Session模拟登录与退登

一、基本结构页面

• 登录的网页页面

表单提交给LoginServlet处理

<%--
  Created by IntelliJ IDEA.
  User: xdclass
  Date: 2020/5/30
  Time: 下午12:09
  To change this template use File | Settings | File Templates.
--%>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>


    



<%--jsp编写form表单实现网页登录页面--%>

<%--通过action属性来设置提交的servlet页面，实现数据传递;
    getContextPath()得到上下文路径--%>


    名称：

    

    密码：

    

    消息提示 ${msg}//EL表达式，显示servlet中传递的登录失败信息

• LoginServlet登录

登录成功转发到user.jsp页面，显示用户信息。

登录失败，转发到login.jsp页面，并显示登录失败信息。

package net.xdclass.web.controller;

import net.xdclass.web.domain.User;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

@WebServlet("/loginServlet")
public class LoginServlet extends HttpServlet {

    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        this.doPost(req,resp);
    }


    @Override
    protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {

        String name = req.getParameter("name");
        String pwd = req.getParameter("pwd");

        if(name.equals("xdclass") && pwd.equals("123")){

            User user = new User();
            user.setId(121);
            user.setName(name);
            user.setHost("xdclass.net");
            req.getSession().setAttribute("loginUser",user);
            //登录成功将数据转发到user.jsp显示用户数据
            req.getRequestDispatcher("/user/user.jsp").forward(req,resp);

        }else{
            req.setAttribute("msg","账号密码错误");
            req.getRequestDispatcher("/login.jsp").forward(req,resp);
        }


    }
}

•  user.jsp页面

<%--
  Created by IntelliJ IDEA.
  User: xdclass
  Date: 2020/5/27
  Time: 下午10:04
  To change this template use File | Settings | File Templates.
--%>
<%@ page contentType="text/html;charset=UTF-8" language="java" pageEncoding="UTF-8" %>

  
    
  
  
  
hello


  index.jsp

  
<%--换行--%>
<%--使用EL表达式对JSP页面进行简化 --%>
  name = ${user.name}
  

  id= ${user.id}
  

  host= ${user.host}

  

 jsp name =  <%= (String)request.getAttribute("name")%>
  

  el name =  ${name}

退出登录

  

• 退登 

LogoutServlet：点击user.jsp页面的退出登录，跳转到该页面。

package net.xdclass.web.controller;



import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;

@WebServlet("/logout_servlet")
public class LogoutServlet extends HttpServlet {

    @Override
    protected void doGet(HttpServletRequest request, HttpServletResponse response) {
        
        //清除session：调用 session.invalidate() 方法使session失效
       HttpSession session = request.getSession();
        session.invalidate();
        //请求转发到登录页面
        request.getRequestDispatcher("/login.jsp").forward(request,response);

    }
}

二、完善

如何防止非法访问

若用户直接通过端口号+user.jsp来直接访问用户页面如何处理？

通过过滤器Filter来实现对非法访问的拦截

package net.xdclass.web.filter;

import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.annotation.WebInitParam;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;


//注解配置过滤器：设置urlPatterns指定拦截路径
@WebFilter(filterName = "loginFilter",urlPatterns = {"/user/*","/order/*"},initParams = {
        @WebInitParam(name = "encoding",value = "UTF-8"),
        @WebInitParam(name = "loginPage",value = "/login.jsp"),
})

public class LoginFilter implements Filter {

    //过滤器配置对象，可以获取到过滤的基本配置信息
    private FilterConfig filterConfig;

    private String encoding;

    private String loginPage;


    @Override
    public void init(FilterConfig filterConfig) throws ServletException {

        System.out.println("CustomFilter init ");
        this.filterConfig = filterConfig;

        this.encoding = filterConfig.getInitParameter("encoding");
        this.loginPage = filterConfig.getInitParameter("loginPage");

    }

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {

        System.out.println("CustomFilter doFilter ");

        request.setCharacterEncoding(encoding);
        response.setCharacterEncoding(encoding);
        response.setContentType("text/html;charset=utf-8");

        //强转来获取session
        HttpServletRequest httpServletRequest = (HttpServletRequest)request;
        HttpServletResponse httpServletResponse = (HttpServletResponse)response;

        //session里面有用户信息
        if(httpServletRequest.getSession().getAttribute("loginUser") !=null){//拦截非法访问

            chain.doFilter(request,response);//添加过滤，用户信息非空才放行，执行LoginServlet资源

        }else {
            //否则仍转发到登录页面
            httpServletRequest.setAttribute("msg","非法访问，请登录");
            httpServletRequest.getRequestDispatcher(loginPage).forward(httpServletRequest,httpServletResponse);
        }

    }


    @Override
    public void destroy() {

        System.out.println("CustomFilter destroy ");
    }
}

三、小结

       客户端通过设置表单提交路径，将请求数据传给服务器，服务器通过转发将服务器的数据传递给客户端，以此来实现数据页面交互。

       过滤也是通过设置拦截路径或者过滤对象，通过添加一些过滤条件来实现拦截非法行为，如果符合条件便通过doFilter方法发给服务器进行逻辑处理。