JSP使用Servlet过滤器进行身份验证的方法

1、Servlet过滤器的作用描述

（1）在HttpServletRequest到达Servlet 之前，拦截客户的HttpServletRequest。
根据需要检查HttpServletRequest，也可以修改HttpServletRequest头和数据。
（2）在HttpServletResponse 到达客户端之前，拦截HttpServletResponse。
根据需要检查HttpServletResponse，可以修改HttpServletResponse头和数据。

2、应用Servlet过滤器进行身份验证

假设网站根目录下的login1.htm、longin1.jsp用于用户登录，而chap08目录下的文件需要用户登录后才能访问。

（1）编写Servlet过滤器

@WebFilter("/FilterStation") public class FilterStation extends HttpServlet implements Filter { private FilterConfig filterConfig; public FilterStation() { super(); } public void destroy() { } public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpSession session=((HttpServletRequest)request).getSession(); response.setCharacterEncoding("gb2312"); if(session.getAttribute("me")==null){ PrintWriter out=response.getWriter(); out.print("<script>alert('请登录！');location.href='../login1.htm'</script>"); } else{ // pass the request along the filter chain chain.doFilter(request, response); } } public void init(FilterConfig fConfig) throws ServletException { // TODO Auto-generated method stub this.filterConfig=fConfig; } }

（2）配置web.xml

<filter> <filter-name>filterstation</filter-name> <filter-class>zhou.FilterStation</filter-class> </filter> <filter-mapping> <filter-name>filterstation</filter-name> <url-pattern>/chap08/*</url-pattern> </filter-mapping>

（3）login1.htm代码

<html> <head> <title>用户登录</title> </head> <body> <form method="POST" action="login1.jsp"> <p>用户名：<input type="text" size="18"></p> <p>密码：<input type="text" size="20"></p> <p><input type="submit" value="提交"> <input type="reset" value="重置"></p> </form> </body> </html>

（4）login1.jsp代码

<%@ page contentType="text/html;charset=GB2312" %> <html> <head><title>Session 应用演示</title></head> <% if (request.getParameter("user")!=null && request.getParameter("pass")!=null) { String strName=request.getParameter("user"); String strPass=request.getParameter("pass"); if (strName.equals("admin") && strPass.equals("admin")) { session.setAttribute("login","OK"); session.setAttribute("me",strName); response.sendRedirect("chap08/welcome.jsp"); } else { out.print("<script>alert('用户名或密码错误');location.href='login1.htm'</script>"); } } %> </html>