当非用户访问页面时,需要过滤器判断是否是合法用户:
- 解决方法:新建SessionFilter,用来判断session中是否保存了currentUser
- 如果没有currentUser,表明当前不是一个登录合法的用户,应该跳转到登录页面让其登录
【SessionFilter.java】
package com.javaweb.myssm.filters;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
@WebFilter(urlPatterns = {"*.do","*.html"})
public class sessionFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
HttpSession session = request.getSession();
Object currUserObj = session.getAttribute("currentUser");
if (currUserObj == null) {
response.sendRedirect("page.do?operation=page&page=login");
} else {
filterChain.doFilter(request,response);
}
}
@Override
public void destroy() {
}
}
添加过滤器后出现的问题:
最终的解决方案,是将合法用户的正常请求设为白名单
【SessionFilter.java】
package com.javaweb.myssm.filters;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.annotation.WebInitParam;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
@WebFilter(urlPatterns = {"*.do","*.html"},
initParams = {
@WebInitParam(name = "white",
value = "/07book/page.do?operation=page&page=user/login,/07book/user.do?null")
})
public class sessionFilter implements Filter {
List whiteList = new ArrayList<>();
@Override
public void init(FilterConfig config) throws ServletException {
String white = config.getInitParameter("white");
String[] whiteArr = white.split(",");
whiteList = Arrays.asList(whiteArr);
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
System.out.println("request.getRequestURI():" + request.getRequestURI());
System.out.println("request.getQueryString():" + request.getQueryString());
String uri = request.getRequestURI();
String queryString = request.getQueryString();
String str = uri + "?" + queryString;
if (whiteList.contains(str)) {
filterChain.doFilter(request,response);
} else {
HttpSession session = request.getSession();
Object currUserObj = session.getAttribute("currentUser");
if (currUserObj == null) {
response.sendRedirect("page.do?operation=page&page=user/login");
} else {
filterChain.doFilter(request,response);
}
}
}
@Override
public void destroy() {
}
}
