我写了个身份验证的过滤器
package ctrl;import java.io.IOException;import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;public class LoginValidationFilter implements Filter { protected FilterConfig filterConfig; public void destroy() {
filterConfig = null; } public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException { HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse resp = (HttpServletResponse) response;
HttpSession session = req.getSession();
String reqURL = req.getServletPath();
// 对于登陆页面login.jsp,注册页面register.jsp不需要过滤
if (!(reqURL.equals("/login.jsp") || reqURL.equals("/register.jsp"))) {
// session储存的正确登陆信息为("login", "true")
if (session.getAttribute("login") == null
|| !session.getAttribute("login").equals("true")) {
resp.sendRedirect("/Hello/login.jsp");
return;
}
}
chain.doFilter(request, response);
} public void init(FilterConfig filterConfig) throws ServletException {
this.filterConfig = filterConfig;
}}web.xml里的内容是这样的
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.4"
xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<servlet>
<description>This is the description of my J2EE component</description>
<display-name>This is the display name of my J2EE component</display-name>
<servlet-name>Login</servlet-name>
<servlet-class>ctrl.LoginCtrl</servlet-class>
</servlet> <servlet-mapping>
<servlet-name>Login</servlet-name>
<url-pattern>/servlet/Login</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>Register</servlet-name>
<servlet-class>ctrl.RegisterCtrl</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Register</servlet-name>
<url-pattern>/servlet/Register</url-pattern>
</servlet-mapping>
<filter>
<filter-name>LoginValidationFilter</filter-name>
<filter-class>ctrl.LoginValidationFilter</filter-class>
</filter> <filter-mapping>
<filter-name>LoginValidationFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>我现在有几个文件 login.jsp register.jsp welcome.jsp
当我直接访问welcome.jsp时过滤器拦截成功,跳转到login.jsp
但是当我从login.jsp页面登陆时,结果也被过滤器拦截了,又跳转回login.jsp
我分析后发现当从login.jsp跳转到servlet时,由于servlet还没来得急给session设置属性("login", "true")就先被过滤器判断没有session("login", "true") 执行了跳转,问题就在这儿,我这个是先进过滤器判断有没有session, 没有就执行跳转,但是登陆之前肯定没有session,登陆时又被过滤器拦截了,怎么解决这个问题,请高人回答!
package ctrl;import java.io.IOException;import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;public class LoginValidationFilter implements Filter { protected FilterConfig filterConfig; public void destroy() {
filterConfig = null; } public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException { HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse resp = (HttpServletResponse) response;
HttpSession session = req.getSession();
String reqURL = req.getServletPath();
// 对于登陆页面login.jsp,注册页面register.jsp不需要过滤
if (!(reqURL.equals("/login.jsp") || reqURL.equals("/register.jsp"))) {
// session储存的正确登陆信息为("login", "true")
if (session.getAttribute("login") == null
|| !session.getAttribute("login").equals("true")) {
resp.sendRedirect("/Hello/login.jsp");
return;
}
}
chain.doFilter(request, response);
} public void init(FilterConfig filterConfig) throws ServletException {
this.filterConfig = filterConfig;
}}web.xml里的内容是这样的
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.4"
xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<servlet>
<description>This is the description of my J2EE component</description>
<display-name>This is the display name of my J2EE component</display-name>
<servlet-name>Login</servlet-name>
<servlet-class>ctrl.LoginCtrl</servlet-class>
</servlet> <servlet-mapping>
<servlet-name>Login</servlet-name>
<url-pattern>/servlet/Login</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>Register</servlet-name>
<servlet-class>ctrl.RegisterCtrl</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Register</servlet-name>
<url-pattern>/servlet/Register</url-pattern>
</servlet-mapping>
<filter>
<filter-name>LoginValidationFilter</filter-name>
<filter-class>ctrl.LoginValidationFilter</filter-class>
</filter> <filter-mapping>
<filter-name>LoginValidationFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>我现在有几个文件 login.jsp register.jsp welcome.jsp
当我直接访问welcome.jsp时过滤器拦截成功,跳转到login.jsp
但是当我从login.jsp页面登陆时,结果也被过滤器拦截了,又跳转回login.jsp
我分析后发现当从login.jsp跳转到servlet时,由于servlet还没来得急给session设置属性("login", "true")就先被过滤器判断没有session("login", "true") 执行了跳转,问题就在这儿,我这个是先进过滤器判断有没有session, 没有就执行跳转,但是登陆之前肯定没有session,登陆时又被过滤器拦截了,怎么解决这个问题,请高人回答!
想要了解为什么需要了解下Tomcat的servlet运行机制
<filter-name>LoginValidationFilter </filter-name>
<url-pattern>/main/*</url-pattern>
</filter-mapping>
把所有东西放到main文件夹里
主目录下放不拦截的东西
<filter-name>LoginValidationFilter </filter-name>
<url-pattern>/* </url-pattern>
</filter-mapping>
/* 不要写*改成一个路径
比如: /MyFilter 就是访问你的MyFilter下的JSP了.