用户登陆之后才能进入主页!用户注销后就不能进入主页了
- 用户登陆之后,向Session中放入用户的数据进入主页的时候要判断用户是否已经登陆;要求:在过滤器中实现
这个小项目,用到的JSP页面有:登陆界面,首页,异常界面,登陆成功
登陆成功界面我是放在web下面的sys文件夹中
用到的Servlet有:LoginServlet、LogoutServlet
LoginServlet.javapackage com.godairo.servlet; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; public class LoginServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { //获取前端请求的参数 String username = req.getParameter("username"); if (username.equals("admin")){ //登陆成功 req.getSession().setAttribute("USER_SESSION",req.getSession().getId()); resp.sendRedirect("/sys/success.jsp"); }else {//登陆失败 resp.sendRedirect("/error.jsp"); } } @Override protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { doGet(req, resp); } }LogoutServlet.java
package com.godairo.servlet; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; public class LogoutServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { Object user_session = request.getSession().getAttribute("USER_SESSION"); if (user_session!=null){ request.getSession().removeAttribute("USER_SESSION"); response.sendRedirect("/Login.jsp"); }else{ response.sendRedirect("/Login.jsp"); } } @Override protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { doGet(req, resp); } }Login.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %>index.jspTitle 登陆
<%@ page contentType="text/html;charset=UTF-8" language="java" %>error.jsp$Title$ 当前有<%=this.getServletConfig().getServletContext().getAttribute("OnlineCount")%>人在线
<%@ page contentType="text/html;charset=UTF-8" language="java" %>success.jspTitle 错误页面! 没有权限,用户名错误返回登陆页面
<%@ page contentType="text/html;charset=UTF-8" language="java" %>web.xmlTitle 主页注销
首次运行测试LoginServlet com.godairo.servlet.LoginServlet LoginServlet /servlet/login LogoutServlet com.godairo.servlet.LogoutServlet LogoutServlet /servlet/logout
到这里,进行的很成功,但是存在一个问题,我们注销后,返回到登陆界面,我们把登陆成功的路径复制到地址栏去运行,还是会进入登陆成功界面,这就说明,还没进行登陆就可以直接进入到登陆成功界面,这下我们需要进行拦截。
SysFilter.javapackage com.godairo.filter; import com.godairo.util.Constant; import javax.servlet.*; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; public class SysFilter implements Filter { public void init(FilterConfig filterConfig) throws ServletException { } public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest request1 = (HttpServletRequest) request; HttpServletResponse response1 = (HttpServletResponse) response; if (request1.getSession().getAttribute(Constant.USER_SESSION)==null){ response1.sendRedirect("/error.jsp"); } chain.doFilter(request,response); } public void destroy() { } }
这里有个点我们需要注意一下,在getSession的时候,也就是拿到用户信息的时候,其实可以
request1.getSession().getAttribute("USER_SESSION")
但是规范化的话,一搬这么多Session,都会存储在类里,也就是常量里,如果公司需要名字的话,这里就不用一个个去改了,而是在常量类里去改一下就好了
欢迎分享,转载请注明来源:内存溢出
评论列表(0条)