您可以尝试使用 过滤器 :
过滤器可以在请求到达servlet之前对其进行预处理,对离开servlet的响应进行后处理,或者两者都进行。筛选器可以拦截,检查和修改请求和响应。
注意: 确保在用户登录后添加会话属性,您可以在过滤器上使用该会话属性
在您的 login.jsp上 添加:
session.setAttribute("LOGIN_USER", user); //user entity if you have or user type of your user account... //if not set then LOGIN_USER will be nullweb.xml
<filter> <filter-name>SessionCheckFilter</filter-name> <filter-class>yourjavapackage.SessionCheckFilter</filter-class></filter><filter-mapping> <filter-name>SessionCheckFilter</filter-name> <!--url-pattern>/app/*</url-pattern--> <url-pattern>/main.jsp</url-pattern> <!-- url from where you implement the filtering --></filter-mapping>
SessionCheckFilter.java
public class SessionCheckFilter implements Filter { private String contextPath; @Override public void init(FilterConfig fc) throws ServletException { contextPath = fc.getServletContext().getContextPath(); } @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain fc) throws IOException, ServletException { HttpServletRequest req = (HttpServletRequest) request; HttpServletResponse res = (HttpServletResponse) response; if (req.getSession().getAttribute("LOGIN_USER") == null) { //checks if there's a LOGIN_USER set in session... res.sendRedirect(contextPath + "/login.jsp"); //or page where you want to redirect } else { String userType = (String) req.getSession().getAttribute("LOGIN_USER"); if (!userType.equals("ADMIN")){ //check if user type is not admin res.sendRedirect(contextPath + "/login.jsp"); //or page where you want to } fc.doFilter(request, response); } } @Override public void destroy() { }}
