标签:根据 逻辑 org cookies 访问 control key 找不到 web.xml
public interface Filter {
//Servlet过滤器的初始化方法,Servlet容器创建Servlet过滤器实例后将调用这个方法。在这个方法中可以读取web.xml文件中Servlet过滤器的初始化参数
public void init(FilterConfig filterConfig) throws ServletException;
//完成实际的过滤操作,当客户请求访问于过滤器关联的URL时,Servlet容器将先调用过滤器的doFilter方法。FilterChain参数用于访问后续过滤器
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException;
//Servlet容器在销毁过滤器实例前调用该方法,这个方法中可以释放Servlet过滤器占用的资源
public void destroy();
}
public interface FilterChain {
//此方法是由Servlet容器提供给开发者的,用于对资源请求过滤链的依次调用,通过FilterChain调用过滤链中的下一个过滤 器,如果是最后一个过滤器,则下一个就调用目标资源。
public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException;
}
public interface FilterConfig {
//返回web.xml部署文件中定义的该过滤器的名称
String getFilterName();
//返回调用者所处的servlet上下文
ServletContext getServletContext();
//返回过滤器初始化参数值的字符串形式,当参数不存在时,返回nul1.name是初始化参数名
String getInitParameter(String var1);
//以Enumeration形式返回过滤器所有初始化参数值,如果没有初始化参数,返回为空
Enumeration<String> getInitParameterNames();
}
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0">
<display-name>testFilter</display-name>
<!-- 请求url日志记录过滤器 -->
<filter>
<filter-name>logfilter</filter-name>
<filter-class>com.fuzhu.LogFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>logfilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 编码过滤器 -->
<filter>
<filter-name>setCharacterEncoding</filter-name>
<filter-class>com.fuzhu.EncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>utf-8</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>setCharacterEncoding</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
package com.fuzhu;
import java.io.IOException;
import java.util.Enumeration;
import java.util.HashMap;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
public class EncodingFilter implements Filter {
private String encoding;
private HashMap<String,String> params = new HashMap<String,String>();
// 项目结束时就已经进行销毁
public void destroy() {
System.out.println("end do the encoding filter!");
params=null;
encoding=null;
}
public void doFilter(ServletRequest req, ServletResponse resp,FilterChain chain) throws IOException, ServletException {
System.out.println("before encoding " + encoding + " filter!");
req.setCharacterEncoding(encoding);
chain.doFilter(req, resp);
System.out.println("after encoding " + encoding + " filter!");
System.err.println("----------------------------------------");
}
// 项目启动时就已经进行读取
public void init(FilterConfig config) throws ServletException {
System.out.println("begin do the encoding filter!");
encoding = config.getInitParameter("encoding");
for (Enumeration<?> e = config.getInitParameterNames(); e.hasMoreElements();) {
String name = (String) e.nextElement();
String value = config.getInitParameter(name);
params.put(name, value);
}
}
}
package com.fuzhu;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
public class LogFilter implements Filter {
public FilterConfig config;
public void destroy() {
this.config = null;
System.out.println("end do the logging filter!");
}
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
System.out.println("before the log filter!");
// 将请求转换成HttpServletRequest 请求
HttpServletRequest hreq = (HttpServletRequest) req;
// 记录日志
System.out.println("Log Filter已经截获到用户的请求的地址:"+hreq.getServletPath() );
try {
// Filter 只是链式处理,请求依然转发到目的地址。
chain.doFilter(req, res);
} catch (Exception e) {
e.printStackTrace();
}
System.out.println("after the log filter!");
}
public void init(FilterConfig config) throws ServletException {
System.out.println("begin do the log filter!");
this.config = config;
}
}
package com.fuzhu;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@WebServlet("/FilterServlet")
public class FilterServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setDateHeader("expires", -1);
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
}
}
public interface HandlerInterceptor {
//该方法将在请求处理之前进行调用。该方法将在请求处理之前进行调用,只有该方法返回true,才会继续执行后续的Interceptor和Controller
boolean preHandle(HttpServletRequest var1, HttpServletResponse var2, Object var3) throws Exception;
//在当前请求进行处理之后,也就是Controller 方法调用之后执行
void postHandle(HttpServletRequest var1, HttpServletResponse var2, Object var3, ModelAndView var4) throws Exception;
//该方法将在整个请求结束之后,也就是在DispatcherServlet 渲染了对应的视图之后执行。
void afterCompletion(HttpServletRequest var1, HttpServletResponse var2, Object var3, Exception var4) throws Exception;
}
<!-- 配置拦截器 -->
<mvc:interceptors>
<!-- 配置登陆拦截器 -->
<mvc:interceptor>
<!--拦截后台页面的请求-->
<!--<mvc:mapping path="/backend/**"/>-->
<mvc:mapping path="/test/testMethod"/>
<!--不拦截登录页和登录的请求-->
<!--<mvc:exclude-mapping path="/backend/loginPage"/>-->
<!--<mvc:exclude-mapping path="/backend/login"/>-->
<bean class="com.fuzhu.Interceptor.Myinterceptor"></bean>
</mvc:interceptor>
</mvc:interceptors>
@RestController
@RequestMapping("/test")
public class TestController {
@RequestMapping(value = "/testMethod",produces="text/html;charset=UTF-8", method = {RequestMethod.GET,RequestMethod.GET})
public String test() {
Score score = new Score();
// score.setChangeType("玩游戏");
// score.setScore(10);
// scoreService.insertScore(score);
return JSON.toJSONString(score);
}
}
<!-- 配置拦截器 -->
<mvc:interceptors>
<!-- 配置登陆拦截器 -->
<mvc:interceptor>
<!--拦截后台页面的请求-->
<mvc:mapping path="/backend/**"/>
<!--<mvc:mapping path="/test/testMethod"/>-->
<!--不拦截登录页和登录的请求-->
<mvc:exclude-mapping path="/backend/loginPage"/>
<mvc:exclude-mapping path="/backend/login"/>
<!--<bean class="com.fuzhu.Interceptor.Myinterceptor"></bean>-->
<bean class="com.fuzhu.Interceptor.LoginInterceptor"></bean>
</mvc:interceptor>
</mvc:interceptors>
public class LoginInterceptor implements HandlerInterceptor {
@Override
public void afterCompletion(HttpServletRequest request,
HttpServletResponse response, Object obj, Exception err)
throws Exception {
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response,
Object obj, ModelAndView mav) throws Exception {
}
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response,
Object obj) throws Exception {
//拿到cookie
//也就是获取session里的登录状态值
String cookie= CookieUtil.getByName(request,"isLogin");
if (cookie!=null){
//session解密
Map<String,Object> map= AuthUtil.decodeSession(cookie);
String loginStatus= (String) map.get("isLogin");
Long timestamp= (Long) map.get("timestamp");
if (loginStatus!=null&×tamp!=null&&new Date().getTime()-timestamp<1000*60*60*24*10){
return true;
}
}
//没有找到登录状态则重定向到登录页,返回false,不执行原来controller的方法
response.sendRedirect("/backend/loginPage");
return false;
}
}
//session工具类
public class AuthUtil {
//这个类方法是面向手机客户端的,从而实现的Token机制。实现请见上述文章:
private static Map<String, Object> getClientLoginInfo(HttpServletRequest request) throws Exception {
Map<String, Object> r = new HashMap<>();
String sessionId = request.getHeader("sessionId");
if (sessionId != null) {
r = decodeSession(sessionId);
return r;
}
throw new Exception("session解析错误");
}
//根据token拿去用户id
public static Long getUserId(HttpServletRequest request) throws Exception {
return Long.valueOf((Integer)getClientLoginInfo(request).get("userId"));
}
/**
* session解密
*/
public static Map<String, Object> decodeSession(String sessionId) {
try {
return verifyJavaWebToken(sessionId);
} catch (Exception e) {
System.err.println("");
return null;
}
}
}
public class CookieUtil {
public static final int TIME = 60 * 60 * 24 * 10; //10天存活时间
//添加cookie
public static void addCookie(HttpServletResponse response,
String cookieName, String value) {
Cookie cookie = new Cookie(cookieName, value);
cookie.setPath("/");
cookie.setMaxAge(TIME);
response.addCookie(cookie);
}
//删除cookie
public static void deleteCookie(HttpServletResponse response,
String cookieName) {
Cookie cookie = new Cookie(cookieName, null);
cookie.setPath("/");
cookie.setMaxAge(0);
response.addCookie(cookie);
}
//获取用户的cookie名字
public static String getByName(HttpServletRequest request, String cookieName) {
String value = null;
Cookie[] cookies = request.getCookies();
if (cookies != null) {
for (Cookie cookie : cookies) {
if (cookieName.equals(cookie.getName())) {
value = cookie.getValue();
}
}
}
return value;
}
}
@Controller
@RequestMapping("/backend")
public class BackstageController {
//首先是登录页面
@RequestMapping(value = "/loginPage", method = {RequestMethod.GET})
public String loginPage(HttpServletRequest request, String account, String password) {
return "login";
}
//登录的接口逻辑
@RequestMapping(value = "/login", method = {RequestMethod.POST})
public String login(HttpServletRequest request, HttpServletResponse response, RedirectAttributes model, String account, String password) {
//后台管理者的账号密码
if ("fuzhu".equals(account) && "fuzhucheng".equals(password)) {
Map<String, Object> loginInfo = new HashMap<>();
loginInfo.put("isLogin", "yes!");
loginInfo.put("timestamp", new Date());
String sessionId = JavaWebToken.createJavaWebToken(loginInfo);//token机制,详情请看上文所说的文章
CookieUtil.addCookie(response,"isLogin",sessionId);//加cookie
return "redirect:loginSuccess";//重定向
} else {
model.addFlashAttribute("error", "密码错误");
return "redirect:loginPage";
}
}
@RequestMapping(value = "/loginSuccess", method = {RequestMethod.GET})
public String accusationPage(HttpServletRequest request) {
return "success";
}
//主动登出的时候使用
@RequestMapping(value = "/logOut", method = {RequestMethod.GET})
public String loginOut(HttpServletRequest request, HttpServletResponse response) {
CookieUtil.deleteCookie(response,"isLogin");
return "redirect:loginPage";
}
}
JavaWeb--Servlet过滤器Filter和SpringMVC的HandlerInterceptor(Session和Cookie登录认证)
标签:根据 逻辑 org cookies 访问 control key 找不到 web.xml
原文地址:http://blog.csdn.net/jack__frost/article/details/71158139