Shulou(Shulou.com)06/03 Report--

This article introduces you how to use ServletFilter to achieve system login permissions, the content is very detailed, interested friends can refer to, hope to be helpful to you.

Servlet Filter introduction

Filters are web application components that can be bound to a web application. But unlike other web application components, filters are "chained" during the processing of the container. This means that they access an incoming request before the servlet processor and access the outgoing response information before it is returned to the customer. This access allows the filter to examine and modify the contents of requests and responses.

Scenarios applicable to Filter:

1. Model the new features of a web application (can be added to or removed from a web application without rewriting the underlying application code)

two。 Add new features to past code

3. The Filter: Filter authorized by the user is responsible for checking the user's request and filtering the user's illegal request according to the request

4. Log Filter: record some special user requests in detail

5. Filter responsible for decoding: including decoding requests for non-standard coding

Location used by Filter:

Before the filter is placed on the web resource, it can intercept the incoming request before the request reaches the web resource to which it is applied (it can be a Servlet, a Jsp page, or even a HTML page) and the output request before it returns to the customer. Filter: used to intercept requests, between the client and the requested resource, in order to reuse code. The Filter chain, which is configured first in web.xml, will be called first. Some initialization parameters can also be configured in filter.

The purpose of Filter:

1. Intercept the customer's HttpServletRequest before HttpServletRequest arrives at Servlet

two。 Check HttpServletRequest as needed, or you can modify HttpServletRequest headers and data

3. Intercept HttpServletResponse before HttpServletResponse reaches the client

4. Check HttpServletResponse as needed, and you can modify HttpServletResponse headers and data

A Filter can be responsible for intercepting multiple requests or responses: a request or response can also be intercepted by multiple requests.

Use Filter to verify system login permissions

Here, we use the method of verifying session. When we make a request for a module, we first verify whether the current user's request exists session. If so, continue to access it. If not, jump to the login page.

Step one:

Write your own Filter intercept class, which needs to implement the filter interface of servlet

Public class WebFilter implements Filter {@ Override public void init (FilterConfig filterConfig) throws ServletException {} @ Override public void doFilter (ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {HttpServletRequest request = (HttpServletRequest) servletRequest; HttpServletResponse response = (HttpServletResponse) servletResponse; HttpSession session = request.getSession (); String currPath = request.getRequestURI (); / / URL if (session.getAttribute ("logined")! = null) {filterChain.doFilter (servletRequest, servletResponse);} else {response.sendRedirect ("/ login.jsp") } @ Override public void destroy () {}}

The interceptor chain is used here, and when we configure multiple interceptors, the server assembles a chain sequentially according to the order defined by the filter in web.xml, and then executes the doFilter () method in it once.

Step 2:

Configure a custom interceptor in web.xml

Web.xml:

WebFilter com.test.interceptor.WebFilter skipPath ok.jsp webFilter / *

In this way, our custom interceptor is configured. If there are multiple interceptors, please pay attention to the order in which the interceptor is configured. The interceptor will be intercepted in the order from top to bottom. Generally speaking, the interceptor dealing with coding is configured at the top.

Through the operation of the above steps, it can be accessed through URI at this time. At this point, if you can get the logined value in Session, you will go directly to the next step, otherwise you will go directly to the login page. Thus the verification of session is completed.

On how to use ServletFilter to achieve system login permissions to share here, I hope that the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.