現在JSP使用越來越廣泛了,尤其是很多政府的網站都採用了JSP技術,其功能強大且安全。
初學者很多有這麼個問題,就是,網站的一個權限設置,比如登錄用戶可以查看哪些頁面,而遊客又有權限可以看哪些內容呢?
JSP是強大的,但其代碼還是相對繁瑣的,其實用一個過濾器(filter)就可以實現這個功能了。
以下爲UserFilte的代碼:
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import User;
import UserDAO;
import SessionUtils;
public class UserFilter implements Filter
{
String nofilter;
String nofilterFiles[];
String sendRedirect;
public void destroy()
{
}
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException
{
HttpServletRequest request=(HttpServletRequest)req;
HttpServletResponse response=(HttpServletResponse)res;
String path=request.getServletPath();
//System.out.println(path);
if(isInArray(path,nofilterFiles))
{
chain.doFilter(request, response);
}
else
{
if(checkUser(request, response))
{
chain.doFilter(request, response);
}
else
{
response.sendRedirect(sendRedirect);
return ;
}
}
}
private boolean isInArray(String path,String nofilterFiles[])
{
for (int i = 0; i < nofilterFiles.length; i++) {
String nofilterFile=nofilterFiles;
if(nofilterFile.equals(path))
{
return true;
}
}
return false;
}
private boolean checkUser(HttpServletRequest request, HttpServletResponse response) throws IOException {
checkCookieAddSession(request, response);
HttpSession session=request.getSession(false);//如果不存在返回空
if(session==null)
{
return false;
}
Object obj=session.getAttribute(SessionUtils.USER_NAME);
if(obj==null)
{
return false;
}
return true;
}
public boolean checkCookieAddSession(HttpServletRequest request, HttpServletResponse response)
{
Cookie []cookies=request.getCookies();
if(cookies==null || cookies.length==0)
{
return false;
}
String userName=getCookieValue(cookies, "user");
String password=getCookieValue(cookies, "password");
//System.out.println("userName="+userName + " password="+password );
if(userName==null || password==null)
{
return false;
}
if(!UserDAO.checkUser(userName, password))
{
return false;
}
User u=UserDAO.getUserByName(userName);
HttpSession session=request.getSession();//如果不存在就創建
session.setAttribute(SessionUtils.USER_NAME, u);
return true;
}
public void init(FilterConfig config) throws ServletException
{
nofilter=config.getInitParameter("nofilter");
nofilterFiles=nofilter.split(",");
sendRedirect=config.getInitParameter("sendRedirect");
//System.out.println(Arrays.asList(nofilterFiles));
}
/**
* @param cookies 所有cookie
* @param name cookie的名稱
* @return cookie的值 如果cookie不存在返回null
*/
public String getCookieValue(Cookie cookies[],String name)
{
for (int i = 0; i < cookies.length; i++)
{
Cookie cookie=cookies;
if(cookie.getName().equals(name))
{
return cookie.getValue();
}
}
return null;
}
}
這裏還需要幾個其他的類,一個是User類,一個是UserDAO,是User類操作數據庫交的一個類,還有一個是操作session的,我給出這個工具類的代碼,另外2個我想都會有吧?
以下爲SessionUtils類的具體代碼:
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import User;
import UserDAO;
public class SessionUtils
{
final public static String USER_NAME="com.niit.user";
static public User getUser(HttpServletRequest request)
{
Object obj=request.getSession().getAttribute(USER_NAME);
User user=(User)obj;
return user;
}
/**
* 添加一個Session到request中
* @param request
* @param name
*/
static public void addSession(HttpServletRequest request,String name)
{
HttpSession session=request.getSession();//如果不存在就創建
User u=UserDAO.getUserByName(name);
session.setAttribute(USER_NAME, u);
}
/**
* 讓session失效
* @param request
*/
static public void removeSession(HttpServletRequest request)
{
HttpSession session = request.getSession();
session.removeAttribute(USER_NAME);
session.invalidate();
}
/**
* 增加cookie
* @param response
* @param user
*/
static public void addCookies(HttpServletResponse response,User user)
{
Cookie userCookie=new Cookie("user", user.getUserName());
Cookie passwordCookie=new Cookie("password", user.getPassword());
userCookie.setMaxAge(60*60*24*365*2);
passwordCookie.setMaxAge(60*60*24*365*2);
response.addCookie(userCookie);
response.addCookie(passwordCookie);
}
/**
* 刪除cookie
* @param response
*/
static public void removeCookies(HttpServletResponse response)
{
Cookie userCookie=new Cookie("user", "");
Cookie passwordCookie=new Cookie("password", "");
userCookie.setMaxAge(0);
passwordCookie.setMaxAge(0);
response.addCookie(userCookie);
response.addCookie(passwordCookie);
}
}
下面就是配置web.xml文件了,相應配置如下:
<filter>
<filter-name>UserFilter</filter-name>
<filter-class>com.filter.UserFilter</filter-class>
<init-param>
<param-name>nofilter</param-name>
<param-value>/login.jsp,/loginBack.jsp,/error.jsp,/reg.jsp,/regBack.jsp,/logout.jsp,/index.jsp</param-value>
//這裏設置的是未登錄用戶也可以瀏覽的頁面,一般設置你的註冊、登錄、錯誤頁還有主頁等就可以
</init-param>
<init-param>
<param-name>sendRedirect</param-name>
<param-value>login.jsp</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>UserFilter</filter-name>
<url-pattern>*.jsp</url-pattern>
//這裏是映射,你要對什麼後綴的文件過濾?可以改爲*.do等。
</filter-mapping>
把這段代碼複製到
<web-app></web-app>
之間就可以了。當然這不是很好的寫法,一般工具類最好是不依靠用戶自己寫的類,這裏只是淺點一下,不到之處請大家批評指正。
JSP中filter過濾器驗證用戶登錄
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.