之前的登陆小游戏好玩吧~,不过还存在一个大Bug喔,如果人家直接进我们的主页main.jsp呢?那登陆还有什么用呢?就如小偷都能直接进你家里面偷东西啦,们还有什么用呢?是啊,于是我们不妨研究下门该这样设计呢?
首先我们需要在用户访问我们主页面之前对其进行检查,如果他的身份符合我们就放他们进去,不然呢?不然就回到登陆页面啊~,毕竟人家都是这样搞的嘛~。要实现这样功能我们就需要了解下过滤器咯。哎不想写咯。列子中再说吧....
首先还是我们之前那的Mvc列子哈,
1.web.xml的配置,配置增加了对过滤器和监听器的配置,不慌我们又注解哈。还是上文档吧~
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
<display-name>HeadFirstJspServletChap05</display-name>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>
<!---登陆servlet--->
<servlet>
<servlet-name>loginServlet</servlet-name>
<servlet-class>com.java.web.LoginServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>loginServlet</servlet-name>
<url-pattern>/login</url-pattern>
</servlet-mapping>
<!--注销servlet--->
<servlet>
<servlet-name>logoutServlet</servlet-name>
<servlet-class>com.java.web.LogoutServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>logoutServlet</servlet-name>
<url-pattern>/logout</url-pattern>
</servlet-mapping>
<!---登陆过滤器--->
<filter>
<filter-name>loginFilter</filter-name>
<filter-class>com.java.filter.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>loginFilter</filter-name>
<!---此处配置过滤的匹配地址--->
<url-pattern>/*</url-pattern>
</filter-mapping>
<!---注销监听器--->
<listener>
<listener-class>
com.java.listener.SessionAttributeListener
</listener-class>
</listener>
</web-app>
model:
package com.java.model;
public class User {
private int id;
private String userName;
private String password;
public User() {
super();
// TODO Auto-generated constructor stub
}
public User(String userName, String password) {
super();
this.userName = userName;
this.password = password;
}
public int getId() {
return id;
}
public void setId(int id) {
this.id = id;
}
public String getUserName() {
return userName;
}
public void setUserName(String userName) {
this.userName = userName;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
}
dao包:
package com.java.dao;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import com.java.model.User;
public class UserDao {
public User login(Connection con,User user)throws Exception{
User resultUser=null;
String sql="select * from t_user where userName=? and password=?";
PreparedStatement pstmt=con.prepareStatement(sql);
pstmt.setString(1, user.getUserName());
pstmt.setString(2, user.getPassword());
ResultSet rs=pstmt.executeQuery();
if(rs.next()){
resultUser=new User();
resultUser.setUserName(rs.getString("userName"));
resultUser.setPassword(rs.getString("password"));
}
return resultUser;
}
}
web包:
package com.java.web;
import java.io.IOException;
import java.sql.Connection;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import com.java.dao.UserDao;
import com.java.model.User;
import com.java.util.DbUtil;
//登陆servlet
public class LoginServlet extends HttpServlet{
/**
*
*/
private static final long serialVersionUID = 1L;
DbUtil dbUtil=new DbUtil();
UserDao userDao=new UserDao();
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
this.doPost(request, response);
}
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String userName=request.getParameter("userName");
String password=request.getParameter("password");
Connection con=null;
try {
User user=new User(userName,password);
con=dbUtil.getCon();
User currentUser=userDao.login(con, user);
if(currentUser==null){
request.setAttribute("error", "用户名或密码错误");
request.setAttribute("userName", userName);
request.setAttribute("password", password);
request.getRequestDispatcher("login.jsp").forward(request, response);
}else{
HttpSession session=request.getSession();
session.setAttribute("currentUser", currentUser);
response.sendRedirect("main.jsp");
}
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}
//注销servlet
package com.java.web;
import java.io.IOException;
import java.sql.Connection;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import com.java.dao.UserDao;
import com.java.model.User;
import com.java.util.DbUtil;
public class LogoutServlet extends HttpServlet{
/**
*
*/
private static final long serialVersionUID = 1L;
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
this.doPost(request, response);
}
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
request.getSession().invalidate();
response.sendRedirect("login.jsp");
}
}
filter包:
package com.java.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
public class LoginFilter implements Filter{
public void destroy() {
// TODO Auto-generated method stub
}
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse,
FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request=(HttpServletRequest)servletRequest;
HttpSession session=request.getSession();
Object o=session.getAttribute("currentUser");
String path=request.getServletPath();
if(o==null&&path.indexOf("login")<0){
request.getRequestDispatcher("login.jsp").forward(servletRequest, servletResponse);
}else{
filterChain.doFilter(servletRequest, servletResponse);
}
}
public void init(FilterConfig arg0) throws ServletException {
// TODO Auto-generated method stub
}
}
listener包:
package com.java.listener;
import javax.servlet.http.HttpSessionAttributeListener;
import javax.servlet.http.HttpSessionBindingEvent;
public class SessionAttributeListener implements HttpSessionAttributeListener{
public void attributeAdded(HttpSessionBindingEvent httpSessionBindingEvent) {
System.out.println("添加的属性名:"+httpSessionBindingEvent.getName()+",属性值:"+httpSessionBindingEvent.getValue());
}
public void attributeRemoved(HttpSessionBindingEvent httpSessionBindingEvent) {
System.out.println("删除的属性名:"+httpSessionBindingEvent.getName()+",属性值:"+httpSessionBindingEvent.getValue());
}
public void attributeReplaced(HttpSessionBindingEvent httpSessionBindingEvent) {
}
}
util工具包:
package com.java.util;
import java.sql.Connection;
import java.sql.DriverManager;
public class DbUtil {
private String dbUrl="jdbc:mysql://localhost:3306/db_jsp";
private String dbUserName="root";
private String dbPassword="56";
private String jdbcName="com.mysql.jdbc.Driver";
public Connection getCon()throws Exception{
Class.forName(jdbcName);
Connection con=DriverManager.getConnection(dbUrl, dbUserName, dbPassword);
return con;
}
public void closeCon(Connection con)throws Exception{
if(con!=null){
con.close();
}
}
public static void main(String[] args) {
DbUtil dbUtil=new DbUtil();
try {
dbUtil.getCon();
System.out.println("连接成功");
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}
登陆页面:
login.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
<form action="login" method="post">
<table>
<tr>
<th colspan="2">用户登录</th>
</tr>
<tr>
<td>用户名:</td>
<td><input type="text" id="userName" name="userName" value="${userName }"/></td>
</tr>
<tr>
<td>密码:</td>
<td><input type="password" id="password" name="password" value="${password }"/></td>
</tr>
<tr>
<td><input type="submit" value="登录"/></td>
<td><font color="red">${error }</font></td>
</tr>
</table>
</form>
</body>
</html>
登陆成功页面:
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
主页!当前登录用户:${currentUser.userName } <a href="logout">注销</a>
</body>
</html>
数据库文件:
/*
SQLyog 企业版 - MySQL GUI v8.14
MySQL - 5.1.49-community : Database - db_jsp
*********************************************************************
*/
/*!40101 SET NAMES utf8 */;
/*!40101 SET SQL_MODE=‘‘*/;
/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */;
/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;
/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE=‘NO_AUTO_VALUE_ON_ZERO‘ */;
/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */;
CREATE DATABASE /*!32312 IF NOT EXISTS*/`db_jsp` /*!40100 DEFAULT CHARACTER SET utf8 */;
USE `db_jsp`;
/*Table structure for table `t_user` */
DROP TABLE IF EXISTS `t_user`;
CREATE TABLE `t_user` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`userName` varchar(20) DEFAULT NULL,
`password` varchar(20) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8;
/*Data for the table `t_user` */
insert into `t_user`(`id`,`userName`,`password`) values (1,‘java1234‘,‘123456‘);
/*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */;
/*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */;
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
说明:监听器listener在本列中使用有点牵强,在这里只是为了掩饰,监听器有一个非常重要的用途,就是文件上传时候做进度条,此部分会在后面慢慢的学习。
此部分代码可以复制到自己的开发工具中直接运行,mysql的驱动包自己网上下载,不嫌麻烦的可以找我要
原文:http://www.cnblogs.com/csy666/p/6431459.html