1. 我们可以在web.xml中配置filter来对指定的URL进行过滤,进行一些特殊操作如权限验证等。
<!– session过滤filter –>
<filter>
<filter-name>SessionFilter</filter-name>
<filter-class>com.xm.chris.SessionFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>SessionFilter</filter-name>
<url-pattern>/resources/*</url-pattern>
</filter-mapping>
public class SessionFilter implements Filter {
private static final String CONTENT_TYPE = "text/html; charset=UTF-8";
private FilterConfig _filterConfig = null;
public void init(FilterConfig filterConfig) throws ServletException {
_filterConfig = filterConfig;
}
public void destroy() {
_filterConfig = null;
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException,
ServletException {
HttpServletRequest rq = (HttpServletRequest) request;
HttpSession httpSession = rq.getSession();
Long userId = (Long) httpSession.getAttribute("userId");
if (userId == null) {
response.setContentType(CONTENT_TYPE);
PrintWriter out = response.getWriter();
out.println("<html>");
out.println("<head><title>Error</title></head>");
out.println("<body>");
out.println("<p id='Message'>错误.</p>");
out.println("</body></html>");
out.close();
} else {
chain.doFilter(request, response);
}
}
}
这时所有请求了contextPath/resources/*路径的request都会被SessionFilter验证是否登录。
2. 但是我们有一些特定的url不想验证登录,想要直接能够访问,怎么办呢?
这时可以配置一个参数,告诉Filter哪些url不想验证。
<filter>
<filter-name>SecurityFilter</filter-name>
<filter-class>com.oracle.ccsc.jcs.sx.filter.SecurityFilter</filter-class>
<init-param>
<param-name>excludedPages</param-name>
<param-value>/xm/portal/notice</param-value>
</init-param>
</filter>
然后在Filter中就可以根据参数判断是否需要过滤。
public class SecurityFilter implements Filter {
private static final String CONTENT_TYPE = "text/html; charset=UTF-8";
private FilterConfig _filterConfig = null;
private String excludedPages;
private String[] excludedPageArray;
public void init(FilterConfig filterConfig) throws ServletException {
_filterConfig = filterConfig;
excludedPages = filterConfig.getInitParameter("excludedPages");
if (StringUtils.isNotEmpty(excludedPages)) {
excludedPageArray = excludedPages.split(",");
}
}
public void destroy() {
_filterConfig = null;
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException,
ServletException {
HttpServletRequest rq = (HttpServletRequest) request;
boolean isExcludedPage = false;
for (String page : excludedPageArray) { //判断是否在过滤url之外if (rq.getPathInfo().equals(page)) {
isExcludedPage = true;
break;
}
}
if (isExcludedPage) { //在过滤url之外
chain.doFilter(request, response);
} else { //不在过滤url之外,判断登录
HttpSession httpSession = rq.getSession();
Long userId = (Long) httpSession.getAttribute("userId");
if (userId == null) {
response.setContentType(CONTENT_TYPE);
PrintWriter out = response.getWriter();
out.println("<html>");
out.println("<head><title>Error</title></head>");
out.println("<body>");
out.println("<p id='Message'>错误.</p>");
out.println("</body></html>");
out.close();
} else {
chain.doFilter(request, response);
}
}
}
}
3. 关于用Servlet获取URL地址。
在HttpServletRequest类里,有以下六个取URL的函数
getContextPath 取得项目名
getServletPath 取得Servlet名
getPathInfo 取得Servlet后的URL名,不包括URL参数
getRequestURL 取得不包括参数的URL
getRequestURI 取得不包括参数的URI,即去掉协议和服务器名的URL
具体如下图:
相对应的函数的值如下:
getContextPath:/ServletTest
getServletPath:/main
getPathInfo:/index/testpage/test
getRequestURL:http://localhost:8080/ServletTest/main/index/testpage/test
getRequestURI:/ServletTest/main/index/testpage/test