アクセス制御
1、手順1:filterに権限判断を追加する
- public class AuthFilter implements Filter {
-
- @Override
- public void destroy() {
- }
-
- @Override
- public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse,
- FilterChain filterChain) throws IOException, ServletException {
- HttpServletRequest request = (HttpServletRequest) servletRequest;
- HttpServletResponse response = (HttpServletResponse) servletResponse;
- String currentURL = request.getRequestURI();
- String targetURL = currentURL.substring(currentURL.indexOf("/", 1), currentURL.length());
- HttpSession session = request.getSession(false);
- if (!"/login/login.html".equals(targetURL)) {
- // , session ,
- if (session == null || session.getAttribute("user") == null) {
- //* session
- response.sendRedirect(request.getContextPath() + "/page/login/login.html");
- // session login.jsp
- return;
- }
- }
- // filter
- filterChain.doFilter(request, response);
- }
-
- @Override
- public void init(FilterConfig arg0) throws ServletException {
- }
- }
2、web.xmlで構成し、アクセスをブロックするページ
- <filter>
- <filter-name>authFilter</filter-name>
- <filter-class>com.alibaba.hummock.console.filter.AuthFilter</filter-class>
- </filter>
- <filter-mapping>
- <filter-name>authFilter</filter-name>
- <url-pattern>*.html</url-pattern>
- </filter-mapping>
3、ログイン時にuserをセッションに書き込む