Java Web Simple Implementation method of login filter

Filter filter, the actual is the need and do not need to separate things!

Today we say "login filter" in our program, first we look at the following question:

1. What is " login filter " for?

1)" login Filter " is to prevent users from accessing our website without logging in.

2) Example: main.html This page is required through login.html this page login before you can access, now there is a user is not logged in, direct access to main.html success. So, does such a website feel insecure? The user does not have to login casually to visit. So,we has to need a filter. We need filters to filter out some pages that need to be logged in before they can be accessed.

2, How do we filter it?

1) at first! We must filter out the pages that need to be logged in

2) When we get the page we need to log in, how can we tell if the user is logged in? So,we need a session.

3) The session is the basis to determine whether the user is logged in. Logged in we let him continue to visit, not logged in we let him return to the login screen.

Let's look at how the code is implemented:

Package com.haojieli.filter;

Import java.io.IOException;

Import Javax.servlet.Filter;
Import Javax.servlet.FilterChain;
Import Javax.servlet.FilterConfig;
Import javax.servlet.ServletException;
Import Javax.servlet.ServletRequest;
Import Javax.servlet.ServletResponse;
Import Javax.servlet.http.HttpServletRequest;
Import Javax.servlet.http.HttpServletResponse;
Import javax.servlet.http.HttpSession;

public class Loginfilterimplements Filter {

public void Destroy () {
TODO auto-generated Method Stub
}

public void DoFilter (ServletRequest arg0, Servletresponse arg1,
Filterchain arg2) throws IOException, Servletexception {
TODO auto-generated Method Stub
HttpServletRequest req = (httpservletrequest) arg0;
HttpServletResponse resp = (httpservletresponse) arg1;
HttpSession session = Req.getsession ();
Gets the URI of the user request
String path = Req.getrequesturi ();
Get credentials for login verification from session My demo here is using password as login credentials.
String password = (string) session.getattribute ("password");
Login.jsp page does not need to be filtered (according to the requirements of your project)

Also can Path.contains ("login.jsp") anyway how accurate how to come not to say more
if (Path.indexof ("/login.jsp") >-1) {//Note: Login page must not filter or filter on ... Self-commissioning Don't be lazy! It's a deep memory.
Arg2.dofilter (req, resp);
Return
} else {//If the filter is not login.jsp
if (password = = NULL | | "". Equals (password)) {
Jump to landing page
Resp.sendredirect ("login.jsp");
} else {
Have landed, continue this request
Arg2.dofilter (req, resp);
}
}
}
public void init (Filterconfig arg0) throws Servletexception {
TODO auto-generated Method Stub
}
}

There is no need to explain the code here, the code has detailed comments, but the important point of our filter is written well, but also need to configure Ah, otherwise how to run it? Followe me.

Configure the filter in Web. XML

<filter>
<filter-name>Login</filter-name>
<filter-class>com.haojieli.filter.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>adminLogin</filter-name>

<!--here/admin/* means that the file under the specified path needs to be filtered or written as <url-pattern>/*</url-pattern> means all files need to be filtered--
<url-pattern>/admin/*</url-pattern>
</filter-mapping>

Note: The login page cannot be filtered ... Self-commissioning Don't be lazy! So deep in memory ...

This is the end of the blog, thank you for watching, I hope to help readers, if you have any comments and suggestions please comment on the message ...

====== wish you a happy life ======

Java Web Simple Implementation method of login filter