过滤器实现登录验证及拒绝直接输url访问网页

标签：des   style   class   java   http   tar   

package com.filter;
import java.io.ioexception;
import javax.servlet.filter;
import javax.servlet.filterchain;
import javax.servlet.filterconfig;
import javax.servlet.servletexception;
import javax.servlet.servletrequest;
import javax.servlet.servletresponse;
import javax.servlet.http.httpservletrequest;
import javax.servlet.http.httpservletresponse;
import javax.servlet.http.httpsession;
public class authfilter implements filter {
    public static final string login_page = "/login.jsp";
    public static final string logout_page = "/administrator/public/logout.jsp";
    public static final string[] except_page = {"logincheck.jsp"};
    public void destroy() {
    }
    public void dofilter(servletrequest servletrequest, servletresponse servletresponse,
            filterchain filterchain) throws ioexception, servletexception {
        httpservletrequest request = (httpservletrequest) servletrequest;
        /**
         * 如果处理http请求，并且需要访问诸如getheader或getcookies等在servletrequest中
         * 无法得到的方法，就要把此request对象构造成httpservletrequest
         */
        httpservletresponse response = (httpservletresponse) servletresponse;
        string currenturl = request.getrequesturi(); // 取得根目录所对应的绝对路径:
        httpsession session = request.getsession(false);
        
        boolean bool = false;
        for (int i = 0; i             if (currenturl.indexof(except_page[i])>=0){
                bool = true;
                break;
            }
        }
        if (currenturl.indexof(login_page) == -1 && currenturl.indexof(logout_page) == -1 && currenturl.indexof(".jsp") > -1 && !bool) {
            // 判断当前页是否是重定向以后的登录页面，如果是就不做session的判断，防止出现死循环
            string ref = request.getheader("referer");  //是否是从地址栏直接输入的地址吗？
            if (session == null || session.getattribute("username") == null || session.getattribute("username").equals("") || (ref==null) || (ref.equals(""))) {
                response.sendredirect(request.getcontextpath()
                        + logout_page);
                return;
            }
        }
        // 加入filter链继续向下执行
        filterchain.dofilter(request, response);
    }
    public void init(filterconfig arg0) throws servletexception {
    }
}

-------------------------------------------------------------------------------------------------------

web.xml中设置如下:

   
   
        authfilter
        com.filter.authfilter
   
   
        authfilter
        /administrator/*
   
   

过滤器实现登录验证及拒绝直接输url访问网页,搜素材,soscw.com

过滤器实现登录验证及拒绝直接输url访问网页

标签：des   style   class   java   http   tar   

原文地址：http://blog.csdn.net/zhangguoliang521/article/details/32082093