看看这个登录和注销是不是还有改进的地方-优快云博客

本文介绍了一个基于JSF的Web应用实现登录验证及会话管理的方法，包括使用MD5加密密码、调用主数据产品进行用户验证，并通过自定义过滤器实现未授权访问的拦截。

好久没写 Web 程序了都忘了.临时用的.在网上搜搜写的.回忆一下当年刚上班时候的感觉.

大家看看是不是还有优化的地方,自己感觉不错吼吼~~~

页面是 JSF 的,后台服务是一个主数据产品.

1.登录

	@SuppressWarnings("unchecked")
	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		
		String username = request.getParameter("j_username");
		String password = MD5.MD5Encode( request.getParameter("j_password"));
		
		String page = request.getContextPath() + "/faces/error.jsp"; // 未通过
		// 主数据产品调用后台服务
		LinkedHashMap<String, String> params = new LinkedHashMap<String, String>();
		params.put("uid", username);
		params.put("password", password);
		String requestId = new Long((long) (Long.MAX_VALUE * Math.random())).toString();
		Collection roles = new ArrayList();
		roles.add("LoginClass");
		try {
			DocumentRoot responseDocRoot = TCRMServices.invokeTCRMInquiry(requestId, "LoginClass", "zh", roles, "loginCompositeTxnBP", params);
			String resultCode = responseDocRoot.getTCRMService().getTxResponse().getTxResult().getResultCode();
			// SUCCESS || FATAL
			if (resultCode.equals("SUCCESS")) {
				request.getSession().setAttribute("uid", username);
				page = request.getContextPath() + "/faces/index.jsp"; //成功
			}
		} catch (Exception e) {
//			new CommonModelException("用户名和密码验证失败");  // 知道这样的处理不好,但产品特性,查询为空就抛异常.一时也没想到好的处理办法.
		}
		response.sendRedirect(page);
	}

2. 注销

  protected void doPost(HttpServletRequest request,
            HttpServletResponse response) throws ServletException, IOException {
        String exitPage = request.getParameter("logoutExitPage");
        logger.debug("Logout exit page: " + exitPage);
        if (exitPage == null) {
            exitPage = "login.jsp";
        }
        request.getSession().invalidate();
        response.sendRedirect(exitPage);
    }

3. 过滤器

public class CheckLoginFilter implements Filter {

	public void destroy() {
	}
	public void init(FilterConfig filterConfig) throws ServletException {
	}

	public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
		
		HttpServletRequest request = (HttpServletRequest) servletRequest;
		HttpServletResponse response = (HttpServletResponse) servletResponse;
		String uid = (String) request.getSession().getAttribute("uid");
		
		String request_uri = request.getRequestURI().toLowerCase();// 得到用户请求的URI  
		String ctxPath = request.getContextPath();// 得到web应用程序的上下文路径  
		
		// 登录和错误页面不过滤 
		if (request_uri.substring(ctxPath.length()).equals("/faces/login.jsp")
				|| request_uri.substring(ctxPath.length()).equals("/faces/error.jsp")) {

			filterChain.doFilter(servletRequest, servletResponse);
			return;
		}

		// 另一个系统,要直接嵌入我们的数据页面.封装好的包.登录验证
		if (LoginReclaim.getInstance().login(request)) {
			// 已经通过身份认证服务器认证
			String username = LoginReclaim.getInstance().getUid(request);// 取得登录用户工号
			request.getSession().setAttribute("uid", username);
			filterChain.doFilter(servletRequest, servletResponse);
			return;
		}

		// 用户登录验证
		if (uid == null || "".equals(uid)) {
			// response.sendRedirect(request.getContextPath() +
			// "/faces/error.jsp");
			PrintWriter out = response.getWriter();  
               //感觉这里写的挺有意思的,在网上查的.
	    	out.write("<script>window.top.location.href ='"+ request.getContextPath()+"/faces/error.jsp'</script>"); 
	    	
//			request.getRequestDispatcher("/faces/error.jsp").forward(request, response);
		} else {
			filterChain.doFilter(servletRequest, servletResponse);
		}
	}
}