当前页面: 开发资料首页 → J2EE 专题 → SessionFilter权限验证问题

SessionFilter权限验证问题

摘要: SessionFilter权限验证问题

一个老的话题
通过ServletFilter过滤request,并处理response，来达到权限验证
求教源码实现

---

//这是filter的实现类
package src.com.ligx.config;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class protectFilter implements Filter{
FilterConfig fc = null;
public void init(FilterConfig fc) throws ServletException{

}

public void doFilter(ServletRequest request,ServletResponse response,FilterChain chain) throws ServletException, IOException
{
HttpServletRequest req = (HttpServletRequest)request;
HttpServletResponse res = (HttpServletResponse)response;
String uri = req.getRequestURI();
String[] path = uri.split("/");
if(!path[2].equalsIgnoreCase("logon.do"))
{
String logonFlag = (String)req.getSession().getAttribute("isLogon");
if(logonFlag == null)
{
try{
res.sendRedirect("/error.jsp");
}catch(Exception e)
{
System.out.println("sendRedirect error");
}
}
}

chain.doFilter(request,response);
}

public void destroy(){
}
}
//这是web.xml的配置。

dd
src.com.ligx.config.protectFilter



dd
*.jsp

---