【JavaWeb】Servlet身份验证过滤器

使用过滤器验证用户的示例

下面来看看如何使用过滤器验证用户的简单示例。
在这个示例中创建了以下几个主要的代码文件：

• Authentication.html - 首页
• MyAuthenticationFilter.java - 过滤器，用于处理用户登录信息和跳转。
• AdminServlet.java - 管理员的Servlet
• web.xml - 项目描述符和配置信息。

AdminServlet.java

public class AdminServlet extends HttpServlet {
    @Override
    public void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException {
        // 设置服务器端内容类型
        response.setContentType("text/html;charset=utf-8");
        // 设置服务器端编码
        response.setCharacterEncoding("utf-8");
        // 设置客户端编码
        request.setCharacterEncoding("utf-8");
        // 获取服务器端输出对象
        PrintWriter out = response.getWriter();

        out.println("欢迎来到 Admin页面");
        out.close();
    }
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

MyAtuthenticationFilter.java

public class MyAuthenticationFilter implements Filter {
    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
        System.out.println("Filter init");
    }

    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        // 设置服务器端内容类型
        servletResponse.setContentType("text/html;charset=utf-8");
        // 设置服务器端编码
        servletResponse.setCharacterEncoding("utf-8");
        // 设置客户端编码
        servletRequest.setCharacterEncoding("utf-8");
        // 获取服务器端输出对象
        PrintWriter out = servletResponse.getWriter();

        //获取密码
        String password = servletRequest.getParameter("password");
        if (password == null){
            password = "";
        }

        if (password.equals("admin")){
            filterChain.doFilter(servletRequest,servletResponse);
        }
        else {
            // include的请求转发
            out.println("密码错误");
            RequestDispatcher dispatcher = servletRequest.getRequestDispatcher("Authentication.html");
            dispatcher.include(servletRequest,servletResponse);
        }
    }

    @Override
    public void destroy() {
        System.out.println("Filter destroy");
    }
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39

Authentication.html

DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>使用过滤器验证用户title>
head>
<body>
    <div style="text-align: center">
        <form action="login" method="post">
            用户名:<input type="text" name="userName" value="krislin"><br/>
            密码:<input type="password" name="password"><br/>
            <input type="submit" value="登录">
        form>
    div>
body>
html>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

web.xml

<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns="http://xmlns.jcp.org/xml/ns/javaee"
         xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
         id="WebApp_ID" version="3.1">
    <display-name>ServletRequestdisplay-name>
    <welcome-file-list>
        <welcome-file>Authentication.htmlwelcome-file>
        <welcome-file>Filter.htmlwelcome-file>
        <welcome-file>Context.htmlwelcome-file>
        <welcome-file>dbConfig.htmlwelcome-file>
        <welcome-file>redirect.htmlwelcome-file>
        <welcome-file>forward.htmlwelcome-file>
        <welcome-file>head.htmlwelcome-file>
    welcome-file-list>
    <servlet>
        <servlet-name>AdminServletservlet-name>
        <servlet-class>AdminServletservlet-class>
    servlet>
    <servlet-mapping>
        <servlet-name>AdminServletservlet-name>
        <url-pattern>/loginurl-pattern>
    servlet-mapping>
    <filter>
        <filter-name>MyAuthenticationfilter-name>
        <filter-class>MyAuthenticationFilterfilter-class>
    filter>
    <filter-mapping>
        <filter-name>MyAuthenticationfilter-name>
        <url-pattern>/loginurl-pattern>
    filter-mapping>
<web-app>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33