1. New Filter Class:
Package com.xiami.manager.filter;
Import java.io.IOException; Import Javax.servlet.Filter; Import Javax.servlet.FilterChain; Import Javax.servlet.FilterConfig; Import javax.servlet.ServletException; Import Javax.servlet.ServletRequest; Import Javax.servlet.ServletResponse; Import Javax.servlet.http.HttpServletRequest; Import Javax.servlet.http.HttpServletResponse; Import javax.servlet.http.HttpSession;
public class AuthFilter implements Filter {public void init (Filterconfig filterconfig) throws Servletexception {} public void Destroy () {}
public void Dofilter (ServletRequest servletrequest, servletresponse ServletResponse, filterchain filterchain) throws IOException, servletexception { System.out.println ("This URL is filtering ...) "); The first parameter of the /** * 1,dofilter is the ServletRequest object. This object provides the filter with full access to incoming information, including * form data, cookies, and HTTP request headers. The second parameter is Servletresponse, which is usually omitted in a simple over * filter. The last parameter is Filterchain, which is used to invoke a servlet or JSP page. * httpservletrequest request = (httpservletrequest) servletrequest; /** * If HTTP requests are processed and you need access to methods such as GetHeader or getcookies that are not available in ServletRequest *, It is necessary to construct this request object into HttpServletRequest * * httpservletresponse response = (httpservletresponse) Servletresponse; string Currenturl = Request.getrequesturi (); Gets the absolute path of the root directory: string targeturl = currenturl.substring (Currenturl.indexof ("/", 1), &nbsP; currenturl.length ()); Intercepts to the current filename for comparison httpsession session = Request.getsession (false); if (!) /login.jsp ". Equals (TargetUrl)) { if (!) /userlogin.action ". Equals (TargetUrl)) {//Do not filter login action //to determine whether the current page is a redirected login Page page, If it is not a session of the judge, to prevent the death loop if (session = NULL | | Session.getattribute ("competence") = = null) {& nbsp; //* User must manually add session system.out.println after login (" Request.getcontextpath () = " + Request.getcontextpath ()); response.sendredirect (Request.getcontextpath () + "/login.jsp"); //Redirect to login.jsp page if the session is null to indicate that the user is not logged in return;    &NBSP} } //add filter chain continue down filterchain.dofilter (request, response); /** * Invokes the Dofilter method of the Filterchain object. The Dofilter method of the filter interface takes a Filterchain object as a parameter of its *. Activates the next associated filter when calling the Dofilter method of this object. If no other * A filter is associated with a servlet or JSP page, the servlet or JSP page is activated. *  }
2. Configure in Web.xml:
<filter>
<filter-name>AuthFilter</filter-name>
<filter-class> com.xiami.manager.filter.authfilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AuthFilter</filter-name>
<url-pattern>*.jsp</url-pattern>
</ filter-mapping>
<filter-mapping>
<filter-name>AuthFilter</filter-name>
< url-pattern>*.html</url-pattern>
</filter-mapping>
<filter-mapping>
< filter-name>authfilter</filter-name>
<url-pattern>*.htm</url-pattern>
</ filter-mapping>
<filter-mapping>
<filter-name>AuthFilter</filter-name>
<url-pattern>*.action</url-pattern>
</filter-mapping>
3. When login is successful, the user data is written to the session in the action.
Servletactioncontext.getrequest (). GetSession (). setattribute ("competence", "s");
4. When exiting the account, in the action bar session to NULL
Servletactioncontext.getrequest (). GetSession (). setattribute ("competence", null);
Note:
Follow the above method to solve the problem of URL permissions.