当用户没有登录, 或没有权限时, 都可以使用filter进行拦截, 下载演示如何进行登录拦截, 若用户没有登录, 则重定向至登录页面
判断 session 有没有一个 user 的值( 在登录时就把此值存入session), 如果没有这个值, 说明没登录, 那么跳转到登录界面
登录页面是jsp
对于登录页面是 jsp 的, 可以参考如下代码
@WebFilter("/*")
public class LiginFilter implements Filter{
public void doFilter(req,resp,chain){
HttpServletRequest request = (HttpServletRequest)req; //转换为httpRequest
String uri = request.getRequestURI(); //获取请求路径
if(uri.contains("/login.jsp") || uri.contains("/loginServlet")){ //以及登录相关的静态资源
chain.doFilter(req,resp); //放行
}else{
//从session中取一个 user 的值,判断是否为空,不为空则已登录
Object user = request.getSession().getAttribute("user");
if(user!=null){
chain.doFilter(req,resp);
}else{
//没有登录
request.setAttribute("login_msg","您尚未登录,请登录!");
request.getRequestDispatcher("/login.jsp").forward(request,resp);
}
}
}
}
登录页面是html
对于登录页面是 html的情况, 可以使用一个定时3秒自动返回的样式, 参考如下
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@WebFilter("/admin/*")
public class AdminFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
//禁止未登录的admin
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
if (request.getSession().getAttribute("admin")==null){
response.setCharacterEncoding("utf-8");
String s = "<!DOCTYPE html><html><head><meta charset='UTF-8'><title>未登录</title>";
s+="<script>function countDown(){var time=document.getElementById('Time');";
s+="if(time.innerHTML==0){window.location.href='"+request.getContextPath()+"/index.html'}";
s+="else{time.innerHTML=time.innerHTML-1}}window.setInterval('countDown()',1000);</script>";
s+="<style>p{font-size:50px;text-align:center}#Time{font-size:100px;text-align:center}</style></head>";
s+="<body><p>admin,您还未登录!</p><p>即将在3秒后自动跳转登录界面,点击<a href='"+request.getContextPath()+"/index.html'>";
s+="立刻跳转</a></p><p id='Time'>3</p></body></html>";
response.getWriter().println(s);
}else{
filterChain.doFilter(request,response);
}
}
@Override
public void destroy() {
}
}