步骤
1.form表单请求登录
2.验证登录成功,进入登录成功页面
3.权限拦截:当直接通过登录成功的URL访问时(跳过用户登录验证),不能直接访问。
核心代码部分:
LoginServlet用户名验证:
1 protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { 2 String username = req.getParameter("username"); 3 System.out.println(username); 4 if (username.equals("admin")){ 5 req.getSession().setAttribute(Constant.USER_SESSION, req.getSession().getId()); 6 resp.sendRedirect("/sys/success.jsp"); 7 }else{ 8 resp.sendRedirect("/error.jsp"); 9 } 10 }
LogoutServlet session判断:
1 protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { 2 Object user_session = req.getSession().getAttribute(Constant.USER_SESSION); 3 if(user_session!=null){ 4 req.getSession().removeAttribute(Constant.USER_SESSION); 5 resp.sendRedirect("/Login.jsp"); 6 }else { 7 resp.sendRedirect("/Login.jsp"); 8 } 9 10 }
在success.jsp页面判断 非法URL是否可以登录(一般不在jsp页面,而是通过filter实现):
1 <body> 2 <%--不用filter,在success页面判断,session为空,则返回Login,就不用http://localhost:8080/sys/success.jsp直接能访问--%> 3 <% 4 Object attribute = request.getSession().getAttribute(Constant.USER_SESSION); 5 if(attribute==null){ 6 response.sendRedirect("/Login.jsp"); 7 } 8 %> 9 <h1>home</h1> 10 <p><a href="/servlet/logout">Logout</a></p> 11 </body> 12 </html>
Filter权限拦截:对URL:http://localhost:8080/sys/success.jsp进行过滤,同上。
1 public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { 2 HttpServletRequest req = (HttpServletRequest)request; 3 HttpServletResponse resp =(HttpServletResponse)response; 4 5 if(req.getSession().getAttribute(Constant.USER_SESSION)==null){ 6 resp.sendRedirect("/Login.jsp"); 7 } 8 chain.doFilter(req,resp); 9 10 }
注意:这里ServletRequest,ServletResponse需要进行强转。
web.xml配置
1 <filter> 2 <filter-name>CharacterEncodingFilter</filter-name> 3 <filter-class>com.ming.filter.CharacterEncodingFilter</filter-class> 4 </filter> 5 6 <filter-mapping> 7 <filter-name>CharacterEncodingFilter</filter-name> 8 <!--过滤servlet下的任何请求--> 9 <url-pattern>/servlet/*</url-pattern> 10 </filter-mapping> 11 12 <filter> 13 <filter-name>SysFilter</filter-name> 14 <filter-class>com.ming.listener.SysFilter</filter-class> 15 </filter> 16 <filter-mapping> 17 <filter-name>SysFilter</filter-name> 18 <url-pattern>/sys/*</url-pattern> 19 </filter-mapping>
常量需要用一个类来保存:
1 package com.ming.util; 2 3 public class Constant { 4 public static final String USER_SESSION = "USER_SESSION"; 5 }