科学是实事求是的学问,来不得半点虚假。
在java Web系统的开发中我们常常要使用登录身份的验证工作,比如登录一个会员模块后保存session会话到服务端,以后每次请求时都对该会话进行验证,以保证此次访问时有效登录后发生的请求,从而给与响应和反馈。一般情况下我们可以使用这种方式进行身份验证。这里我们谈另一种实现方式:
过滤器实现方式:
@WebFilter(description="过滤会员登录jsp,act请求并检验登录session",
urlPatterns="/members/*",
initParams = {
@WebInitParam(name="rule0",value="jsp"),
@WebInitParam(name="rule1", value="act")
})
public class LoginCheckWebFilter implements Filter {
protected String rule0=null;
protected String rule1=null;
@Override
public void init(FilterConfig arg0) throws ServletException {//读取规则初始化
rule0="."+arg0.getInitParameter("rule0").toLowerCase();
rule1="."+arg0.getInitParameter("rule1").toLowerCase();
}
public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) arg0;
HttpServletResponse response = (HttpServletResponse) arg1;
HttpSession session = request.getSession();
request.setCharacterEncoding("utf-8");
response.setCharacterEncoding("utf-8");
String urlFileString=request.getRequestURI();
String extName=urlFileString.toLowerCase();
if(checkIfFilt(extName))//符合拦截规则
{
Log.i("符合拦截规则="+extName);
if (session.getAttribute("LOGIN_SESSION") == null && !extName.endsWith("login.jsp")) {
response.sendRedirect("/members/");
return;
}
else {
Log.d("处理请求转到对应servlet="+request.getQueryString());
filterChain.doFilter(arg0, arg1);
}
}
else //不符合拦截规则,则放行
{
//Log.d("不符合拦截规则="+extName);
filterChain.doFilter(arg0, arg1);
}
}
/**判断是否符合拦截规则 */
private boolean checkIfFilt(String extName) {
if(!extName.equals("")&&(extName.endsWith(rule0)||extName.endsWith(rule1)))
return true;
return false;
}
@Override
public void destroy() {
}
}
注:这里使用Servlet3.0的注入式解释配置方式配置,servlet3.0以前版本请在web.xml文件中配置。
