开发案例之登录验证

需求：通过过滤器控制,只有登录过之后可以反复进入welcome.jsp欢迎页,如果没有登录,提示用户进入登录页进行登录操作。

一、准备实体类

User类：

package com.lanson.pojo;import java.io.Serializable;/** * @Author: Lansonli * @Description: MircoMessage:Mark_7001 */public class User implements Serializable {    private String username;    private String password;    @Override    public String toString() {        return "User{" +                "username="" + username + "\"" +                ", password="" + password + "\"" +                "}";    }    public User() {    }    public User(String username, String password) {        this.username = username;        this.password = password;    }    public String getUsername() {        return username;    }    public void setUsername(String username) {        this.username = username;    }    public String getPassword() {        return password;    }    public void setPassword(String password) {        this.password = password;    }}

二、准备一些页面和静态资源

login.jsp：

<%@ page contentType="text/html;charset=UTF-8" language="java" %>      $Title%sSourceCode%lt;/title>  </head>  <body>  <img src="static/img/logo.png">  please login ... ... <br/>  <form action="loginController.do" method="post">    用户名:<input type="text" name="user"> <br/>    密码:<input type="password" name="pwd"><br/>    <input type="submit" value="提交">  </form>  </body></html></code></pre><button class="copy">复制</button><p><strong>welcome.jsp：</strong></p><pre class="prism-token token language-javascript"><code class="line-numbers language-javascript"><%@ page contentType="text/html;charset=UTF-8" language="java" %><html><head>    <title>Title欢迎${user.username}登陆!!!

aaa.jsp：

<%@ page contentType="text/html;charset=UTF-8" language="java" %>    Titlethis is page aaa

三、准备Controller代码

package com.lanson.controller;import com.lanson.pojo.User;import javax.servlet.ServletException;import javax.servlet.annotation.WebServlet;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import java.io.IOException;/** * @Author: Lansonli * @Description: MircoMessage:Mark_7001 */@WebServlet(urlPatterns = "/loginController.do")public class LoginController extends HttpServlet {    @Override    protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {        // 获取用户名和密码        String username = req.getParameter("user");        String password = req.getParameter("pwd");        System.out.println(username);        System.out.println(password);        // 链接数据库校验登录        // 登录成功,将用户信息放入Session域        User user =new User(username,password);        req.getSession().setAttribute("user", user);        // 跳转到欢迎页        resp.sendRedirect("welcome.jsp");    }}

四、准备登录控制过滤器

package com.lanson.filter;import com.lanson.pojo.User;import javax.servlet.*;import javax.servlet.annotation.WebFilter;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import javax.servlet.http.HttpSession;import java.io.IOException;/** * @Author: Lansonli * @Description: MircoMessage:Mark_7001 */@WebFilter(urlPatterns = "/*")// 任何资源都要进行过滤,public class Filter1_LoginFilter  implements Filter {    @Override    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {        HttpServletRequest req=(HttpServletRequest)servletRequest;        HttpServletResponse resp=(HttpServletResponse) servletResponse;        //无论是否登录过,都要放行的资源   登录页  登录校验Controller 和一些静态资源        String requestURI = req.getRequestURI();        System.out.println(requestURI);        if(requestURI.contains("login.jsp")|| requestURI.contains("loginController.do")|| requestURI.contains("/static/")){            // 直接放行            filterChain.doFilter(req,resp);            // 后续代码不再执行            return;        }        // 需要登录之后才能访问的资源,如果没登录,重定向到login.jsp上,提示用户进行登录        HttpSession session = req.getSession();        Object user = session.getAttribute("user");        if(null != user){// 如果登录过 放行            filterChain.doFilter(req,resp);        }else{// 没有登录过,跳转至登录页            resp.sendRedirect("login.jsp");        }    }    @Override    public void init(FilterConfig filterConfig) throws ServletException {    }    @Override    public void destroy() {    }}

X 关闭