add<会话鉴权控制>

src/main/java/example/controller/LoginServlet.java

@@ -1,5 +1,6 @@
 package example.controller;
 
+import example.model.User;
 import example.service.IUserService;
 import example.service.impl.UserServiceImpl;
 
@@ -22,9 +23,9 @@ public class LoginServlet extends HttpServlet {
         String username = req.getParameter("username");
         String password = req.getParameter("password");
         try {
-            boolean login = userService.login(username, password);
+            User user = userService.login(username, password);
-            if(login){
+            if(user!=null){
-                req.getSession().setAttribute("username",username);
+                req.getSession().setAttribute("user",user);
                 resp.sendRedirect("/index.jsp");
             }else{
                 req.getSession().setAttribute("msg","用户名或密码错误");

src/main/java/example/controller/LogoutServlet.java

@@ -0,0 +1,29 @@
+package example.controller;
+
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+import java.io.IOException;
+
+@WebServlet("/logout")
+public class LogoutServlet extends HttpServlet {
+    @Override
+    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+        // 获取当前会话
+        HttpSession session = request.getSession(false);
+        if (session!= null) {
+            // 使会话失效，清除会话中存储的所有用户相关信息，比如用户对象等
+            session.invalidate();
+        }
+        // 重定向到登录页面，用户退出后回到登录界面
+        response.sendRedirect("login.jsp");
+    }
+
+    @Override
+    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+        doGet(request, response);
+    }
+}

src/main/java/example/filter/LoginFilter.java

@@ -0,0 +1,43 @@
+package example.filter;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.annotation.WebFilter;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+import java.io.IOException;
+
+@WebFilter("/*") // 拦截所有请求路径
+public class LoginFilter implements Filter {
+    @Override
+    public void init(FilterConfig filterConfig) throws ServletException {
+        // 初始化操作，可以在这里获取过滤器的初始化参数等
+    }
+    @Override
+    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
+        HttpServletRequest request = (HttpServletRequest) servletRequest;
+        HttpServletResponse response = (HttpServletResponse) servletResponse;
+        HttpSession session = request.getSession(false);
+        String requestURI = request.getRequestURI();
+        if (requestURI.contains("login.jsp") || requestURI.contains("login")) {
+            filterChain.doFilter(request, response);
+        } else {
+            if (session!= null && session.getAttribute("user")!= null) {
+                // 用户已登录，放行请求
+                filterChain.doFilter(request, response);
+            } else {
+                // 用户未登录，重定向到登录页面
+                response.sendRedirect("login.jsp");
+            }
+        }
+    }
+    @Override
+    public void destroy() {
+        // 销毁资源，例如关闭数据库连接等（如果在过滤器中有相关资源的话）
+    }
+}

src/main/java/example/service/IUserService.java

@@ -5,7 +5,7 @@ import example.model.User;
 import java.util.List;
 
 public interface IUserService {
-    boolean login(String username, String password) throws Exception;
+    User login(String username, String password) throws Exception;
 
     List<User> getUserList() throws Exception;
 }

src/main/java/example/service/impl/UserServiceImpl.java

@@ -10,9 +10,12 @@ public class UserServiceImpl implements IUserService {
     UserDao userDao=new UserDao();
 
     @Override
-    public boolean login(String username, String password) throws Exception {
+    public User login(String username, String password) throws Exception {
         User user = userDao.getUserByUsername(username);
-        return user != null && user.getPassword().equals(password);
+        if (user != null && user.getPassword().equals(password)) {
+            return user;
+        }
+        return null;
     }
 
     @Override

src/main/webapp/index.jsp

@@ -10,5 +10,6 @@
 <a href="/user?action=list">用户列表</a>
 <a href="/cart?action=list">我的购物车</a>
 <a href="/orders?action=all">所有订单</a>
+<a href="/logout">注销登录</a>
 </body>
 </html>