javaweb-27:Filter实现权限拦截
2021/10/23 17:11:31
本文主要是介绍javaweb-27:Filter实现权限拦截,对大家解决编程问题具有一定的参考价值,需要的程序猿们随着小编来一起学习吧!
用户登录之后才能进入主页,用户注销后就不能进入主页了!
1.用户登录之后,向session中放入用户的数据
2.进入主页的时候,要判断用户是否已经登录 。要求:在过滤器中实现
代码show
SysFilter.java
package com.gongyi.filter; import javax.servlet.*; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; public class SysFilter implements Filter { public void init(FilterConfig filterConfig) throws ServletException { } public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException { //ServletRequest HttpServletRequest HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) resp; if(request.getSession().getAttribute("USER_SESSION") == null) { response.sendRedirect("/error.jsp"); } chain.doFilter(request,response); } public void destroy() { } }
LoginServlet.java
package com.gongyi.servlet; import com.gongyi.util.Constant; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; public class LoginServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { //获取前端请求的参数 String username = req.getParameter("username"); if(username.equals("admin")) {//登录成功 req.getSession().setAttribute(Constant.USER_SESSION,req.getSession().getId()); resp.sendRedirect("/sys/success.jsp"); } else {//登录失败 resp.sendRedirect("/error.jsp"); } } @Override protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { doGet(req, resp); } }
LogoutServlet.java
package com.gongyi.servlet; import com.gongyi.util.Constant; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; public class LogoutServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { Object user_session = req.getSession().getAttribute(Constant.USER_SESSION); if(user_session != null) { req.getSession().removeAttribute(Constant.USER_SESSION); resp.sendRedirect("/Login.jsp"); } else { resp.sendRedirect("/Login.jsp"); } } @Override protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { doGet(req, resp); } }
Constant.java
package com.gongyi.util; public class Constant { public final static String USER_SESSION = "USER_SESSION"; }
web.xml
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd" version="4.0"> <servlet> <servlet-name>LoginServlet</servlet-name> <servlet-class>com.gongyi.servlet.LoginServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>LoginServlet</servlet-name> <url-pattern>/servlet/login</url-pattern> </servlet-mapping> <servlet> <servlet-name>LogoutServlet</servlet-name> <servlet-class>com.gongyi.servlet.LogoutServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>LogoutServlet</servlet-name> <url-pattern>/servlet/logout</url-pattern> </servlet-mapping> <servlet> <servlet-name>ShowServlet</servlet-name> <servlet-class>com.gongyi.servlet.ShowServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>ShowServlet</servlet-name> <url-pattern>/show</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>ShowServlet</servlet-name> <url-pattern>/servlet/show</url-pattern> </servlet-mapping> <filter> <filter-name>CharacterEncodingFilter</filter-name> <filter-class>com.gongyi.filter.CharacterEncodingFilter</filter-class> </filter> <filter-mapping> <filter-name>CharacterEncodingFilter</filter-name> <!--只要是/servlet的任何请求,会经过这个过滤器--> <url-pattern>/servlet/*</url-pattern> <!--<url-pattern>/*</url-pattern>--> </filter-mapping> <filter> <filter-name>SysFilter</filter-name> <filter-class>com.gongyi.filter.SysFilter</filter-class> </filter> <filter-mapping> <filter-name>SysFilter</filter-name> <url-pattern>/sys/*</url-pattern> </filter-mapping> <!-- 注册监听器--> <listener> <listener-class>com.gongyi.listener.OnlineCountListener</listener-class> </listener> <session-config> <session-timeout>1</session-timeout> </session-config> </web-app>
sys/success.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %> <html> <head> <title>Title</title> </head> <body> <%--一般用过滤器实现,jsp只负责展示--%> <%--<% Object userSession = request.getSession().getAttribute("USER_SESSION"); if(userSession == null) { response.sendRedirect("/Login.jsp"); } %>--%> <h1>主页</h1> <p> <a href="/servlet/logout">注销</a> </p> </body> </html>
error.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %> <html> <head> <title>Title</title> </head> <body> <h1>错误</h1> <h3>没有权限,用户名错误</h3> <a href="/Login.jsp">返回登录页面</a> </body> </html>
Login.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %> <html> <head> <title>Title</title> </head> <body> <h1>登录</h1> <form action="/servlet/login" method="post"> <input type="text" name="username"> <input type="submit"> </form> </body> </html>
彩蛋
1.一个页面如何限制只有登录才能访问
1)jsp控制
<% Object userSession = request.getSession().getAttribute("USER_SESSION"); if(userSession == null) { response.sendRedirect("/Login.jsp"); } %>
2)过滤器控制
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException { //ServletRequest HttpServletRequest HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) resp; if(request.getSession().getAttribute("USER_SESSION") == null) { response.sendRedirect("/error.jsp"); } chain.doFilter(request,response); }
2.“USER_SESSION” 与Constant.USER_SESSION对比
体会:提取常量的好处
3.发散思维:
用vip1.jsp,vip2.jsp,vip3.jsp简单模拟不同vip看到的页面不同效果
4.程序不是一下写好的
先完成基本功能
再不断完善,优化
这篇关于javaweb-27:Filter实现权限拦截的文章就介绍到这儿,希望我们推荐的文章对大家有所帮助,也希望大家多多支持为之网!
- 2024-07-02springboot项目无法注册到nacos-icode9专业技术文章分享
- 2024-06-26结对编程到底难不难?答案在这里
- 2024-06-19《2023版Java工程师》课程升级公告
- 2024-06-15matplotlib作图不显示3D图,怎么办?
- 2024-06-1503-Loki 日志监控
- 2024-06-1504-让LLM理解知识 -Prompt
- 2024-06-05做软件测试需要懂代码吗?
- 2024-06-0514-ShardingSphere的分布式主键实现
- 2024-06-03为什么以及如何要进行架构设计权衡?
- 2024-05-31全网首发第二弹!软考2024年5月《软件设计师》真题+解析+答案!(11-20题)