含有过滤器的session小应用
带有过滤器的session小应用
一个JSP登录页面
一个验证是否登录成功的Servlet类
重点中的重点:
一个基本用户和管理者可以操作的Query类
一个只有管理者可以操作的Update类
一个显示不同用户下不同页面效果的JSP
省略web.xml里面的配置
一个JSP登录页面
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%> <%@ page import="com.mison.User"%> <html> <head> <title>My JSP 'sessionLogin.jsp' starting page</title> </head> <body> <% String username=request.getParameter("username"); String authority=request.getParameter("authority"); %> <form action="MyLoginCheck"> username1:<input type="text" name="username" value="<%= null==username?"":username%>"><br> password:<input type="password" name="password" value=""><br> authority: <select name="authority"> <option value="boss" <%= "boss"==authority?"":"selected='selected'" %>>boss</option> <option value="user" <%= "user"==authority?"":"selected='selected'" %>>user</option> </select><br> <input type="submit" value="submit"> </form> </body> </html>
一个验证是否登录成功的Servlet类
package com.mison; import java.io.IOException; import java.io.PrintWriter; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; public class MyLoginCheck extends HttpServlet { public void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { User user=new User(); HttpSession session =req.getSession(); String username=req.getParameter("username"); String password=req.getParameter("password"); String authority=req.getParameter("authority"); if("boss".equals(authority)){ if("chenjing".equals(username)&&"chenjing".equals(password)){ user.setName(username); user.setPassword(password); user.setAuthority(authority); session.setAttribute("user", user); req.getRequestDispatcher("index.jsp").forward(req, resp); } else{ resp.sendRedirect("sessionLogin.jsp?username="+username+"&authority="+authority); // user.setName(username); // // user.setAuthority(authority); // // session.setAttribute("user", user); // // RequestDispatcher dp=req.getRequestDispatcher("sessionLogin.jsp"); // // dp.forward(req, resp); } } else if("user".equals(authority)){ if("chenfeng".equals(username)&&"chenfeng".equals(password)){ user.setName(username); user.setPassword(password); user.setAuthority(authority); session.setAttribute("user", user); req.getRequestDispatcher("sessionout.jsp").forward(req, resp); } else{ resp.sendRedirect("FilterTest.jsp?username="+username+"&authority="+authority); // user.setName(username); // // user.setAuthority(authority); // // session.setAttribute("user", user); // // RequestDispatcher dp=req.getRequestDispatcher("sessionLogin.jsp"); // // dp.forward(req, resp); } } else{ resp.sendRedirect("FilterTest.jsp?username="+username+"&authority="+authority); } } }
重点中的重点:
package com.mison1; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; public class MyFilter implements Filter{ public void destroy() { } public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException { HttpServletRequest request=(HttpServletRequest)req; String requestURL=request.getRequestURI(); if(requestURL.endsWith("FilterTest.jsp")||requestURL.endsWith("MyLoginCheck")){ chain.doFilter(req, resp); return; } HttpSession session=request.getSession(); if(null==session.getAttribute("user")){ ((HttpServletResponse)resp).sendRedirect("FilterTest.jsp"); return; } else{ chain.doFilter(req, resp); } } public void init(FilterConfig arg0) throws ServletException { System.out.println("Filter start"); } }
一个基本用户和管理者可以操作的Query类
package com.mison; import java.io.IOException; import java.io.PrintWriter; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class MyQueryServlet extends HttpServlet { /** * The doGet method of the servlet. <br> * * This method is called when a form has its tag value method equals to get. * * @param request the request send by the client to the server * @param response the response send by the server to the client * @throws ServletException if an error occurred * @throws IOException if an error occurred */ public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { System.out.println("MyQueryServlet"); } }
一个只有管理者可以操作的Update类
package com.mison; import java.io.IOException; import java.io.PrintWriter; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class MyUpdateServlet extends HttpServlet { /** * The doGet method of the servlet. <br> * * This method is called when a form has its tag value method equals to get. * * @param request the request send by the client to the server * @param response the response send by the server to the client * @throws ServletException if an error occurred * @throws IOException if an error occurred */ public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { System.out.println("MyUpdateServlet"); } }
一个显示不同用户下不同页面效果的JSP
<%@ page language="java" import="com.mison.User" pageEncoding="UTF-8"%> <html> <head> <title>My JSP 'index.jsp' starting page</title> </head> <body> <a href="MyQueryServlet">query</a> <%if(((User)session.getAttribute("user")).getAuthority().equals("boss")){%> <a href="MyUpdateServlet">update</a> <% }%> </body> </html>
省略web.xml里面的配置