过滤器防止用户恶意登录

 @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        //向上转型成父类，获取req对象
        HttpServletRequest req=(HttpServletRequest) servletRequest;

        //调用请求对象，读取请求头中的uri，了解用户访问的资源文件是哪个
        String uri = req.getRequestURI();
        if(uri.indexOf("login")!=-1||"/myweb/".equals(uri)){
            filterChain.doFilter(servletRequest,servletResponse);
            return;
        }
        //本次请求如果访问其他资源文件，需要得到用户在服务端的Session
        HttpSession session = req.getSession();
        if(session!=null){
            filterChain.doFilter(servletRequest,servletResponse);
            return;
        }
         //拒绝请求，重定向到登陆错误页面
        req.getRequestDispatcher("/login_error.html").forward(servletRequest,servletResponse);

    }