此文主要讲如何用Java的过滤器实现用户未登录重定向,即实现用户身份验证,用户未登录就跳转到登录页面。这在我们做项目的过程中会经常使用到。
首先我们在Java Resources的src目录下新建一个packet,用来存放我们过滤器的SessionFilter.java文件。然后在web.xml进行过滤的配置。
目录详情.png
SessionFilter.java 代码:
package com.ted.myPlant.filter;import java.io.IOException;import java.net.URLEncoder;import java.util.regex.Pattern;import javax.servlet.Filter;import javax.servlet.FilterChain;import javax.servlet.FilterConfig;import javax.servlet.ServletException;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import org.apache.commons.lang3.StringUtils;public class SessionFilter implements Filter { /**
* 要检查的 session 的名称
*/
private String sessionKey; /**
* 需要排除(不拦截)的URL的正则表达式
*/
private Pattern excepUrlPattern; /**
* 检查不通过时,转发的URL
*/
private String redirectUrl; @Override
public void init(FilterConfig cfg) throws ServletException {
sessionKey = cfg.getInitParameter("sessionKey");
String excepUrlRegex = cfg.getInitParameter("excepUrlRegex"); if (!StringUtils.isBlank(excepUrlRegex)) {
excepUrlPattern = Pattern.compile(excepUrlRegex);
}
redirectUrl = cfg.getInitParameter("redirectUrl");
} @Override
public void doFilter(ServletRequest req, ServletResponse res,
FilterChain chain) throws IOException, ServletException { // 如果 sessionKey 为空,则直接放行
if (StringUtils.isBlank(sessionKey)) {
chain.doFilter(req, res); return;
} // * 请求 http://127.0.0.1:8080/webApp/home.jsp?&a=1&b=2 时
// * request.getRequestURL():http://127.0.0.1:8080/webApp/home.jsp
// * request.getContextPath(): /webApp
// * request.getServletPath():/home.jsp
// * request.getRequestURI(): /webApp/home.jsp
// * request.getQueryString():a=1&b=2
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
String servletPath = request.getServletPath();
String type = request.getHeader("X-Requested-With") == null ? ""
: request.getHeader("X-Requested-With"); // 如果请求的路径与forwardUrl相同,或请求的路径是排除的URL时,则直接放行
if (servletPath.equals(redirectUrl)
|| excepUrlPattern.matcher(servletPath).matches()) {
chain.doFilter(req, res); return;
}
Object sessionObj = request.getSession().getAttribute(sessionKey); // 如果Session为空,则跳转到指定页面
if (sessionObj == null) {
String contextPath = request.getContextPath();
String redirect = servletPath + "?"
+ StringUtils.defaultString(request.getQueryString());
String jumpUrl = contextPath
+ StringUtils.defaultIfEmpty(redirectUrl, "/")
+ "?redirect=" + URLEncoder.encode(redirect, "UTF-8"); if ("XMLHttpRequest".equals(type)) {
response.setHeader("SESSIONSTATUS", "TIMEOUT");
response.setHeader( "CONTEXTPATH",
contextPath
+ StringUtils.defaultIfEmpty(redirectUrl, "/"));
response.setStatus(HttpServletResponse.SC_FORBIDDEN); return;
} else {
response.sendRedirect(jumpUrl);
}
} else {
chain.doFilter(req, res);
}
} @Override
public void destroy() {
}
}web.xml 配置加上过滤这段:
<filter> <filter-name>SessionFilter</filter-name> <filter-class>com.ted.myPlant.filter.SessionFilter</filter-class> <init-param> <description>将当前登录的用户的信息保存在 session 中时使用的key,如果没有配置此参数,则该过滤器不起作用</description> <param-name>sessionKey</param-name> <param-value>user</param-value> </init-param> <init-param> <description>未登录重定向地址</description> <param-name>redirectUrl</param-name> <param-value>/page/login.html</param-value> </init-param> <init-param> <description>不需要进行拦截的 </description> <param-name>excepUrlRegex</param-name> <param-value>^.*(login|assert|favicon|js|img|css).*$</param-value> </init-param> </filter> <filter-mapping> <filter-name>SessionFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <session-config> <session-timeout>10</session-timeout> </session-config>
配置完之后就已经实现了未登录的重定向,效果图如下:
先输入首页的地址:
访问首页.png
按下回车,进行访问,用户验证未登录,过滤器重新定向到了登录页面:
作者:白昼黯淡了星光
链接:https://www.jianshu.com/p/b5e44b9dd03c
随时随地看视频
