实现思路是编写过滤器,如果用户登录之后session中会存一个user。如果未登录就为null,就可以通过过滤器将用户重定向到登陆页面,让用户进行登陆,当然过滤器得判断用户访问的如果是登陆请求需要放行,如果不是就需要进行拦截并进行验证。登陆成功再session存存入user,这样过滤器每次都会通过。
1.首先编写验证登陆的过滤器
package danger.filter; import java.io.IOException; import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession; import danger.bean.sys.User; /**
* Servlet Filter implementation class LoginFilter
*/
public class LoginFilter implements Filter { /**
* Default constructor.
*/
public LoginFilter() {
// TODO Auto-generated constructor stub
} /**
* @see Filter#destroy()
*/
public void destroy() {
// TODO Auto-generated method stub
} /**
* @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
*/
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
String path = req.getRequestURI();
System.out.println("reqURL----------" + path);
// 如果包含login.jsp证明是登陆就放行
if (path.contains("login") || path.contains("/js/") || path.contains("/image/") || path.contains("/css/")
|| path.contains("message.jsp")|| path.contains("404.jsp")|| path.contains("/images/")) {
chain.doFilter(request, response); // 放行
return;
}
HttpServletResponse res = (HttpServletResponse) response;
HttpSession session = req.getSession();
User user = (User) session.getAttribute("user");
// 如果session中存在user证明用户登录,可以放行。否则认为未登陆重定向到login.jsp
if (user == null) {
res.sendRedirect(req.getContextPath() + "/login/login.jsp");
} else {
System.out.println("user----------"+user);
chain.doFilter(request, response);
} } /**
* @see Filter#init(FilterConfig)
*/
public void init(FilterConfig fConfig) throws ServletException {
// TODO Auto-generated method stub
} }
if (path.contains("login") || path.contains("/js/") || path.contains("/image/") || path.contains("/css/") || path.contains("message.jsp")|| path.contains("404.jsp")|| path.contains("/images/")) { chain.doFilter(request, response); // 放行 return; } 相当于是对登陆请求以及一些静态资源放行。(可以将一些静态资源放到统一的文件夹下面)
2.web.xml进行配置
<filter>
<filter-name>loginFilter</filter-name>
<filter-class>danger.filter.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>loginFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
3.进行测试:
项目名字为danger。再浏览器访问:http://localhost/danger/
控制台打印:
reqURL----------/danger/login/login.jsp
reqURL----------/danger/js/jquery-1.11.js
reqURL----------/danger/controls/login/js/gVerify.js
reqURL----------/danger/controls/login/css/login2.css
reqURL----------/danger/controls/login/js/login.js
reqURL----------/danger/image/logo.png
reqURL----------/danger/controls/login/images/1.jpg
页面被送到登陆界面。
aaarticlea/png;base64,iVBORw0KGgoAAAANSUhEUgAAAQ8AAABYCAIAAABkseWSAAAJiUlEQVR4nO2czVLbSBSF/UY8Ee/C1ivWbFw1lQwDKcq4aiYJxjY4/JmfBAwI1wSMTTILxybZQFVCTArPQlhqte6R1UaKLXNOncW4kW63rPupb7eVSX2nqIh0d3d3d3f38+fPbrd7f3//69ev7mQpNepvmKISI9JCUWFFWigqrEgLRYUVaaGosCItFBVWpIWiwiq1tv2epukwTv2iKCqcUj2KosIpSlo6nU6E0Shq3BQlLZZlRRiNosZNQbS0Wq1KpbK0tLS0tFSpVL58+RIci7RQky2Zltvb23w+v7m52el07BdLO53OxsbGysrK7e0tikVaqMmWQMvNzc2rV6+ur6/9f7q+vl5cXLy5uRFjSbTkplNT6SdDZKWnUtO56OINVjkzM5utxd+PpFp2diZTNj/PcMxDXmLo0Y3yK4xJOi0PDw+rq6vfvn1zWvL5fKFQcD5+/fq1UCg8PDz4YyWVFum2juZW273GTctjfNJiLJ2WVqu1s7Ojtmi09Hq97e3tVqvlj5UAWoTT5bs/ilvdH8mwtIRU/9ImMJvjlk7L3t7ewI3gdru9v7/vb08kLSA1R5BKzkjipcW5MtJiLJ2W5eXl+/t7tcU/t3S73eXlZX+sQbRY6alUX3bu682PrblprUGjJdc/Q8l89xyl1RNI7d45pJaddVOmnJlR5LS7zY85bKez0+xmttM0m80quVjLzmoRyhn7kBnPQY//7aFFGZOS227ETNY52kl/OD77IHUM/hGqh0vX444uqBtPfDe6OL7kMKvTks1mu92u2jI3Nzc3N6e2dLvdXC7X8ymQFis95eXGbVbR6fV6uen+Z8/JDi1OruemU0qrE8T5IMxDepOSMbXsrBeQxw/lTD8NPNk4o6SM26oGcwN4cr9fBfmzWD3ZyX8vN/5mJdKA8XlDa4d7uAm8Hi8tcjee+P6pUj1Ru8jxlk5LpVLRKjE/Le12e3d31x8riBY33z3tenM/kjbdgEqs/0FjwDnanlqEbvsSU1T/i39u8BwLVhtqweNVpixUQfqDPlPWB+G2e5traG7x/d0/a4nZ/NiOrkefW4RuhDN8M6NyrGd+H2sJq/ytrS21xU/L5uam8So/NC1WesqZPJy/DkmLG1CZjtwjg+62mkpqQTEULf5cABxon6KmxXvib6PF+Sg+bZK0gBpmBzmfz5vvIAdUYv1mK53OqUVVbjrk3IIqsbQTWDrdf8+EwkMpE9yaR04TOYC30qhlMwJC/mdtYCVWy84OrsSENPanb2AlBq5nEC3OMF0as1rtp347Ug03thJ+nfzx48fLly/Rr5Pz8/Pfv38XYw1a5YsLcaVZWcnYRVg65NzSAzsISqict7OptIXKaWFRq6+n0UNVDKC1202+Qk8diV47BS2/A1b5ejT9Ea5+HrSXELDKF7rR+9PX87XsrD1ueXtgfDX4zRf7zf6Je/Ml5unfYBf4iSMJefoTt6WHOB0PLOYflOLT4LcqFxYWFhYWJu2tyjhgcXfPTPZ5hhhJv57rha9jhknQ4a7HPRsObCJpMVWSaIlHbkETcyXu/wUnFg13PY9n4VNIS6/Xa7fbEUajqHFTlLRQ1GSLtFBUWKX+LmzRNB3GqR8URYUT/1+VFBVWpIWiwoq0UFRYkRaKCivSQlFhRVooKqxIC0WFVWqDoqhwSv3xdlv1i3xF9J+FPdEvkVd3RRvHB3H+LMh+kd8RPZ+viP5rdVc0ij9f3BsrLxb3bb8qHXhc3JWtHeYevy96EXhh7UD0X6V90QuFPdEoPr4vO6JN+4XfA7A9qlT+6FL12w8Xov/Z/1f2wUfRWljHb96fi0bxUZzXB/+KLhw3RK9+uBBdOKyLzh/JfvP+o+jV6qWR0ThNnX9/rtq5rvXjS9Ha8Y7Xj5uii0eXolcOL0QXT5qiS9WG6LXjpuj1kyvRpdOGaNRv+fSTaNQvsj3alEbF64OPolHW5qsN0YiKwnFTtCldKAtRlqNvAWXP2w+yUdai7EFG4zQ1SrLi4blo9D0UD+ui31mfRZdOr0SjcaKnEjKiq3BcF21639FTANm+6pSWhSuHddFoznkDjOcEmUYUH8Uxzk5ABfp2EI0oflRzhbH76aUOvlRtoLkFXS+aW2BCg/FENbfg+3Ih2rRfNHch273rlRh69q9WG6LR3ILiIBpR/OLJlWjTrIJZAmd82Sj+mvVpNAaly7vTpmh0vRvWZ9GwOAHjWT/7LBpVRGjuMq3ETPvdOPvPyHbv+txiWomtAKM4rMSitf8Jbd/XwoePokdViZmuG8e0Enti1r4GxhWUPLeYrnNQNqO7iL4FfFfMqECVAKwQwDhNrSWZUlnJRtn57vSTaJRt6GkF5xwwVxjPOWdXolG/aK5A/SLLcwtaP6BKCc0tKI5pJYaoM15XgCwxXbfAPbcR7YmhfaTS0YVoWJqDdQvcI0JPpQldt9ijSvn2asDeV0R7OKZ7Jijb0Le5Vm2IRsdHlbWmc1TpuC567eTSyGgOQTbdOUVZaBpn/bQhGvd7KRrFMTX8PgPPIi2khbSQFtKSBFqM975G6udCi2k2kxbSItDiS1zSMoyNs82QCtIyybSY/h5iujf13GiBt9CQluA9n6fTAreVSAtpIS1PpAW+9Wg1RUeV92WrKZq0kBbSEhct0aw34BsN4FczlM2mVKxV67IN6+yo1hVoBV8+aYg2pgVlA4hvGieq8cD31iLKZhQfxRnueNLym2jR2kkLaRn8RglpsVMtKbREZdIyDC0omxEt8P2i5NAiJv2k0hJVdpqatAQZvQUY1e8MUdGCMp60TAItpu/SIiqSTotplhih8huymbQkiRZcQZGWRtlqJoUWlD2khbTERYuQT6QlibQUqxeqC0fnqlG7Y7iqDmFvQptlP6QC5athHNN1hXF2gn7fncoun9RFo7s+quyM2xvWlWjT44dzEC0BFJEW0kJaIC3Iz42WqCofdDxpSSQtamPpuE5aSAtpEWjROLFNWkjLONPye6zTIqJCWkgLaTGgBf7L2GdGC0wgQ1pwQpCWBNISBhXSQlqeFy2BGaz6QvRa9Vy0aXZGZZjlhl4/rYs2z2a4KRyRzagz9YbVGDOTFtJCWkgLaSEtpIW0jI9JS3JowSYtpIW0kJbxMmkhLaSFtJAW0kJaEkyLvmo/MXNUtJgntLwHZXp83NmM+kXZkJysfY4mLaSFDmvSQlrowd48a26eNUlLvLSYZj9pGU+TlnGkhR5PkxbSMnrbWej3qPoNNmkhLaRlsLdqV1u1q/8BEkwM644XLxoAAAAASUVORK5CYII=" alt="" />
4.对登陆的处理:(判断用户名与密码,并在session中添加user属性)
登陆表单(用户名与密码的name与Action的属性名字一样)
<form action="<%=path %>/login.action" name="loginform" accept-charset="utf-8" id="login_form" class="loginForm"
method="post"><input type="hidden" name="did" value="0"/>
<input type="hidden" name="to" value="log"/>
<div class="uinArea" id="uinArea">
<label class="input-tips" for="u">帐 号:</label>
<div class="inputOuter" id="uArea">
<input type="text" id="u" name="username" class="inputstyle"/>
</div>
</div>
<!--密码-->
<div class="pwdArea" id="pwdArea">
<label class="input-tips" for="p">密 码:</label>
<div class="inputOuter" id="pArea">
<input type="password" id="p" name="password" class="inputstyle"/>
</div>
</div>
<!--验证码-->
<div class="yzmArea" id="verifyArea">
<label class="input-tips" for="code_input">验证码:</label>
<div class="inputOuter" id="yArea">
<input type="text" id="code_input" name="y" class="inputstyle"/>
<div id="v_container"></div>
</div>
</div>
<!--登录按钮--> <div id="loginbuttondiv" class="inputOuter">
<input type="submit" value="登 录" class="button_blue" id="my_button"/>
</div>
</form>
处理登陆的action
静态模拟两个用户,并未用户分配不同的权限。(2代表是超级用户,可以进行系统管理)
package danger.action.queryView; /**
* 登陆Action
*/
import java.util.HashMap;
import java.util.Map; import javax.servlet.http.HttpSession; import org.apache.struts2.ServletActionContext;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Controller; import com.opensymphony.xwork2.ActionSupport; import danger.bean.sys.User;
import danger.utils.ValidateCheck; @Controller
@Scope("prototype")
public class LoginAction extends ActionSupport {
private Map<String, Object> result;
private String username;
private String password;
private User user; @Override
public String execute() throws Exception {
result = new HashMap();
// 获取session
HttpSession session = ServletActionContext.getRequest().getSession();
// 用户名与密码不为空进行登陆验证
if (ValidateCheck.isNotNull(username) && ValidateCheck.isNotNull(password)) {
// 模拟登陆成功后session中添加user
if ("root".equals(username) && "123456".equals(password)) {
user = new User();
user.setUsername(username);
user.setRole(2);
session.setAttribute("user", user);
return SUCCESS;
}
if ("信息录入人员".equals(username) && "123456".equals(password)) {
user = new User();
user.setRole(1);
user.setUsername(username);
session.setAttribute("user", user);
return SUCCESS;
}
}
// 来到这里证明登陆未成功
result.put("msg", "账户或者密码错误");
return ERROR;
} public String getUsername() {
return username;
} public void setUsername(String username) {
this.username = username;
} public String getPassword() {
return password;
} public void setPassword(String password) {
this.password = password;
} public Map getResult() {
return result;
} public void setResult(Map result) {
this.result = result;
} public User getUser() {
return user;
} public void setUser(User user) {
this.user = user;
}
}
struts.xml 配置(登陆成功后进入主页,失败后到message.jsp显示错误信息)
<!-- 登陆 -->
<action name="login" class="loginAction">
<result name="success" type="redirect">/index.jsp</result>
<result name="error">/message.jsp</result>
</action>
5.退出系统的处理(删除session中的user,并将用户重定向到一个页面)
处理退出的Action(清除session)
package danger.action.queryView; import javax.servlet.http.HttpSession; import org.apache.struts2.ServletActionContext;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Controller; import com.opensymphony.xwork2.ActionSupport;
@Controller
@Scope("prototype")
public class LogoutAction extends ActionSupport { @Override
public String execute() throws Exception {
// 获取session
HttpSession session = ServletActionContext.getRequest().getSession();
// 清空session中的用户
session.removeAttribute("user");
return super.execute();
}
}
struts.xml配置Action
<!-- 退出 -->
<action name="logout" class="logoutAction">
<!-- 成功后送到登陆页面 -->
<result name="success" type="redirect">/login/login.jsp</result>
</action>
退出系统按钮
<a href=javascript:void(0)
style="text-decoration: none; color: white;" onclick="logout()"><span>退出系统</span></a>
处理退出系统的JS函数
<script type="text/javascript">
function logout() {
if (confirm("确定退出系统?")) {
window.location.href = "${baseurl}/logout.action"
}
}
</script>