本文介绍了一种使用过滤器验证登录状态的方法,通过设置session标记登录状态,并在访问受保护资源时进行检查,未登录用户将被重定向到登录页面。
做的毕设题目,需要用到验证登陆状态,没有登陆的不能访问后台的页面,自动跳转到登陆页面。
参考了 http://blog.youkuaiyun.com/fly_fish456/article/details/8096305 这位兄台的博客之后,自己写了个过滤器:
1.首先是在登陆的Action中设置一个session来标志是否已经登陆:
HttpSession session = ServletActionContext.getRequest().getSession();
session.setAttribute("account", account);2.在项目新建一个LoginFilter类作为过滤器:
package dorm.sys.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.struts2.ServletActionContext;
public class LoginFilter extends HttpServlet implements Filter {
public void destroy() {
}
public void doFilter(ServletRequest sRequest, ServletResponse sResponse,
FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) sRequest;
HttpServletResponse response = (HttpServletResponse) sResponse;
HttpSession session = request.getSession();
String url = request.getServletPath();
String contextPath = request.getContextPath();
if (url.equals("")) {
url += "/";
}
// 未登录时,若访问后台资源,将过滤到login页面
if ((url.startsWith("/") && !url.startsWith("/login"))) {
String user = (String) session.getAttribute("account");
if (user == null) {
response.sendRedirect(contextPath + "/login.html");
return;
} else {
// 登陆之后,验证session是否过期,session过期,转至登陆页面
if (!ServletActionContext.getRequest()
.isRequestedSessionIdValid()) {
response.sendRedirect(contextPath + "/login.html");
return;
}
}
}
filterChain.doFilter(sRequest, sResponse);
}
public void init(FilterConfig arg0) throws ServletException {
}
}3.web.xml配置
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0">
<display-name>Dorm_mgm_sys</display-name>
<welcome-file-list>
<welcome-file>login.html</welcome-file>
<welcome-file>index.html</welcome-file>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<filter>
<filter-name>struts2</filter-name>
<filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:applicationContext.xml</param-value>
</context-param>
<filter>
<filter-name>loginFilter</filter-name>
<filter-class>dorm.sys.filter.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>loginFilter</filter-name>
<url-pattern>/jsp/*</url-pattern>
</filter-mapping>
<session-config>
<session-timeout>30</session-timeout>
</session-config>
</web-app>其中:
<session-config>
<session-timeout>30</session-timeout>
</session-config>
设置Session 30分钟过期,也就是30分钟没有操作将要跳转到登陆页面重新登陆
这样就可以了,除了login页面外全部都会被过滤器检测。
注:
浏览器关闭后session将被销毁,用户需重新登陆。
退出操作则将session中的username值设置为null即可。
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
