<body>
<center>
用戶登錄<br><br>
<form action="logincheck.jsp" method="post">
姓名<input type="text" name="username"><br><br>
密碼<input type="text" name="password"><br><br>
<input type="submit" value="登錄">
</form>
</center>
</body>
登錄驗證頁logincheck(不連接數據庫,直接指定可以登錄的用戶名和密碼)
<body>
<%
String username = request.getParameter("username");
String password = request.getParameter("password");
if(username.equals("jack") && password.equals("123456")){
session.setAttribute("username",username);
request.getRequestDispatcher("loginsuccess.jsp").forward(request,response);
}else{
request.getRequestDispatcher("loginfailure.jsp").forward(request,response);
}
%>
</body>
登錄成功頁
<body>
<%= session.getAttribute("username")%>,歡迎登陸
</body>
登錄失敗頁
<body>
登錄失敗
</body>
web.xml
<filter>
<filter-name>LoginFilter</filter-name>
<filter-class>filter.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>/loginsuccess.jsp</url-pattern>
</filter-mapping>
攔截器
package filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
public class LoginFilter implements Filter{
public void destroy() {
System.out.println("登錄驗證過濾器已經銷燬");
}
public void doFilter(ServletRequest req, ServletResponse res,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest)req;
HttpSession session = request.getSession();
String username = (String)session.getAttribute("username");
if(username==null || username.equals("")){
request.getRequestDispatcher("loginform.jsp").forward(req, res);
}
}
public void init(FilterConfig filterConfig) throws ServletException {
System.out.println("登錄驗證過濾器初始化完成");
}
}
說明:所有的jsp頁面都直接位於webroot下
實現的功能:其他的頁面可以正常訪問,loginsuccess.jsp只能登錄後才能訪問,也就是說如果直接訪問loginsuccess.jsp,會跳轉到loginform.jsp
web.xml的配置表示只對loginsuccess.jsp進行攔截,"/*"表示對所有的頁面都攔截。
如果將攔截器的doFilter修改,又可以直接訪問loginsuccess.jsp,說明配置文件會排除掉doFilter中指定的不攔截的URL。
public void doFilter(ServletRequest req, ServletResponse res,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest)req;
HttpSession session = request.getSession();
String username = (String)session.getAttribute("username");
if(request.getRequestURI().equals("/rempw/loginsuccess.jsp")){
chain.doFilter(req, res);
}else{
if(username==null || username.equals("")){
request.getRequestDispatcher("loginform.jsp").forward(req, res);
}else{
chain.doFilter(req, res);
}
}
}