标签:getSession 27 javaweb resp req Filter SESSION jsp USER
27,Filter 实现权限拦截
用户登录之后才能进入主页!用户注销后就不能进入主页了!
-
用户登录之后,向Sesison中放入用户的数据
-
进入主页的时候要判断用户是否已经登录;要求:在过滤器中实现!
login.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>Title</title>
</head>
<body>
<h1>登录页面</h1>
<form action="/servlet/login" method="get">
用户名:<input type="text" name="username"> <br>
<input type="submit"name="登录">
</form>
</body>
</html>
LoginServelt.java
public class LoginServelt extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
//获取前端的参数
String username = req.getParameter( "username" );
if (username.equals( "admin" )){//登录成功
req.getSession( ).setAttribute( Constant.USER_SESSION,req.getSession().getId());
resp.sendRedirect( "/sys/success.jsp" );
}else{//登录失败
resp.sendRedirect( "/error.jsp" );
}
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
doGet( req, resp );
}
}
error.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>Title</title>
</head>
<body>
<h1>错误</h1>
<h3>没有权限,用户错误</h3>
<a href="/login.jsp">返回登录页面</a>
</body>
</html>
success.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>Title</title>
</head>
<body>
<%--
<%
Object user_session = request.getSession().getAttribute( "USER_SESSION" );
if(user_session == null){
response.sendRedirect( "/login.jsp" );
}
%>
--%>
<h1>主页</h1>
<p><a href="/servlet/logout">注销</a></p>
</body>
</html>
LogoutServlet.java
public class LogoutServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
Object user_session = req.getSession().getAttribute( Constant.USER_SESSION );
if (user_session != null){
req.getSession().removeAttribute( Constant.USER_SESSION );
resp.sendRedirect( "/login.jsp" );
}else{
resp.sendRedirect( "/login.jsp" );
}
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
doGet( req, resp );
}
}
SysFilter.java
public class SysFilter implements Filter {
public void init(FilterConfig filterConfig) throws ServletException {
}
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException {
/* if (req.getSession( ).setAttribute( Constant.USER_SESSION).level ==VIP1){
response.sendRedirect( "/vip1.jsp" );
}
if (req.getSession( ).setAttribute( Constant.USER_SESSION).level ==VIP2){
response.sendRedirect( "/vip2.jsp" );
}
if (req.getSession( ).setAttribute( Constant.USER_SESSION).level ==VIP3){
response.sendRedirect( "/vip3.jsp" );
}*/
//ServletRequest HttpServletRequest
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) resp;
Object user_session = request.getSession().getAttribute( Constant.USER_SESSION);
if (request.getSession().getAttribute( Constant.USER_SESSION) == null){
response.sendRedirect( "/error.jsp" );
}
chain.doFilter( request,response );
}
public void destroy() {
}
}
xml
<servlet>
<servlet-name>LoginServelt</servlet-name>
<servlet-class>com.study.servlet.LoginServelt</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>LoginServelt</servlet-name>
<url-pattern>/servlet/login</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>LogoutServlet</servlet-name>
<servlet-class>com.study.servlet.LogoutServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>LogoutServlet</servlet-name>
<url-pattern>/servlet/logout</url-pattern>
</servlet-mapping>
<filter>
<filter-name>SysFilter</filter-name>
<filter-class>com.study.filter.SysFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>SysFilter</filter-name>
<!--只要是/servlet的任何请求,会经过这个过滤器,都会被过滤-->
<url-pattern>/sys/*</url-pattern>
</filter-mapping>
标签:getSession,27,javaweb,resp,req,Filter,SESSION,jsp,USER 来源: https://www.cnblogs.com/jianchizuo/p/16299455.html
本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享; 2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关; 3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关; 4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除; 5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。