; i++) { arrB[i] = arrBTmp[i]; } // 生成密钥 Key key = new javax.crypto.spec.SecretKeySpec(arrB, "DES"); return key; } /** * main方法 。 * @author 刘尧兴 * @param args */ public static void main(String[] args) { try { String test = "http://127.0.0.1:8080/abc/rapcommon/member.jsp"; DesUtils des = new DesUtils("leemenz");//自定义密钥 System.out.println("加密前的字符:" + test); System.out.println("加密后的字符:" + des.encrypt(test)); System.out.println("解密后的字符:" + des.decrypt(des.encrypt(test))); System.out.println("解密后的字符:" + des.decrypt("2b7129c23b02f1375b2ffc6ebfd3eb7d94ee819e3716184c9c911d95dae331b7b980b906df35ef98040f983227fc609eff25ec610aa9c094")); } catch (Exception e) { e.printStackTrace(); } } }
login.jsp
... ... <% String tourl = request.getParameter("tourl"); if(tourl!=null&&tourl.length()>1){ tourl = com.phfund.rap.common.MyRedirect.geturl(tourl); } %> ... ... <h:form checkType="blur" method="post"action="org.gocom.abframe.auth.Login.flow"> <input type="hidden" name="tourl" value="<%=tourl%>"> ... ... ... </h:form>