过滤器

中文乱码

@WebFilter(filterName = "CharacterEncodingFilter", urlPatterns = "/*")
public class CharacterEncodingFilter implements Filter {
    public static String encoding;

    public void init(FilterConfig config) throws ServletException {
        // Web服务器启动就初始化了
        encoding = config.getServletContext().getInitParameter("encoding");
    }

    public void destroy() {
        // Web服务器关闭就销毁
    }

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws ServletException, IOException {
        request.setCharacterEncoding(encoding);
        response.setContentType("text/html;charset=" + encoding);
        chain.doFilter(request, response);
    }
}

登陆拦截

拦截器

@WebFilter(filterName = "AuthorityFilter", urlPatterns = "/*")
public class AuthorityFilter implements Filter {
    public static List<String> passPath = new ArrayList<>();
    public void init(FilterConfig config) throws ServletException {
        passPath.add("login.jsp");
        passPath.add("login");
    }

    public void destroy() {
    }

    @Override
    public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException {
        HttpServletRequest request = (HttpServletRequest) req;
        HttpServletResponse response = (HttpServletResponse) resp;
        String requestURI = request.getRequestURI().substring(request.getRequestURI().lastIndexOf("/") + 1);
        String userID = (String) request.getSession().getAttribute("UserID");
        if (!passPath.contains(requestURI)) {
            // 不在放行范围内的其他链接，如果没有登陆则跳到登陆页面
            if (userID == null) {
                response.sendRedirect(request.getContextPath() + "/login.jsp");
            } else {
                chain.doFilter(request, response);
            }
        } else {
            // 被放行的链接，如果已登陆则跳到首页
            if (userID != null) {
                response.sendRedirect(request.getContextPath() + "/index.jsp");
            }else {
                chain.doFilter(request, response);
            }
        }
    }
}

LoginServlet

@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    String username = request.getParameter("username");
    String password = request.getParameter("password");
    if ("admin".equals(username) && "admin".equals(password)) {
        request.getSession().removeAttribute("msg");
        request.getSession().setAttribute("UserID", request.getSession().getId());
        response.sendRedirect(request.getContextPath() + "/common/LoginSuccess.jsp");
    } else {
        request.getSession().setAttribute("msg", "账号或密码错误");
        response.sendRedirect(request.getContextPath() + "/login.jsp");
    }
}

LogoutServlet

@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    request.getSession().removeAttribute("UserID");
    response.sendRedirect(request.getContextPath() + "/login.jsp");
}

LoginJSP

<body>
<form action="${pageContext.request.contextPath}/login">
    用户名：<input type="text" name="username"> <br/>
    密码：<input type="password" name="password"> <br/>
    <input type="submit" value="登陆"> ${pageContext.session.getAttribute("msg")}
</form>
</body>

LogSuccessJSP

<body>
<h1>登陆成功！</h1>
<form action="${pageContext.request.contextPath}/logout">
    <input type="submit" value="注销">
</form>
</body>

总结

折腾了好久，登陆拦截器的关键点在于某些路径需要放行，否则会造成各种问题。且在过滤器里进行重定向的链接一定不能执行chain.doFilter(request, response);，否则继续执行后续代码如果有再有重定向就会报错，最好就是重定向完就不继续chain了，直接执行重定向代码。这也是chain的意义。