使用纯servlet实现
1、java代码
(1)不用拦截jsp,只拦截指定请求
package web.md.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class LoginFilter implements Filter{
public void destroy() {
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
//获取登录标记
HttpServletRequest req=(HttpServletRequest)request;
String username=(String)req.getSession(true).getAttribute("username");
//判断标记是否存在
if(username==null){
((HttpServletResponse)response).sendRedirect(req.getContextPath()+"/jsp/login.jsp");
return;//return 一定要使用
}else{
chain.doFilter(request, response);
}
}
public void init(FilterConfig config) throws ServletException {
}
}
(2)需要拦截jsp等请求
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
public class ValidLoginFilter implements Filter {
private FilterConfig filterconfig = null;
public void init(FilterConfig config) throws ServletException {
this.filterconfig = config;
}
public void destroy() {
this.filterconfig = null;
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest hreq = (HttpServletRequest) request;
String currentURI = hreq.getRequestURL().toString();
//判断是否是要过滤的资源
if (currentURI != null) {
if(currentURI.indexOf("user.do") != -1||currentURI.indexOf("coupons.do")!= -1 )
{
chain.doFilter(request, response);
return ;
}
else if(currentURI.indexOf("testuser.do") != -1)
{
chain.doFilter(request, response);
return ;
}
else if(currentURI.indexOf("createorder.do") != -1)
{
chain.doFilter(request, response);
return ;
}//判断请求中是否包含以下内容
else if (currentURI.indexOf("loginagain.jsp") <= 0) {
if (((currentURI.indexOf("index.jsp") <= 0)
&& (currentURI.indexOf("login.jsp") <= 0)
&& (currentURI.indexOf("logout.jsp") <= 0)
&& (currentURI.indexOf("loginagain.jsp") <= 0)
&& (currentURI.indexOf(".jsp") > 0))
|| ((currentURI.indexOf("login.do") <= 0)
&& (currentURI.indexOf("userlogout.do") <= 0) && (currentURI
.indexOf(".do") > 0))) {
// 判断用户是否登录
HttpSession session = hreq.getSession(false);
if ((session != null)&& (session.getAttribute("username") != null)) {
} //session 有效结束
else { //session 无效 重新登录\
filterconfig.getServletContext().getRequestDispatcher("/my/loginagain.jsp").forward(request, response);
return;
}
}
}
} else {
filterconfig.getServletContext().getRequestDispatcher("/my/loginagain.jsp").forward(request, response);
return;
}
chain.doFilter(request, response);
}
}
2、web.xml文件的配置
(1)指定拦截请求
<!-- 强制登录 -->
<filter>
<filter-name>LoginFilter</filter-name>
<filter-class>web.md.filter.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>/baoming/*</url-pattern>//包名一定要注意分包
<dispatcher>REQUEST</dispatcher>//所有客户端的request请求
</filter-mapping>
(2)需要拦截jsp等资源
<filter>
<filter-name>validloginfilter</filter-name>
<filter-class>com.nes.project.frame.commonuitl.ValidLoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>validloginfilter</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>validloginfilter</filter-name>
<url-pattern>*.do</url-pattern>
</filter-mapping>
