一:实现思路
(1)将request强转成HttpServletRequest,这样才有getRequestURI()方法
(2)获取资源访问路径
(3)判断uri中是否有登录选项,要注意排除掉css/js/图片/验证码等资源
(4)如果包含登录选项,直接放行,如果不包含,则需要验证用户是否登录
(5)从session中获取user,登录了就放行,没有登录就转发到登录页面
二:代码实现
<code> @WebFilter("/*") public class LoginFilter implements Filter { public void destroy() { } public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException { //先强转成HttpServletRequest,这样才有getRequestURI()方法 HttpServletRequest request = (HttpServletRequest) req; //获取资源访问路径 String uri = request.getRequestURI(); System.out.println(uri); //判断uri中是否有登录选项 if(uri.contains("login_v2.jsp")||uri.contains("/login")||uri.contains("/css/")|| uri.contains("/js/")|| uri.contains("/fonts/")||uri.contains("/code")){ //直接放行 chain.doFilter(req, resp); }else { //判断session中是否有user //有,直接放行 Object user = request.getSession().getAttribute("user"); if(user!=null){ chain.doFilter(req, resp); }else { //没有,提醒去登录,并请求转发到登录页面 request.setAttribute("login-msg","您尚未登录,请登录"); request.getRequestDispatcher("/login_v2.jsp").forward(request,resp); } } } public void init(FilterConfig config) throws ServletException { } } /<code>