权限判断——用户登录成功是才能查看相应的信息，登录失败不能查看并且返回登录页面

用户登录的servlet：

/** *  用户登录的servlet * */@WebServlet("/login")public class LoginServlet extends HttpServlet {private static final long serialVersionUID = 1L;@Overrideprotected void service(HttpServletRequest req, HttpServletResponse resp)throws ServletException, IOException {String name = req.getParameter("name");if(!"admin".equals(name)){//判断：如果传来过的用户名不等于数据库中的admin，那么就跳转到用户登录页面req.getRequestDispatcher("/login.jsp").forward(req, resp);return;}//用户名登陆成功，把用户放到session中去req.getSession().setAttribute("USER_IN_SESSION", name);System.out.println(name);resp.sendRedirect("/welcome.jsp");//登录成功跳转到主页面}}

login.jsp文件：

<%@ page language="java" contentType="text/html; charset=UTF-8"    pageEncoding="UTF-8"%><!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>Insert title here</title></head><body><form action="/login" method="post">用户名:<input type="text" name="name"><input type="submit" name="登录"></form></body></html>

welcome.jsp文件：

<%@ page language="java" contentType="text/html; charset=UTF-8"    pageEncoding="UTF-8"%><!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>Insert title here</title></head><body><h1>欢迎你。来到主页面</h1></body></html>

用户权限判断的过滤器：

/** * 权限判断 *  当用户登录成功的时候才是用户能浏览到主页面的信息——权限验证  * */public class CheckLoginFilter implements Filter {private List<String> unUrlList = new ArrayList<>();//登录不成功返回的路径private String loginUrl = "login.jsp";//用户存放在session中的名称private String LoginSessionName;@Overridepublic void init(FilterConfig filterConfig) throws ServletException {//拿到在web.xml配置好的需要放行的路径字符串login.jsp loginString unUrl = filterConfig.getInitParameter("unUrl");String[] unUrlArr =  unUrl.split(",");//将字符串通过分号，分割成一个数组//把数组转换成一个集合unUrlList = Arrays.asList(unUrlArr);//拿到登录页面路径loginUrl = filterConfig.getInitParameter("loginUrl");//拿到用户存放在session中的名称LoginSessionName = filterConfig.getInitParameter("loginSessionName");}@Overridepublic void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)throws IOException, ServletException {//从session中拿到登录用，如果当前用户不存在，跳转回登录页面  如果存在，直接放行HttpServletRequest req = (HttpServletRequest)request;HttpServletResponse resp = (HttpServletResponse)response;//拿到访问的路径          req.getRequestURI() 拿到的结果是：/login.jspString uri = req.getRequestURI().substring(1);//结果是：login.jsp  //如果这个List中没有包含uri中的路径才进行权限判断if(!unUrlList.contains(uri)){Object user = req.getSession().getAttribute(LoginSessionName);if(user==null){//判断用户是否为空resp.sendRedirect(loginUrl);return;}}chain.doFilter(request, response);}@Overridepublic void destroy() {}}

过滤器的配置文件：

<!--   为做权限判断而配置的过滤器 --> <filter> <filter-name>checkLogin</filter-name> <filter-class>cn.itsource._05_check.CheckLoginFilter</filter-class> <!--  配置不要进行权限判断的路径（不过滤的路径） --> <init-param> <param-name>unUrl</param-name> <param-value>login.jsp,login</param-value> </init-param> <!--  配置登录页面路径 --> <init-param> <param-name>loginSessionName</param-name> <param-value>USER_IN_SESSION</param-value> </init-param> <!--  用户存在session中的名称 --> <init-param> <param-name>loginUrl</param-name> <param-value>/login.jsp</param-value> </init-param> </filter> <filter-mapping> <filter-name>checkLogin</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>