书城2-Filter拦截未登录用户

Filter 拦截未登录用户

未登录用户可以访问登录页面、商城首页等，但不能使用添加购物车、结账等功能

因此，要判断是否登录，若未登录，点击结账则跳转到登录页面

• Filter 拦截所有页面，再设置未登录用户可以访问的白名单

@WebFilter(
        urlPatterns = {"*.do","*.html"},
        initParams = {
            @WebInitParam(name = "bai",
                    value = "/page.do?operate=page&page=user/login,/user.do?null")
        }
)
public class SessionFilter implements Filter {

    List<String> baiList = null;

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
        // 在 init 中配置白名单 baiList
        String bai = filterConfig.getInitParameter("bai");
        String[] baiArr = bai.split(",");
        baiList = Arrays.asList(baiArr);
    }

    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) servletRequest;
        HttpServletResponse response = (HttpServletResponse) servletResponse;

        //判断传入 request 的连接是否在白名单中，如果是，则直接放行，不是则重定向
        String uri = request.getRequestURI();
        String queryString = request.getQueryString();
        String str = uri + "?" + queryString;
        if (baiList.contains(str)){
            filterChain.doFilter(request,response);
            return;
        }else {

            HttpSession session = request.getSession();
            Object currUserObj = session.getAttribute("currUser");
            if(currUserObj == null) {
                response.sendRedirect("page.do?operate=page&page=user/login");
            }else {
                filterChain.doFilter(request,response);
            }
        }


    }

    @Override
    public void destroy() {
        Filter.super.destroy();
    }
}