在java Web系统的开发中我们常常要使用登录身份的验证工作,比如登录一个会员模块后保存session会话到服务端,以后每次请求时都对该会话进行验证,以保证此次访问时有效登录后发生的请求,从而给与响应和反馈。一般情况下我们可以使用这种方式进行身份验证。这里我们谈另一种实现方式:
过滤器实现方式:
@WebFilter(description="过滤会员登录jsp,act请求并检验登录session", urlPatterns="/members/*", initParams = { @WebInitParam(name="rule0",value="jsp"), @WebInitParam(name="rule1", value="act") }) public class LoginCheckWebFilter implements Filter { protected String rule0=null; protected String rule1=null; @Override public void init(FilterConfig arg0) throws ServletException {//读取规则初始化 rule0="."+arg0.getInitParameter("rule0").toLowerCase(); rule1="."+arg0.getInitParameter("rule1").toLowerCase(); } public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain filterChain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) arg0; HttpServletResponse response = (HttpServletResponse) arg1; HttpSession session = request.getSession(); request.setCharacterEncoding("utf-8"); response.setCharacterEncoding("utf-8"); String urlFileString=request.getRequestURI(); String extName=urlFileString.toLowerCase(); if(checkIfFilt(extName))//符合拦截规则 { Log.i("符合拦截规则="+extName); if (session.getAttribute("LOGIN_SESSION") == null && !extName.endsWith("login.jsp")) { response.sendRedirect("/members/"); return; } else { Log.d("处理请求转到对应servlet="+request.getQueryString()); filterChain.doFilter(arg0, arg1); } } else //不符合拦截规则,则放行 { //Log.d("不符合拦截规则="+extName); filterChain.doFilter(arg0, arg1); } } /**判断是否符合拦截规则 */ private boolean checkIfFilt(String extName) { if(!extName.equals("")&&(extName.endsWith(rule0)||extName.endsWith(rule1))) return true; return false; } @Override public void destroy() { } }
注:这里使用Servlet3.0的注入式解释配置方式配置,servlet3.0以前版本请在web.xml文件中配置。