public class SecurityFilter implements Filter { public void init(FilterConfig filterConfig) throws ServletException { } public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) servletRequest; HttpServletResponse response = (HttpServletResponse) servletResponse; if (!"/Login.jsp".equals(request.getServletPath())) { String username = (String) request.getSession().getAttribute("session_user"); if (null == username) { response.sendRedirect("Login.jsp"); } else { filterChain.doFilter(request, response); } } else { filterChain.doFilter(request, response); } } public void destroy() { } } 大概这样子
public class SecurityHttpFilter extends SecurityInterceptor implements Filter { private FilterConfig filterConfig; public final static String LOGIN_KEY="login"; public final static String ERROR_HTML="/html/error/408.html";
if(null==session.getAttribute("current_user")){
response.sendRedirect("login.jsp");
}
%>或是编一个filter
public void init(FilterConfig filterConfig) throws ServletException {
} public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse; if (!"/Login.jsp".equals(request.getServletPath())) {
String username = (String) request.getSession().getAttribute("session_user");
if (null == username) {
response.sendRedirect("Login.jsp");
} else {
filterChain.doFilter(request, response);
}
} else {
filterChain.doFilter(request, response);
} } public void destroy() {
}
}
大概这样子
private FilterConfig filterConfig;
public final static String LOGIN_KEY="login";
public final static String ERROR_HTML="/html/error/408.html";
public void doFilter(
ServletRequest request, ServletResponse response,
FilterChain filterChain) throws IOException, ServletException { HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
//得到访问网址
String completeStr = getCompletePath(httpRequest);
//不是登录动作
if(!isLoginPath(completeStr,httpRequest)){
//判断用户是否有有效会话
if(!IsUserSessionValid(httpRequest, httpResponse)){
httpResponse.sendRedirect(ERROR_HTML);
return ;
}
}
filterChain.doFilter(request, httpResponse);
}
private boolean isLoginPath(String completeStr,HttpServletRequest httpRequest){
if(completeStr==null ||
completeStr.length()==0 ||
httpRequest.getServletPath().indexOf(LOGIN_KEY)!=-1){
return true;
}
return false;
} private String getCompletePath(HttpServletRequest httpRequest){
final String serverPath = httpRequest.getServletPath();
final String queryStr = httpRequest.getQueryString();
//得到访问网址
String completeStr = null;
if (queryStr != null && queryStr.length() > 0) {
completeStr = serverPath + "?" + queryStr;
} else {
completeStr = serverPath;
}
return completeStr;
}
public static boolean IsUserSessionValid(HttpServletRequest request,
HttpServletResponse response) { HttpSession session = request.getSession();
Object user = session.getAttribute(SESSION_USER_INFO);
if (user != null) {
return true;
}
return false;
}
public void init(FilterConfig arg0) throws ServletException {
this.filterConfig = filterConfig;
} public void destroy() {
}
}
* 安全拦截器
*/
public abstract class SecurityInterceptor {
/**
* 模版方法,拦截包括验证用户身份以及判断用户有权访问某种资源
*/
public boolean interceptor(Principal principal, Credibility credibility,
Resource resource, Operation operation) {
if (authenticate(principal, credibility)
&& decideAccess(principal, resource, operation)) {
return true;
}
return false;
} /**
* 根据用户标识和用户凭证验证合法身份
*/
public abstract boolean authenticate(Principal principal,
Credibility credility); /**
* 判断用户是否有权力访问某资源
*/
public abstract boolean decideAccess(Principal principal,
Resource resource, Operation operation);}
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;public class ValidLoginFilter implements Filter {
private FilterConfig filterconfig = null; public void init(FilterConfig config) throws ServletException {
this.filterconfig = config; }
public void destroy() {
this.filterconfig = null;
} public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest hreq = (HttpServletRequest) request;
String currentURI = hreq.getRequestURL().toString(); // 判断是否是要过滤的资源
if (currentURI != null) {
if (currentURI.indexOf("loginagain.jsp") <= 0) {
if (((currentURI.indexOf("index.jsp") <= 0)
&& (currentURI.indexOf("login.jsp") <= 0)
&& (currentURI.indexOf("logout.jsp") <= 0)
&& (currentURI.indexOf("loginagain.jsp") <= 0) && (currentURI
.indexOf(".jsp") > 0))
|| ((currentURI.indexOf("userlogin.do") <= 0)
&& (currentURI.indexOf("userlogout.do") <= 0) && (currentURI
.indexOf(".do") > 0))) {
// 判断用户是否登录
HttpSession session = hreq.getSession(false);
if ((session != null)
&& (session
.getAttribute(Globals.CONTEXT_USER_LOGIN) != null)) {
if (!((String) session
.getAttribute(Globals.CONTEXT_USER_LOGIN))
.equals("true")) {
session.invalidate();
filterconfig.getServletContext()
.getRequestDispatcher("/loginagain.jsp")
.forward(request, response);
return;
}
} // session 有效结束
else { // session 无效 重新登录
filterconfig.getServletContext().getRequestDispatcher(
"/loginagain.jsp").forward(request, response);
return;
}
}
}
} else {
filterconfig.getServletContext().getRequestDispatcher(
"/loginagain.jsp").forward(request, response);
return;
}
chain.doFilter(request, response);
}
}