为了阻止用户未登陆就直接访问URL地址,如http://xxx:8080/xx/xx.jsp
我的登陆的servlet中session.setAttribute("loginname", loginname);这里有值,在每个jsp页面include一个判断用户session的isLogin.jsp,session没有过期,为什么正常登陆在isLogin.jsp中loginname也为null呢?下面是具体代码:servlet:
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException
{
response.setContentType("text/html; charset=gb2312");
RequestDispatcher rd;
String loginname = request.getParameter("loginname");
if(loginname!=null || loginname.length()>0)
{
loginname = new String(loginname.getBytes("ISO8859-1"), "GBK");
}
String password = request.getParameter("pwd");
password=Md5Changer.ConvertJiaMi(password); UserBean user = new UserBean();
user.setUsername(loginname);
user.setPassword(password); HttpSession session = request.getSession(true); Connection conn = null;
String flag = "0";//0 成功 1 失败
try
{
if (checkUser(conn, loginname, password))
{
session.setAttribute("loginname", loginname);
session.setAttribute("password", password);
rd = request.getRequestDispatcher("/default.jsp");
rd.forward(request, response);
flag = "0";
return;
}
else
{
flag = "1";
request.setAttribute("flag", flag); rd = request.getRequestDispatcher("/index.jsp");
rd.forward(request, response); }
}
catch (Exception e)
{
e.printStackTrace();
} }
//********************************isLogin.jsp********************<%@ page contentType="text/html; charset=gb2312"%>
<%@ page import="java.io.PrintWriter"%><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Frameset//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-frameset.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
<link rel="stylesheet" type="text/css" href="images/global.css" />
<meta name="author" content="CoLee" />
<title></title>
</head>
<%
try
{
String loginname =(String)session.getAttribute("loginname");
System.out.println("loginname="+loginname);
if(loginname==null)
{
PrintWriter out1 = response.getWriter();
out1.print("<script>alert('不是该系统用户!请重新登录');</script>");
out1.print("<script>window.location='/index.jsp'; </script>");//?
out1.close();
}
}
catch(Exception e)
{
}
%>
</html>
我的登陆的servlet中session.setAttribute("loginname", loginname);这里有值,在每个jsp页面include一个判断用户session的isLogin.jsp,session没有过期,为什么正常登陆在isLogin.jsp中loginname也为null呢?下面是具体代码:servlet:
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException
{
response.setContentType("text/html; charset=gb2312");
RequestDispatcher rd;
String loginname = request.getParameter("loginname");
if(loginname!=null || loginname.length()>0)
{
loginname = new String(loginname.getBytes("ISO8859-1"), "GBK");
}
String password = request.getParameter("pwd");
password=Md5Changer.ConvertJiaMi(password); UserBean user = new UserBean();
user.setUsername(loginname);
user.setPassword(password); HttpSession session = request.getSession(true); Connection conn = null;
String flag = "0";//0 成功 1 失败
try
{
if (checkUser(conn, loginname, password))
{
session.setAttribute("loginname", loginname);
session.setAttribute("password", password);
rd = request.getRequestDispatcher("/default.jsp");
rd.forward(request, response);
flag = "0";
return;
}
else
{
flag = "1";
request.setAttribute("flag", flag); rd = request.getRequestDispatcher("/index.jsp");
rd.forward(request, response); }
}
catch (Exception e)
{
e.printStackTrace();
} }
//********************************isLogin.jsp********************<%@ page contentType="text/html; charset=gb2312"%>
<%@ page import="java.io.PrintWriter"%><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Frameset//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-frameset.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
<link rel="stylesheet" type="text/css" href="images/global.css" />
<meta name="author" content="CoLee" />
<title></title>
</head>
<%
try
{
String loginname =(String)session.getAttribute("loginname");
System.out.println("loginname="+loginname);
if(loginname==null)
{
PrintWriter out1 = response.getWriter();
out1.print("<script>alert('不是该系统用户!请重新登录');</script>");
out1.print("<script>window.location='/index.jsp'; </script>");//?
out1.close();
}
}
catch(Exception e)
{
}
%>
</html>
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException
{
HttpServletRequest req =(HttpServletRequest)request;
HttpSession session =req.getSession(true);
HttpServletResponse res = (HttpServletResponse) response;
// 从session 里面获取用户名的信息
String user =(String)session.getAttribute("loginname");
String path=req.getContextPath();
path=path+"/index.jsp";
user=req.getParameter("userId");
if(user == null || "".equals(user))
{
PrintWriter out = response.getWriter();
out.print("<script>alert('不是该系统用户!请重新登录');</script>");
out.print("<script>window.location='/index.jsp'; </script>");//?
out.close();
return;
}
else
{
chain.doFilter(request, response);
}
}
你首先要判断下session.getAttribute("loginname") 是否为null
不判断的话,如果他为null
直接跳到catch块了
判断session中的用户id是否存在,跳转login页。