1、自动登录FilterSessionCookie综合例子自动登录:Filter,Session,Cookie综合例子初始登录Servlet:java view plain copy 在CODE上查看代码片派生到我的代码片package cn.xbai.servlet; import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.s
2、ervlet.http.HttpServletResponse; public class LoginSubmitServlet extends HttpServlet public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException /response.getWriter().write(你好,小白!); /response.getWriter().write(如果我没有乱码,就是使用了全局过滤器.); /防表单重复提交 /防盗链 /
3、缓存 /. /获取数据 String username=request.getParameter(username); String password=request.getParameter(password); /数据合法性校验(放在业务层) if(!isEmpty(username) & !isEmpty(password) /response.getWriter().write(你好,小白!); else if(isEmpty(username) /如果重定向放到Session里,就是扩大的域,再单独登录会取 /Session中的旧登录数据,这是错误的,而如果在登录UI的Servlet
4、 /先清除Session又无法获取错误信息: request.setAttribute(sorry1, 用户名不能为空!); if(isEmpty(password) request.setAttribute(sorry2, 密码不能为空!); /转发需要注意的就是这个UI页面form要用绝对URL地址,不然会错误,因为前后地址栏不同! request.getRequestDispatcher(/servlet/LoginUIServlet).forward(request, response); return; private boolean isEmpty(String str) if(s
5、tr=null | str.trim().equals() return true; return false; public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException doGet(request, response); 注意错误提示信息不能存放在Session,解释详见里面注释UI页jsp:html view plain copy 在CODE上查看代码片派生到我的代码片 Jsp 公子小白旗舰店 登录名:$requestSc
6、ope.sorry1 密码:$requestScope.sorry2 免费注册 加上过滤器,放行LoginUI和已登录用户:java view plain copy 在CODE上查看代码片派生到我的代码片package cn.xbai.filter; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import ja
7、vax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import cn.xbai.domain.User; public class AutoLoginFilter implements Filter public void destroy() / TODO Auto-generated method stub public voi
8、d doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException / TODO Auto-generated method stub /应该排除掉登录UI的Servlet: /如果不排除,由于没登录,访问登录页时会始终重复跳转登录页,处于永远无法登录状态 HttpServletRequest request=(HttpServletRequest) req; HttpServletResponse response=(HttpServletRe
9、sponse) resp; String uri=request.getRequestURI();/从应用开始的部分地址 System.out.println(uri); if(uri.contains(LoginUIServlet) System.out.println(LoginUI); chain.doFilter(request, response); else/不存在的访问地址留待其他机制去处理!特定部件只管特定事情! User user=(User) request.getSession().getAttribute(user); if(user=null) System.out.
10、println(Not logged in); /检查带过来的Cookie,前提是上次登录设置了该Cookie if(false) else/没登录也没有上次登录时效信息 /jsp友好提示,并三秒重定向到登录UI /response.sendRedirect(request.getContextPath()+/servlet/LoginUIServlet); request.getRequestDispatcher(/WEB-INF/jsp/redirect.jsp).forward(request, response); else /已登录,放行 chain.doFilter(request
11、, response); public void init(FilterConfig filterConfig) throws ServletException / TODO Auto-generated method stub 过滤器跳转jsp:html view plain copy 在CODE上查看代码片派生到我的代码片 Jsp 您还没有登录,亲!(_) 效果:进入登录页,直接点登录,会返回此页,因为跳转到的SubmitServlet同样处于未登录状态;输入不存在的url,显示404?发现问题:登录提交的Servlet也不该经过该过滤器!否则也永远无法登录!修改补全:(同时经过了两个Fi
12、lter,自动登录的Filter中,登录UI和Submit页面均放行,登录成功后访问另一个Servlet测试自动登录Filter的拦截)此时访问不存在的地址会跳转到UI页面(第二个Filter拦截了,待研究调试?)未做:登录时设置登录信息Cookie回写给浏览器web.xml:html view plain copy 在CODE上查看代码片派生到我的代码片 web-app version=2.5 xmlns= xmlns:xsi=http:/www.w3.org/2001/XMLSchema-instance xsi:schemaLocation= FilterDemo cn.xbai.fil
13、ter.FilterDemo FilterDemo /* AutoLoginFilter cn.xbai.filter.AutoLoginFilter AutoLoginFilter /* FilterServlet cn.xbai.servlet.FilterServlet LoginUIServlet cn.xbai.servlet.LoginUIServlet LoginSubmitServlet cn.xbai.servlet.LoginSubmitServlet FilterServlet /servlet/FilterServlet LoginUIServlet /servlet/
14、LoginUIServlet LoginSubmitServlet /servlet/LoginSubmitServlet index.jsp 第一个Filter:防乱码Filterjava view plain copy 在CODE上查看代码片派生到我的代码片package cn.xbai.filter; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servle
15、t.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import cn.xbai.request.FilterRequest; public class FilterDemo implements Filter /为了获取config参数,这里定义一个来接收: private
16、 FilterConfig config; /默认字符集 private String defaultCharset=UTF-8; /这里接收: public void init(FilterConfig filterConfig) throws ServletException / TODO Auto-generated method stub this.config=filterConfig; public void destroy() / TODO Auto-generated method stub /注意它的参数不是Http.类型,第一步需要先转成这种类型! public void
17、doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException System.out.println(Hi,Filter); / TODO Auto-generated method stub /获取要设置的字符集-不写死,写在filter配置中,这里获取 /设置缺省的,防止配置中未设置 String charset=this.config.getInitParameter(charset); if(charset=null) charset=d
18、efaultCharset; /知道服务器传递过来的是Http.这里先转成. HttpServletRequest request=(HttpServletRequest) req; HttpServletResponse response=(HttpServletResponse) resp; request.setCharacterEncoding(charset); /有时候只设置上面一行,因为mvc模式都是转给jsp输出,Servlet不用来输出,jsp页面已经设置了码表,所以不用在这里设置Servlet的response输出! response.setCharacterEncodin
19、g(charset); response.setContentType(text/html;charset=+charset); /关于get乱码问题:将request包装,修改getParameter方法 /然后这里将包装后的request传递过去: chain.doFilter(new FilterRequest(request), response); System.out.println(Hi,Filter Return); 用到的Request包装类:java view plain copy 在CODE上查看代码片派生到我的代码片package cn.xbai.request; im
20、port java.io.IOException; import java.io.UnsupportedEncodingException; import javax.servlet.ServletInputStream; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequestWrapper; /继承Java提供的包装类,不用再复写所有Request该有的方法,只需复写自己需要的 public class FilterRequest extends HttpServle
21、tRequestWrapper /源码跟踪:该类最顶级基类中定义了一个ServletRequest /而不是HttpServletRequest,名为request,是被包装对象, /可以传给它HttpServletRequest进行初始化,但要用到 /HttpServletRequest全部功能需要强转(多态) /* * 并且该ServletRequest是基类私有,无法在子类调用,所以重新定义,并重写构造方法: */ private HttpServletRequest request; public FilterRequest(HttpServletRequest request) /经
22、测:父类也必须初始化,无论是否利用: /除了下面构造函数的原因,经源码跟踪,最重要的:父类根据传入的request获取到它后 /强转成HttpServletRequest,调用其每个方法实现包装类,如果不传,那么 /HttpServletRequest的方法根本就无法实现,那么就不是包装类 /注意这些实现的方法是HttpServletRequest的方法 /getParameter方法重写:HttpServletRequest是接口类型,调用Web容器传递过来的 /实现类对象的该方法实现修改 /* * Implicit super constructor HttpServletRequestWrapper() * is undefined. Must explicitly invoke another constructor */
copyright@ 2008-2022 冰豆网网站版权所有
经营许可证编号:鄂ICP备2022015515号-1