什么是Filter实现权限拦截,比如说我们登陆一个网站,登陆成功后可以访问其中的内容,退出登陆后就不能再对内容进行访问,这就用到了我们的Filter实现权限拦截。

那么具体是怎么实现的呢?

原理很简单,我们可以给已登录用户session存放一个用于标记登陆的数据,只需要在过滤器里看能否获取数据来进行是否有权访问的判断。

话不多说,我们直接开始。

一、建立一个登陆页面index.jsp

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>登录</title>
</head>
<body>
<h1>登录</h1>
<form action="/checkuser">
用户名:<input type="text" name="username" />
<input type="submit" value="登录"/>
</form>
</body>
</html>

二、建立一个登陆成功的页面,具有注销功能

先建立一个sys文件,在sys文件下建立loginsuccess.jsp

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>主界面</title>
</head>
<body>
<h1>登录成功</h1>
<h1><a href="/Logout">注销</a></h1>
</body>
</html>

三、建立一个servlet用于验证登录CheckUser.class

 1 package com.jms.servlet;
 2 
 3 import java.io.IOException;
 4 
 5 import javax.servlet.ServletException;
 6 import javax.servlet.http.HttpServlet;
 7 import javax.servlet.http.HttpServletRequest;
 8 import javax.servlet.http.HttpServletResponse;
 9 
10 public class CheckUser extends HttpServlet{
11 
12     /**
13      * 
14      */
15     private static final long serialVersionUID = 1L;
16 
17     @Override
18     protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
19         String username = req.getParameter("username");
20         if(username.equals("admin")) {
21             req.getSession().setAttribute("USER_ID", req.getSession().getId());
22             resp.sendRedirect("/sys/loginsuccess.jsp");
23         }else {
24             resp.sendRedirect("/index.jsp");
25         }
26     }
27 
28     @Override
29     protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
30         doGet(req, resp);
31     }
32     
33 }

修改web.xml注册servelt

     <servlet>
            <servlet-name>CheckUser</servlet-name>
            <servlet-class>com.jms.servlet.CheckUser</servlet-class>
        </servlet>
        <servlet-mapping>
            <servlet-name>CheckUser</servlet-name>
            <url-pattern>/checkuser</url-pattern>
        </servlet-mapping>

四、建立一个Servlet用于注销用户LogoutServlet.class

 1 package com.jms.servlet;
 2 
 3 import java.io.IOException;
 4 
 5 import javax.servlet.ServletException;
 6 import javax.servlet.http.HttpServlet;
 7 import javax.servlet.http.HttpServletRequest;
 8 import javax.servlet.http.HttpServletResponse;
 9 
10 public class LogoutServlet extends HttpServlet{
11 
12     /**
13      * 
14      */
15     private static final long serialVersionUID = 1L;
16 
17     @Override
18     protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
19         if(req.getSession().getAttribute("USER_ID") != null) {
20             req.getSession().removeAttribute("USER_ID");
21             resp.sendRedirect("/index.jsp");
22         }
23     }
24 
25     @Override
26     protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
27         doGet(req, resp);
28     }
29     
30     
31 
32 }

修改web.xml

        <servlet>
            <servlet-name>LogoutServlet</servlet-name>
            <servlet-class>com.jms.servlet.LogoutServlet</servlet-class>
        </servlet>
        <servlet-mapping>
            <servlet-name>LogoutServlet</servlet-name>
            <url-pattern>/Logout</url-pattern>
        </servlet-mapping>            

 

五、建立一个过滤器拦截未登陆的用户

 1 package com.jms.filter;
 2 
 3 import java.io.IOException;
 4 
 5 import javax.servlet.Filter;
 6 import javax.servlet.FilterChain;
 7 import javax.servlet.ServletException;
 8 import javax.servlet.ServletRequest;
 9 import javax.servlet.ServletResponse;
10 import javax.servlet.http.HttpServletRequest;
11 import javax.servlet.http.HttpServletResponse;
12 
13 public class UserFilter implements Filter{
14 
15     @Override
16     public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
17             throws IOException, ServletException {
18         HttpServletRequest req = (HttpServletRequest)request;
19         HttpServletResponse resp = (HttpServletResponse)response;
20         if(req.getSession().getAttribute("USER_ID") == null) {
21             resp.sendRedirect("/index.jsp");
22         }else {
23             resp.sendRedirect("/sys/loginsuccess.jsp");
24         }
25         chain.doFilter(request, response);//给其他过滤器放行
26     }
27 
28 }

修改web.xml

     <filter>
            <filter-name>UserFilter</filter-name>
            <filter-class>com.jms.filter.UserFilter</filter-class>
        </filter>
        <filter-mapping>
            <filter-name>UserFilter</filter-name>
            <url-pattern>/sys/*</url-pattern>
        </filter-mapping>

六、测试

首先输入错误用户名登陆

 

返回了登陆页面

 

 

 接着我们输入正确用户名“admin”

 

 成功登录

 

 我们复制网址,点击注销后,直接输入网址进入

 

 此时会直接跳转回登陆页面,无法再进入。

 

(本文仅作跟人学习记录用,如有纰漏,敬请指正)