一:實現思路
(1)將request強轉成HttpServletRequest,這樣才有getRequestURI()方法
(2)獲取資源訪問路徑
(3)判斷uri中是否有登錄選項,要注意排除掉css/js/圖片/驗證碼等資源
(4)如果包含登錄選項,直接放行,如果不包含,則需要驗證用戶是否登錄
(5)從session中獲取user,登錄了就放行,沒有登錄就轉發到登錄頁面
二:代碼實現
<code> @WebFilter("/*") public class LoginFilter implements Filter { public void destroy() { } public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException { //先強轉成HttpServletRequest,這樣才有getRequestURI()方法 HttpServletRequest request = (HttpServletRequest) req; //獲取資源訪問路徑 String uri = request.getRequestURI(); System.out.println(uri); //判斷uri中是否有登錄選項 if(uri.contains("login_v2.jsp")||uri.contains("/login")||uri.contains("/css/")|| uri.contains("/js/")|| uri.contains("/fonts/")||uri.contains("/code")){ //直接放行 chain.doFilter(req, resp); }else { //判斷session中是否有user //有,直接放行 Object user = request.getSession().getAttribute("user"); if(user!=null){ chain.doFilter(req, resp); }else { //沒有,提醒去登錄,並請求轉發到登錄頁面 request.setAttribute("login-msg","您尚未登錄,請登錄"); request.getRequestDispatcher("/login_v2.jsp").forward(request,resp); } } } public void init(FilterConfig config) throws ServletException { } } /<code>
關鍵字: HttpServletRequest user 包含