在session里找isLogin,如果有且为"true"时,表明验证成功,继续处理;否则,转发到用户登录页面jsp/login.jsp。
问题是,转到jsp/login.jsp时,过滤器又发生作用,验证不成功,又转发到jsp/login.jsp,如类死循环下去。web.xml相关配置如下:
-----------------------------------------------------
<filter>
<description>登录验证</description>
<filter-name>LoginFilter</filter-name>
<filter-class>
com.hotel.servlet.filter.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
LoginFilter类如下:
-----------------------------------------------------
/**
* 验证登录
*/
package com.hotel.servlet.filter;import javax.servlet.FilterChain;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.ServletException;
import javax.servlet.FilterConfig;
import javax.servlet.http.HttpSession;public class LoginFilter implements Filter {
String LOGIN_PAGE = "jsp/login.jsp";
protected FilterConfig filterConfig; // 过滤处理的方法
public void doFilter(final ServletRequest req, final ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletRequest hreq = (HttpServletRequest) req;
HttpServletResponse hres = (HttpServletResponse) res;
HttpSession session = hreq.getSession();
String isLogin = "";
try {
isLogin = (String) session.getAttribute("isLogin");
if ((isLogin != null) && (isLogin.equals("true"))) { // 验证成功,继续处理
// if (isLogin.equals("true")) {// 验证成功,继续处理
System.out.println("在SignonFilter中验证通过");
chain.doFilter(req, res);
}
else { // 验证不成功,让用户登录。
hres.sendRedirect(LOGIN_PAGE);
System.out.println("被SignonFilter拦截一个未认证的请求");
}
}
catch (Exception e) {
e.printStackTrace();
}
}
public void setFilterConfig(final FilterConfig filterConfig) {
this.filterConfig = filterConfig;
}
// 销毁过滤器
public void destroy() {
this.filterConfig = null;
}
/**
* 初始化过滤器,和一般的Servlet一样,它也可以获得初始参数。
*/
public void init(FilterConfig config) throws ServletException {
this.filterConfig = config;
}
}
问题是,转到jsp/login.jsp时,过滤器又发生作用,验证不成功,又转发到jsp/login.jsp,如类死循环下去。web.xml相关配置如下:
-----------------------------------------------------
<filter>
<description>登录验证</description>
<filter-name>LoginFilter</filter-name>
<filter-class>
com.hotel.servlet.filter.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
LoginFilter类如下:
-----------------------------------------------------
/**
* 验证登录
*/
package com.hotel.servlet.filter;import javax.servlet.FilterChain;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.ServletException;
import javax.servlet.FilterConfig;
import javax.servlet.http.HttpSession;public class LoginFilter implements Filter {
String LOGIN_PAGE = "jsp/login.jsp";
protected FilterConfig filterConfig; // 过滤处理的方法
public void doFilter(final ServletRequest req, final ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletRequest hreq = (HttpServletRequest) req;
HttpServletResponse hres = (HttpServletResponse) res;
HttpSession session = hreq.getSession();
String isLogin = "";
try {
isLogin = (String) session.getAttribute("isLogin");
if ((isLogin != null) && (isLogin.equals("true"))) { // 验证成功,继续处理
// if (isLogin.equals("true")) {// 验证成功,继续处理
System.out.println("在SignonFilter中验证通过");
chain.doFilter(req, res);
}
else { // 验证不成功,让用户登录。
hres.sendRedirect(LOGIN_PAGE);
System.out.println("被SignonFilter拦截一个未认证的请求");
}
}
catch (Exception e) {
e.printStackTrace();
}
}
public void setFilterConfig(final FilterConfig filterConfig) {
this.filterConfig = filterConfig;
}
// 销毁过滤器
public void destroy() {
this.filterConfig = null;
}
/**
* 初始化过滤器,和一般的Servlet一样,它也可以获得初始参数。
*/
public void init(FilterConfig config) throws ServletException {
this.filterConfig = config;
}
}
// 验证成功或者是登陆页面
chain.doFilter(req, res);
}
// 验证成功或者是登陆页面
chain.doFilter(req, res);
}
能不能单单让登录页面jsp/login.jsp不验证,其他都验证?
不能从pageContext,config,page中找个属性来判断是否为登录页面?
----------------------------------------------------------------------
另:hres.sendRedirect(jsp/login.jsp);
只能是相对路径么?
hres.sendRedirect(/jsp/login.jsp);
换成绝对路径就不行了
有什么办法可以转换路径?
假如来源是/ajax/image.jsp
hres.sendRedirect(jsp/login.jsp);
转换之后变为/ajax/jsp/login.jsp
这样,就是个错误的路径。
即:
如果是来源是/ajax/image.jsp
我就要hres.sendRedirect(./../jsp/login.jsp);如果是来源是/jsp/image.jsp
我就要hres.sendRedirect(./jsp/login.jsp);如果是来源是a/b/image.jsp
我就要hres.sendRedirect(./../../jsp/login.jsp);
请指教?
String uri = ((HttpServletRequest) request).getRequestURI();if ("true".equals() || uri.endsWith("login.jsp")|| uri.endsWith("login.do")) {
// 验证成功或者是登陆页面
chain.doFilter(req, res);
}
pigo()方法怎么用啊?
在doFilter()方法里判断访问路径
当用户已经登陆或者访问login.jsp或者login.do时,不做任何处理直接转向执行其他过滤器