一个是用户登录,一个管理员登录,怎么实现资源拦截 ,利用filter和session
时间: 2024-06-11 07:07:51 浏览: 66
1. 首先,创建一个Filter,拦截所有请求。
```
public class AuthFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
// 初始化
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
HttpSession session = httpRequest.getSession(false);
if (session == null || session.getAttribute("user") == null) {
// 如果用户未登录,则重定向到登录页面
httpResponse.sendRedirect(httpRequest.getContextPath() + "/login.jsp");
} else {
// 如果用户已登录,则继续请求
chain.doFilter(request, response);
}
}
@Override
public void destroy() {
// 销毁
}
}
```
2. 在web.xml中配置Filter。
```
<filter>
<filter-name>AuthFilter</filter-name>
<filter-class>com.example.AuthFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AuthFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
```
3. 在用户登录时,将用户信息保存到Session中。
```
public class LoginServlet extends HttpServlet {
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String username = request.getParameter("username");
String password = request.getParameter("password");
// 验证用户信息,并保存到Session中
if (validateUser(username, password)) {
HttpSession session = request.getSession(true);
session.setAttribute("user", new User(username, password));
response.sendRedirect(request.getContextPath() + "/index.jsp");
} else {
response.sendRedirect(request.getContextPath() + "/login.jsp?error=1");
}
}
private boolean validateUser(String username, String password) {
// 验证用户信息的方法
}
}
```
4. 在管理员登录时,将管理员信息保存到Session中。
```
public class AdminLoginServlet extends HttpServlet {
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String username = request.getParameter("username");
String password = request.getParameter("password");
// 验证管理员信息,并保存到Session中
if (validateAdmin(username, password)) {
HttpSession session = request.getSession(true);
session.setAttribute("admin", new Admin(username, password));
response.sendRedirect(request.getContextPath() + "/admin/index.jsp");
} else {
response.sendRedirect(request.getContextPath() + "/admin/login.jsp?error=1");
}
}
private boolean validateAdmin(String username, String password) {
// 验证管理员信息的方法
}
}
```
5. 在需要管理员权限访问的页面中,再创建一个管理员Filter,拦截所有请求。
```
public class AdminAuthFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
// 初始化
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
HttpSession session = httpRequest.getSession(false);
if (session == null || session.getAttribute("admin") == null) {
// 如果管理员未登录,则重定向到登录页面
httpResponse.sendRedirect(httpRequest.getContextPath() + "/admin/login.jsp");
} else {
// 如果管理员已登录,则继续请求
chain.doFilter(request, response);
}
}
@Override
public void destroy() {
// 销毁
}
}
```
6. 在web.xml中再次配置Filter。
```
<filter>
<filter-name>AdminAuthFilter</filter-name>
<filter-class>com.example.AdminAuthFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AdminAuthFilter</filter-name>
<url-pattern>/admin/*</url-pattern>
</filter-mapping>
```