有這樣一個需求,用戶密碼登錄網站,在session中保留了用戶的信息,但是用戶很長時間沒有再操作該界面,用戶的session則被瀏覽器清除,而一些業務邏輯則是需要用到用戶的信息,那么用戶再執行操作后,則會引起業務代碼報錯,這時我們就需要在用戶訪問的時候判斷一下用戶的信息是否存在,如何實現這個功能,我們這里用到了過濾器這個功能,在用戶訪問特定界面或者特定接口的時候,先進行過濾,復合條件再執行下一步操作,具體代碼如下:
package com.demo.filter; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import com.demo.entity.User; /** * 全站判斷用戶是否登錄過濾器 * @author zhangdi * */ public class AuthFilter implements Filter{ @Override public void destroy() { } @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletResponse resp = (HttpServletResponse)response; HttpServletRequest req = (HttpServletRequest)request; HttpSession session = req.getSession(); User user = (User)session.getAttribute("user"); String uri = req.getRequestURI(); //簡單判斷緩存中是否有用戶 if(user==null){//沒有用戶 //判斷用戶是否是選擇跳到登錄界面 if(uri.endsWith("login.jsp")||uri.endsWith("login.do")){ chain.doFilter(request, response); }else{ resp.sendRedirect(req.getContextPath()+"/login.jsp"); } }else{//有用戶 chain.doFilter(request, response); } chain.doFilter(request, response); } @Override public void init(FilterConfig filterConfig) throws ServletException { } }
注意,這個過濾器需要在web.xml中聲明,不然不會被項目調用,代碼如下:
<!-- 登錄認證過濾器 --> <filter> <filter-name>auth</filter-name> <filter-class>com.demo.filter.AuthFilter</filter-class> </filter> <filter-mapping> <filter-name>auth</filter-name> <url-pattern>*.jsp</url-pattern> </filter-mapping> <filter-mapping> <filter-name>auth</filter-name> <url-pattern>*.do</url-pattern> </filter-mapping>
這里配置過濾的范圍是所有的jsp界面以及所有以.do結尾的接口