Question

我在我的JEE项目中为我的登录表单制作了一个过滤器。我想确保您需要先配置会话，然后才能访问登录表单之后的任何页面。所以，到目前为止我已经写了这个

public class AuthenticationFilter implements Filter {

 @Override
public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest)arg0;
if(request.getRequestURI().startsWith("/"))    
}

在我的request.getRequestURI语句中，我应该编写用户只能在传递登录表单后才能访问的servlet或jsp页面吗？

Answer 1

    @Override
    public void doFilter ( final ServletRequest request, final ServletResponse response, final FilterChain chain ) throws IOException, ServletException
    {
            doFilter( (HttpServletRequest) request, (HttpServletResponse) response, chain );
    }

    private void doFilter ( final HttpServletRequest request, final HttpServletResponse response, final FilterChain chain ) throws IOException, ServletException
    {
        if ( isAuthorized( request ) )
        {
            chain.doFilter( request, response );
        }
        else
        {
            response.sendRedirect("/login.html");
        }
    }


    boolean isAuthorized ( final HttpServletRequest request ) throws 
    {
        if ( request.getParameter("password").equals("swordfish") )
            request.getSession().setAttribute("authorized","true");

        return request.getSession().getAttribute("authorized") != null;
    }

这是一种“玩具”实现，并没有遵循许多最佳实践，但我希望它很容易理解。

servlet或jsp的getRequestURI？

1 个答案: