實現了登錄時權限控制:進入首頁、登錄頁以及登錄servlet時,不用驗證權限;進入其它頁面時,須驗證是否登錄,未登錄則跳轉到登錄頁。
一個簡單的首頁:index.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>首頁</title> </head> <body> 首頁 <br/> <br/> <a href="<%= request.getContextPath() %>/17/hello.jsp">hello.jsp</a><br/> <% String flag = ""; Object object = session.getAttribute("flag"); if(object != null) { flag = object.toString(); } if(flag.equals("login_success")) { %> <a href="<%= request.getContextPath() %>/LogoutServlet">退出</a> <% } else { %> <a href="<%= request.getContextPath() %>/17/login.jsp">登錄</a><br/> <% } %> </body> </html>
首頁中的holle.jsp:
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>Insert title here</title> </head> <body> <%! String str = "hello world"; %> <% out.print(str); %> <br/> <a href="<%= request.getContextPath() %>/17/index.jsp">首頁</a> </body> </html>
首頁中登錄頁面:login.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>用戶登錄</title> <script type="text/javascript"> function check(form) { if(document.forms.loginForm.userName.value==""){ alert("請輸入用戶名"); document.forms.loginForm.userName.focus(); return false; } else if (document.forms.loginForm.password.value==""){ alert("請輸入用戶密碼"); document.forms.loginForm.password.focus(); return false; } } </script> </head> <body> <form action="<%= request.getContextPath() %>/LoginServlet" method="post" name="loginForm"> <% if(request.getAttribute("return_uri") != null) { %> <input type="hidden" name="return_uri" value="<%= request.getAttribute("return_uri") %>" /> <% } %> 用戶名:<input type="text" name = "userName" /> 密碼:<input type="password" name = "password" /> <input type="submit" value="提交" onclick="return check(this);"/> <input type="reset" value="重置" /> </form> <% if(request.getAttribute("msg")!=null && !request.getAttribute("msg").toString().equals("")){ out.print(request.getAttribute("msg")); } %> </body> </html>
登錄servlet:LoginServlet.java
package com.stydt.servlet; import java.io.IOException; import javax.servlet.RequestDispatcher; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class LoginServlet extends HttpServlet { private static final long serialVersionUID = 1L; public LoginServlet() { super(); } protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { doPost(request, response); } protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String userName = request.getParameter("userName"); String password = request.getParameter("password"); // 訪問登錄頁面之前所訪問的頁面,可通過這個值跳轉至之前的頁面 String returnUri = request.getParameter("return_uri"); RequestDispatcher rd = null; if (userName == null || password == null) { request.setAttribute("msg", "用戶名或密碼為空"); } else { if (userName.equals("stydt") && password.equals("123456")) { /* 登錄成功 */ // 將登錄狀態保存到session對象中 request.getSession().setAttribute("flag", "login_success"); /* 判斷登錄之前的上一個頁面是否存在 */ if (returnUri != null) { // 存在則跳轉到登錄之前的界面 rd = request.getRequestDispatcher(returnUri); rd.forward(request, response); } else { // 不存在則跳轉到首頁 rd = request.getRequestDispatcher("/17/index.jsp"); rd.forward(request, response); } } else { /* 登錄失敗 */ // 將登錄狀態修改為失敗 request.getSession().setAttribute("flag", "login_error"); request.setAttribute("msg", "用戶名或密碼錯誤"); // 失敗后跳轉到登錄界面 rd = request.getRequestDispatcher("/17/login.jsp"); rd.forward(request, response); } } } }
退出servlet:LogoutServlet.java
package com.stydt.servlet; import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class LogoutServlet extends HttpServlet { private static final long serialVersionUID = 1L; public LogoutServlet() { super(); } protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { doPost(request, response); } protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // 注銷session的值 request.getSession().invalidate(); // 將網頁重定向到首頁 response.sendRedirect(request.getContextPath() + "/17/index.jsp"); } }
驗證登錄狀態Filter:PemissionFilte.java
package com.stydt.filter; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.RequestDispatcher; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; public class PemissionFilter implements Filter { public PemissionFilter() { } public void init(FilterConfig fConfig) throws ServletException { } public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { // 將請求與響應向下轉換 HttpServletResponse res = (HttpServletResponse) response; HttpServletRequest req = (HttpServletRequest) request; // 獲得訪問界面的url文件地址 String servletPath = req.getServletPath(); HttpSession session = req.getSession(); // 獲取登錄狀態 String flag = (String) session.getAttribute("flag"); /* 判斷是否是登錄頁、首頁、登錄servlet */ if (servletPath != null && (servletPath.equals("/17/login.jsp") || servletPath.equals("/17/index.jsp") || servletPath.equals("/LoginServlet"))) { // 是則直接轉發到下一組件 chain.doFilter(request, response); } else { // 否,則驗證登錄狀態 if (flag != null) { if (flag.equals("login_success")) { // 登錄成功,直接轉發到下一組件 chain.doFilter(request, response); } else { // 登錄失敗,跳轉到登錄頁,並保證當前網頁的url文件路徑 req.setAttribute("msg", "登錄失敗"); req.setAttribute("return_uri", servletPath); RequestDispatcher rd = req.getRequestDispatcher("/17/login.jsp"); rd.forward(req, res); } } else { // 未登錄,跳轉到登錄頁,並保證當前網頁的url文件路徑 req.setAttribute("msg", "您尚未登錄,請登錄"); req.setAttribute("return_uri", servletPath); RequestDispatcher rd = req.getRequestDispatcher("/17/login.jsp"); rd.forward(req, res); } } } public void destroy() { } }
web.xml:
<servlet>
<servlet-name>loginServlet</servlet-name> <servlet-class>com.stydt.servlet.LoginServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>loginServlet</servlet-name> <url-pattern>/LoginServlet</url-pattern> </servlet-mapping>
<servlet> <servlet-name>logoutServlet</servlet-name> <servlet-class>com.stydt.servlet.LogoutServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>logoutServlet</servlet-name> <url-pattern>/LogoutServlet</url-pattern> </servlet-mapping> <filter> <filter-name>pemissionFilter</filter-name> <filter-class>com.stydt.filter.PemissionFilter</filter-class> </filter> <filter-mapping> <filter-name>pemissionFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>