一:实现思路
(1)将request强转成HttpServletRequest,这样才有getRequestURI()方法
(2)获取资源访问路径
(3)判断uri中是否有登录选项,要注意排除掉css/js/图片/验证码等资源
(4)如果包含登录选项,直接放行,如果不包含,则需要验证用户是否登录
(5)从session中获取user,登录了就放行,没有登录就转发到登录页面
二:代码实现
<code>
@WebFilter("/*")
public class LoginFilter implements Filter {
public void destroy() {
}
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException {
//先强转成HttpServletRequest,这样才有getRequestURI()方法
HttpServletRequest request = (HttpServletRequest) req;
//获取资源访问路径
String uri = request.getRequestURI();
System.out.println(uri);
//判断uri中是否有登录选项
if(uri.contains("login_v2.jsp")||uri.contains("/login")||uri.contains("/css/")|| uri.contains("/js/")|| uri.contains("/fonts/")||uri.contains("/code")){
//直接放行
chain.doFilter(req, resp);
}else {
//判断session中是否有user
//有,直接放行
Object user = request.getSession().getAttribute("user");
if(user!=null){
chain.doFilter(req, resp);
}else {
//没有,提醒去登录,并请求转发到登录页面
request.setAttribute("login-msg","您尚未登录,请登录");
request.getRequestDispatcher("/login_v2.jsp").forward(request,resp);
}
}
}
public void init(FilterConfig config) throws ServletException {
}
}
/<code>
分享到:
關鍵字: HttpServletRequest 登录 public
