能配置例外
先寫配置文件類
FilterConfig.java
package com.ty.tyzxtj.config; import javax.servlet.Filter; import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import com.ty.tyzxtj.fiter.SessionFilter; /** * 過濾器配置 * @author wangjiping * */ @Configuration public class FilterConfig { /** * 配置過濾器 * @return */ @Bean public FilterRegistrationBean someFilterRegistration() { FilterRegistrationBean registration = new FilterRegistrationBean(); registration.setFilter(sessionFilter()); registration.addUrlPatterns("/*"); registration.addInitParameter("paramName", "paramValue"); registration.setName("sessionFilter"); return registration; } /** * 創建一個bean * @return */ @Bean(name = "sessionFilter") public Filter sessionFilter() { return new SessionFilter(); } }
過濾器類:
對通過過濾器的url請求都查看對應session有沒有值沒有就跳轉到登陸頁面
package com.ty.tyzxtj.fiter; import javax.servlet.*; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Value; import java.io.IOException; import java.util.ArrayList; import java.util.List; import java.util.regex.Matcher; import java.util.regex.Pattern; public class SessionFilter implements Filter { private static final org.slf4j.Logger logger = LoggerFactory.getLogger(SessionFilter.class); @Value("$(serverurl)") private String serverurl; /** * 封裝,不需要過濾的list列表 */ protected static List<Pattern> patterns = new ArrayList<Pattern>(); @Override public void init(FilterConfig filterConfig) throws ServletException { patterns.add(Pattern.compile("login/index.html")); patterns.add(Pattern.compile("login/login")); patterns.add(Pattern.compile("login.do")); patterns.add(Pattern.compile("main/autoFillty_rj_situation.*")); patterns.add(Pattern.compile("main/post.*")); patterns.add(Pattern.compile(".*[(\\.js)||(\\.css)||(\\.png)]")); } @Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException { HttpServletRequest httpRequest = (HttpServletRequest) servletRequest; HttpServletResponse httpResponse = (HttpServletResponse) servletResponse; String url = httpRequest.getRequestURI().substring(httpRequest.getContextPath().length()); if (url.startsWith("/") && url.length() > 1) { url = url.substring(1); } if (isInclude(url)){ chain.doFilter(httpRequest, httpResponse); return; } else { HttpSession session = httpRequest.getSession(); if (session.getAttribute("loginName") != null){ // session存在 chain.doFilter(httpRequest, httpResponse); return; } else { // session不存在 准備跳轉失敗 httpResponse.sendRedirect("login.do?toLogin"); } } } @Override public void destroy() { } /** * 是否需要過濾 * @param url * @return */ private boolean isInclude(String url) { for (Pattern pattern : patterns) { Matcher matcher = pattern.matcher(url); if (matcher.matches()) { return true; } } return false; } }
注意:應用了過濾器,前提是所有請求都從服務器上走一次
例如:如果直接在瀏覽器中輸入鏈接是服務器靜態資源文件可能因為瀏覽器緩存的原因直接訪問瀏覽器的緩存頁面沒有走過濾器從而想要實現的驗證用戶登陸沒有成功