`

Java web过滤器验证登录(避免未经登录进入主页)

java weblogin filterFilterLoginFilter
阅读更多

 

要想实现此功能,分以下两步:

1.配置web.xml:

<filter>
		<filter-name>LoginFilter</filter-name>
		<filter-class>com.yusj.core.filter.LoginFilter</filter-class>
	</filter>
	<filter-mapping>
		<filter-name>LoginFilter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

 

2.创建过滤器实现类,实现Filter接口:

package com.yusj.core.filter;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

/**
 * 
* @ClassName: LoginFilter 
* @Description: 登录过滤器 
* @author shaojian.yu
* @date 2014年11月3日 下午1:19:28 
*
 */
public class LoginFilter implements Filter {

	/**
	 * 
	  * Title:doFilter
	  * Description: 所有请求都走此过滤器来判断用户是否登录
	  * user: shaojian.yu
	  * date:  2014 2014年11月3日
	  * @param servletRequest
	  * @param servletResponse
	  * @param filterChain
	  * @throws IOException
	  * @throws ServletException
	  * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)
	 */
	@Override
	public void doFilter(ServletRequest servletRequest,
			ServletResponse servletResponse, FilterChain filterChain)
			throws IOException, ServletException {
		// 判断是否是http请求
		if (!(servletRequest instanceof HttpServletRequest)
				|| !(servletResponse instanceof HttpServletResponse)) {
			throw new ServletException(
					"OncePerRequestFilter just supports HTTP requests");
		}
		// 获得在下面代码中要用的request,response,session对象
		HttpServletRequest httpRequest = (HttpServletRequest) servletRequest;
		HttpServletResponse httpResponse = (HttpServletResponse) servletResponse;
		HttpSession session = httpRequest.getSession(true);

		String[] strs = { "loginpage", "login", "logout", "static" }; // 路径中包含这些字符串的,可以不用登录直接访问
		StringBuffer url = httpRequest.getRequestURL();
		
		/**
		 * 过滤掉根目录
		 */
		String path = httpRequest.getContextPath();
		String protAndPath = httpRequest.getServerPort() == 80 ? "" : ":"
				+ httpRequest.getServerPort();
		String basePath = httpRequest.getScheme() + "://"
				+ httpRequest.getServerName() + protAndPath + path + "/";
		if (basePath.equalsIgnoreCase(url.toString())) {
			filterChain.doFilter(servletRequest, servletResponse);
			return;
		}
		// 特殊用途的路径可以直接访问
		if (strs != null && strs.length > 0) {
			for (String str : strs) {
				if (url.indexOf(str) >= 0) {
					filterChain.doFilter(servletRequest, servletResponse);
					return;
				}
			}
		}
		// 从session中获取用户信息
		String loginInfo = (String) session.getAttribute("username");
		if (null != loginInfo && !"".equals(loginInfo)) {
			// 用户存在,可以访问此地址
			filterChain.doFilter(servletRequest, servletResponse);
		} else {
			// 用户不存在,踢回登录页面
			String returnUrl = httpRequest.getContextPath() + "/loginpage";
			httpRequest.setCharacterEncoding("UTF-8");
			httpResponse.setContentType("text/html; charset=UTF-8"); // 转码
			httpResponse
					.getWriter()
					.println(
							"<script language=\"javascript\">alert(\"您还没有登录,请先登录!\");if(window.opener==null){window.top.location.href=\""
									+ returnUrl
									+ "\";}else{window.opener.top.location.href=\""
									+ returnUrl
									+ "\";window.close();}</script>");
			return;
		}

	}

	@Override
	public void init(FilterConfig arg0) throws ServletException {

	}

	@Override
	public void destroy() {

	}

}

 

工作中遇到,留备用。

 

 

0
0
分享到:
| Maven Web工程,默认jdk配置
评论
1 楼 chenzheng8975 2014-11-04  
不错
发表评论

您还没有登录,请您登录后再发表评论

相关推荐

Magicbox
Global site tag (gtag.js) - Google Analytics