如何通过过滤器实现防止用户直接使用网址访问页面,跳过用户登录验证?

思路:用户输入用户名和密码(数据库中无需存在该用户名和密码,表示有登录行为)后,创建一个session保存该用户对象,在过滤器中读取这个session,若是session不为null,通过过滤器过滤,若是为null,不能通过过滤器,跳转到error.jsp页


login.jsp页面

</head>
<script type="text/javascript">
	function validate(){
		//验证
		var userCode = document.getElementById("userCode").value;
		var userPassword = document.getElementById("userPassword").value;
		var userCodeSpan = document.getElementById("userCodeSpan");
		var userPasswordSpan = document.getElementById("userPasswordSpan");
		var flag = true;
		if(userCode == null  || userCode == ''){
			userCodeSpan.innerHTML = "请输入用户名";
			flag = false;
		}
		if(userPassword == null || userPassword == ''){
			userPasswordSpan.innerHTML = "请输入密码";
			flag = false;
		}
		//提交
		var actionForm = document.getElementById("actionForm");
		if(flag){
			actionForm.submit();
		}
		
	}
  </script>


<body> 
		<form  action="${pageContext.request.contextPath }/servlet/LonginServlet"  name="actionForm" id="actionForm"  method="post" >
			<dl>
				<dt>用户名:</dt>
				<dd><input type="text" id="userCode" name="userCode"/> <span id="userCodeSpan"></span> </dd>
				<dt>密 码:</dt>
				<dd><input type="password"  id="userPassword" name="userPassword"/><span id="userPasswordSpan"></span></dd>
			</dl>
			<div class="buttons">
			    ${error }
				<input type="button"   value="登录系统" οnclick="validate();" />
				<input type="reset"  value="重  填" class="input-button" />
			</div>
		</form>


</body>
</html

loginServlet.java

package com.kgc.servlet;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import com.kgc.pojo.User;

public class LonginServlet extends HttpServlet {

	public void doGet(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {

		this.doPost(request, response);
	}

	
	public void doPost(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {
			String userCode=request.getParameter("userCode");
			String userPassword=request.getParameter("userPassword");
			//调用service方法,
			User user=new User();
			user.setUserCode(userCode);
			user.setUserPassword(userPassword);
			//
		
			if(user!=null){//不为null,用户有登录行为
				request.getSession().setAttribute("userSession", user);
				response.sendRedirect("/web05/jsp/admin.jsp");
			}else{
				System.out.println("用户没有登录行为");
			}
			
	}

}

loginFilter.java

package com.kgc.filter;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import com.kgc.pojo.User;

public class LoginFilter implements Filter{



	@Override
	public void doFilter(ServletRequest request, ServletResponse response,
			FilterChain arg2) throws IOException, ServletException {
		// TODO Auto-generated method stub
		//通过过滤器进行登录过滤,不是进行合法用户名密码登录的,不可以跳转到下一页面,防止通过路径直接访问网页
		HttpServletRequest requ=(HttpServletRequest)request;
		HttpServletResponse res=(HttpServletResponse)response;
		User userSession=(User)requ.getSession().getAttribute("userSession");
		if(userSession==null){
			res.sendRedirect("/web05/error.jsp");
		}else{
			arg2.doFilter(request, response);
		}
	}

	@Override
	public void destroy() {
		// TODO Auto-generated method stub
		
	}

	@Override
	public void init(FilterConfig arg0) throws ServletException {
		// TODO Auto-generated method stub
		
	}

	

}

web.xml

  <filter>
  	<filter-name>LoginFilter</filter-name>
  	<filter-class>com.kgc.filter.LoginFilter</filter-class>
  </filter>
  
  <filter-mapping>
  	<filter-name>LoginFilter</filter-name>
  	<url-pattern>/jsp/*</url-pattern> //error.jsp页面千万不能放在jsp目录的下面,这样就跳转不到error.jsp页面
  </filter-mapping>




已标记关键词 清除标记
相关推荐
©️2020 CSDN 皮肤主题: 精致技术 设计师:CSDN官方博客 返回首页