过滤器实现登录验证及拒绝直接输url访问网页
package com.filter;
import java.io.ioexception;
import javax.servlet.filter;
import javax.servlet.filterchain;
import javax.servlet.filterconfig;
import javax.servlet.servletexception;
import javax.servlet.servletrequest;
import javax.servlet.servletresponse;
import javax.servlet.http.httpservletrequest;
import javax.servlet.http.httpservletresponse;
import javax.servlet.http.httpsession;
public class authfilter implements filter {
public static final string login_page = "/login.jsp";
public static final string logout_page = "/administrator/public/logout.jsp";
public static final string[] except_page = {"logincheck.jsp"};
public void destroy() {
}
public void dofilter(servletrequest servletrequest, servletresponse servletresponse,
filterchain filterchain) throws ioexception, servletexception {
httpservletrequest request = (httpservletrequest) servletrequest;
/**
* 如果处理http请求,并且需要访问诸如getheader或getcookies等在servletrequest中
* 无法得到的方法,就要把此request对象构造成httpservletrequest
*/
httpservletresponse response = (httpservletresponse) servletresponse;
string currenturl = request.getrequesturi(); // 取得根目录所对应的绝对路径:
httpsession session = request.getsession(false);
boolean bool = false;
for (int i = 0; i< except_page.length; i++){
if (currenturl.indexof(except_page[i])>=0){
bool = true;
break;
}
}
if (currenturl.indexof(login_page) == -1 && currenturl.indexof(logout_page) == -1 && currenturl.indexof(".jsp") > -1 && !bool) {
// 判断当前页是否是重定向以后的登录页面,如果是就不做session的判断,防止出现死循环
string ref = request.getheader("referer"); //是否是从地址栏直接输入的地址吗?
if (session == null || session.getattribute("username") == null || session.getattribute("username").equals("") || (ref==null) || (ref.equals(""))) {
response.sendredirect(request.getcontextpath()
+ logout_page);
return;
}
}
// 加入filter链继续向下执行
filterchain.dofilter(request, response);
}
public void init(filterconfig arg0) throws servletexception {
}
}
-------------------------------------------------------------------------------------------------------
web.xml中设置如下:
<!-- login check begin -->
<filter>
<filter-name>authfilter</filter-name>
<filter-class>com.filter.authfilter</filter-class>
</filter>
<filter-mapping>
<filter-name>authfilter</filter-name>
<url-pattern>/administrator/*</url-pattern>
</filter-mapping>
<!-- login check end-->
郑重声明:本站内容如果来自互联网及其他传播媒体,其版权均属原媒体及文章作者所有。转载目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。
