add<会话鉴权控制>
liyansheng
parent
ed4b1b4f3e
commit
dd7954c3b5
|
|
@ -1,5 +1,6 @@
|
|||
package example.controller;
|
||||
|
||||
import example.model.User;
|
||||
import example.service.IUserService;
|
||||
import example.service.impl.UserServiceImpl;
|
||||
|
||||
|
|
@ -22,9 +23,9 @@ public class LoginServlet extends HttpServlet {
|
|||
String username = req.getParameter("username");
|
||||
String password = req.getParameter("password");
|
||||
try {
|
||||
boolean login = userService.login(username, password);
|
||||
if(login){
|
||||
req.getSession().setAttribute("username",username);
|
||||
User user = userService.login(username, password);
|
||||
if(user!=null){
|
||||
req.getSession().setAttribute("user",user);
|
||||
resp.sendRedirect("/index.jsp");
|
||||
}else{
|
||||
req.getSession().setAttribute("msg","用户名或密码错误");
|
||||
|
|
|
|||
|
|
@ -0,0 +1,29 @@
|
|||
package example.controller;
|
||||
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.annotation.WebServlet;
|
||||
import javax.servlet.http.HttpServlet;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import javax.servlet.http.HttpSession;
|
||||
import java.io.IOException;
|
||||
|
||||
@WebServlet("/logout")
|
||||
public class LogoutServlet extends HttpServlet {
|
||||
@Override
|
||||
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
|
||||
// 获取当前会话
|
||||
HttpSession session = request.getSession(false);
|
||||
if (session!= null) {
|
||||
// 使会话失效,清除会话中存储的所有用户相关信息,比如用户对象等
|
||||
session.invalidate();
|
||||
}
|
||||
// 重定向到登录页面,用户退出后回到登录界面
|
||||
response.sendRedirect("login.jsp");
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
|
||||
doGet(request, response);
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,43 @@
|
|||
package example.filter;
|
||||
|
||||
import javax.servlet.Filter;
|
||||
import javax.servlet.FilterChain;
|
||||
import javax.servlet.FilterConfig;
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.ServletRequest;
|
||||
import javax.servlet.ServletResponse;
|
||||
import javax.servlet.annotation.WebFilter;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import javax.servlet.http.HttpSession;
|
||||
import java.io.IOException;
|
||||
|
||||
@WebFilter("/*") // 拦截所有请求路径
|
||||
public class LoginFilter implements Filter {
|
||||
@Override
|
||||
public void init(FilterConfig filterConfig) throws ServletException {
|
||||
// 初始化操作,可以在这里获取过滤器的初始化参数等
|
||||
}
|
||||
@Override
|
||||
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
|
||||
HttpServletRequest request = (HttpServletRequest) servletRequest;
|
||||
HttpServletResponse response = (HttpServletResponse) servletResponse;
|
||||
HttpSession session = request.getSession(false);
|
||||
String requestURI = request.getRequestURI();
|
||||
if (requestURI.contains("login.jsp") || requestURI.contains("login")) {
|
||||
filterChain.doFilter(request, response);
|
||||
} else {
|
||||
if (session!= null && session.getAttribute("user")!= null) {
|
||||
// 用户已登录,放行请求
|
||||
filterChain.doFilter(request, response);
|
||||
} else {
|
||||
// 用户未登录,重定向到登录页面
|
||||
response.sendRedirect("login.jsp");
|
||||
}
|
||||
}
|
||||
}
|
||||
@Override
|
||||
public void destroy() {
|
||||
// 销毁资源,例如关闭数据库连接等(如果在过滤器中有相关资源的话)
|
||||
}
|
||||
}
|
||||
|
|
@ -5,7 +5,7 @@ import example.model.User;
|
|||
import java.util.List;
|
||||
|
||||
public interface IUserService {
|
||||
boolean login(String username, String password) throws Exception;
|
||||
User login(String username, String password) throws Exception;
|
||||
|
||||
List<User> getUserList() throws Exception;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -10,9 +10,12 @@ public class UserServiceImpl implements IUserService {
|
|||
UserDao userDao=new UserDao();
|
||||
|
||||
@Override
|
||||
public boolean login(String username, String password) throws Exception {
|
||||
public User login(String username, String password) throws Exception {
|
||||
User user = userDao.getUserByUsername(username);
|
||||
return user != null && user.getPassword().equals(password);
|
||||
if (user != null && user.getPassword().equals(password)) {
|
||||
return user;
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -10,5 +10,6 @@
|
|||
<a href="/user?action=list">用户列表</a>
|
||||
<a href="/cart?action=list">我的购物车</a>
|
||||
<a href="/orders?action=all">所有订单</a>
|
||||
<a href="/logout">注销登录</a>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
Reference in New Issue