1.在登陆控制器存session值
2.做退出控制器
3.配置过滤器或者拦截器(防止不登录就能访问)
4.在过滤器@WebFilter或者拦截器过滤可以展现的页面;
过滤器示例一:前后端不分离,servlet+jsp,创建过滤器类,判断请求地址,包下有这么个过滤器类就可以了
过滤器
package filter;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
public class LoginNecessary implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest httpServletRequest = (HttpServletRequest)servletRequest;
HttpServletResponse httpServletResponse = (HttpServletResponse)servletResponse;
String requestURI = httpServletRequest.getRequestURI();
Object username = httpServletRequest.getSession().getAttribute("username");
if (requestURI.endsWith("index.jsp")&&username==null){
httpServletResponse.sendRedirect("login.jsp");
}
filterChain.doFilter(httpServletRequest,httpServletResponse);
}
@Override
public void destroy() {
}
}
示例二:前后端分离,控制器层请求地址*.do
过滤器:包下有这么个过滤器类就可以了
package com.zhao.filter;
import com.zhao.utils.UserUtil;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@WebFilter({"/admin/index.html","/admin/views/*"})
public class AccessFilter implements Filter {
public void destroy() {
}
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException {
HttpServletRequest request= (HttpServletRequest)req;
HttpServletResponse response=(HttpServletResponse)resp;
String adminName = UserUtil.getUserName(request.getSession());
if(adminName!=null)
chain.doFilter(req, resp);
else
((HttpServletResponse) resp).sendError(404,"很抱歉,未登录权限不足");
}
public void init(FilterConfig config) throws ServletException {
}
}
3.请求地址 / ,前后端分离,使用拦截器,需要有一个拦截器类,还需要在springmvc配置文件中配置拦截器
拦截器:
package com.zhao.interceptor;
import com.zhao.pojo.Userh;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class LoginInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
Userh user = (Userh) request.getSession().getAttribute("user");
String uri = request.getRequestURI();
String servletPath = request.getServletPath();
//禁止浏览器使用缓存,防止退出登录后后退回页面
response.setDateHeader("Expires", 0);
response.setHeader("Cache-Control", "no-cache, no-store");
response.setHeader("Pragma", "no-cache");
if (user!=null||servletPath.contains("login")){
return true;
}
response.sendRedirect("/login.html");
return false;
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
}
}
springmvc配置
<!--配置拦截器-->
<mvc:interceptors>
<mvc:interceptor>
<mvc:mapping path="/**.html" /> <!--拦截所有请求-->
<bean class="com.zhao.interceptor.LoginInterceptor" id="loginInterceptor"></bean>
</mvc:interceptor>
</mvc:interceptors>