过滤器控制登录校验
需求说明:未登录状态下不允许访问showShedule.html和SysScheduleController相关增删改处理,重定向到login.html,登录成功后可以自由访问
- 开发登录过滤器,对指定资源的请求进行过滤
java
import jakarta.servlet.*;
import jakarta.servlet.annotation.WebFilter;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpSession;
import java.io.IOException;
@WebFilter(urlPatterns = {"/showSchedule.html","/schedule/*"})
public class LoginFilter implements Filter {
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request =(HttpServletRequest) servletRequest;
HttpServletResponse response =(HttpServletResponse) servletResponse;
HttpSession session = request.getSession();
Object sysUser = session.getAttribute("sysUser");
if(null != sysUser){
// session中如果存在登录的用户 代表用户登录过,则放行
filterChain.doFilter(servletRequest,servletResponse);
}else{
//用户未登录,重定向到登录页
response.sendRedirect("/login.html");
}
}
}
- 修改用户登录请求的login方法,登录成功时,将用户信息存入session
java
/**
* 用户登录的业务接口
* @param req
* @param resp
* @throws ServletException
* @throws IOException
*/
protected void login(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
// 接收用户请求参数
// 获取要注册的用户名密码
String username = req.getParameter("username");
String userPwd = req.getParameter("userPwd");
// 调用服务层方法,根据用户名查询数据库中是否有一个用户
SysUser loginUser =userService.findByUsername(username);
if(null == loginUser){
// 没有根据用户名找到用户,说明用户名有误
resp.sendRedirect("/loginUsernameError.html");
}else if(! loginUser.getUserPwd().equals(MD5Util.encrypt(userPwd))){
// 用户密码有误,
resp.sendRedirect("/loginUserPwdError.html");
}else{
// 登录成功,将用户信息存入session
req.getSession().setAttribute("sysUser",loginUser);
// 登录成功,重定向到日程展示页
resp.sendRedirect("/showSchedule.html");
}
}