说明
给出三个页面:index.jsp、user.jsp、admin.jsp。
index.jsp:谁都可以访问,没有限制;
user.jsp:只有登录用户才能访问;
admin.jsp:只有管理员才能访问。
分析
设计User类:username、password
当用户登录成功后,把user保存到session中。
创建LoginFilter,它有两种过滤方式:
如果访问的是user.jsp,查看session中是否存在username;
如果访问的是admin.jsp,查看session中是否存在admin
注意事项:
1、一定要记得导入标签库<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
2、BFilter是防止游客进入会员以及管理员所能进入的界面
CFliter是防止游客和会员进入管理员的界面
LoginServlet
package cn.lq.servlet;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class LoginServlet extends HttpServlet {
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String username = request.getParameter("username");
if(username.contains("itcast")){
request.getSession().setAttribute("admin", username);
//response.sendRedirect(request.getContextPath()+"/admin/admin.jsp");
}else{
request.getSession().setAttribute("username", username);
}
response.sendRedirect(request.getContextPath()+"/index.jsp");
}
}
BFilter
package cn.lq.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
public class BFilter implements Filter {
public void destroy() {
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
String name = (String) req.getSession().getAttribute("admin");
if(name!=null){
chain.doFilter(request, response);
return;
}
name = (String) req.getSession().getAttribute("username");
if(name!=null){
chain.doFilter(request, response);
}else{
req.setAttribute("msg", "您什么都不是,不能够进入");
req.getRequestDispatcher("/login.jsp").forward(request, response);
}
}
public void init(FilterConfig fConfig) throws ServletException {
}
}
CFilter
package cn.lq.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
public class CFilter implements Filter {
public void destroy() {
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
String name = (String) req.getSession().getAttribute("admin");
if(name!=null){
chain.doFilter(request, response);
}else{
req.setAttribute("msg", "您不是管理员不能进入");
req.getRequestDispatcher("/login.jsp").forward(request, response);
}
}
public void init(FilterConfig fConfig) throws ServletException {
}
}
web.xml
<filter>
<display-name>BFilter</display-name>
<filter-name>BFilter</filter-name>
<filter-class>cn.lq.filter.BFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>BFilter</filter-name>
<url-pattern>/users/*</url-pattern>
</filter-mapping>
<filter>
<display-name>CFilter</display-name>
<filter-name>CFilter</filter-name>
<filter-class>cn.lq.filter.CFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CFilter</filter-name>
<url-pattern>/admin/*</url-pattern>
</filter-mapping>
index.jsp
<body>
<h1>欢迎来到这里</h1>
<a href="<c:url value='/a.jsp' />">游客入口</a>
<a href="<c:url value='/users/user.jsp' />"> 会员入口</a>
<a href="<c:url value='/admin/admin.jsp' />"> 管理员入口</a>
</body>
users/user.jsp
<body>
<h1>欢迎游客</h1>
<a href="<c:url value='/a.jsp' />">游客入口</a>
<a href="<c:url value='/users/user.jsp' />"> 会员入口</a>
<a href="<c:url value='/admin/admin.jsp' />"> 管理员入口</a>
</body>
admin/admin.jsp
<body>
<h1>欢迎管理员</h1>
<a href="<c:url value='/a.jsp' />">游客入口</a>
<a href="<c:url value='/users/user.jsp' />"> 会员入口</a>
<a href="<c:url value='/admin/admin.jsp' />"> 管理员入口</a>
</body>
login.jsp
<body>
<h1>登录</h1>
${msg }
<form action="<c:url value='/LoginServlet'/>" method="post">
用户名:<input type="text" name="username">
<input type="submit" value="提交">
</form>
</body>