SecurityFilter
public class SecurityFilter implements Filter {
public void destroy() {
// TODO Auto-generated method stub
}
public void doFilter(ServletRequest req, ServletResponse resp,
FilterChain chain) throws IOException, ServletException {
//強制轉換
HttpServletRequest request = (HttpServletRequest)req;
HttpServletResponse response = (HttpServletResponse)resp;
//是否登錄判斷邏輯
//先判斷有無session對象存在
HttpSession session = request.getSession(false);
if(session==null){
//沒有登錄
response.sendRedirect(request.getContextPath()+"/noAuth.html");
return;
}else{
String user = (String)session.getAttribute("user");
if(user==null){
//沒有登錄成功
response.sendRedirect(request.getContextPath()+"/noAuth.html");
return;
}
}
//如果已經登錄成功了,則放行!
chain.doFilter(request, response);
}
public void init(FilterConfig filterConfig) throws ServletException {
// TODO Auto-generated method stub
}
}
問題:
現在有
login.jsp
modify.jsp
index.html
noAuth.html
幾個頁面,很明顯login.jsp和noAuth.html沒有必要攔截,因為這些本來就是攔截后的結果,是要接著做出處理的,那怎么針對性的對其他頁面做出攔截配置呢?
- filter配置文件中
<url-pattern>/modify.jsp</url-pattern>
<url-pattern>/noAuth.html</url-pattern>
- 可以把要攔截的頁面統一放到一個文件夾下
<url-pattern>/文件夾/*</url-pattern>
Paste_Image.png