如何JSP页面应该检查认证 [英] How JSP page should check authentication
问题描述
我是新来的网络编程。我问一个共同的模式做这样的事情检查验证。下面是这种情况:
I am new to web programming. I am asking a common pattern to do things like checking authentication. Here is the scenario:
该网站有供游人登录页面。这将需要用户名和加密的密码,并将它们发送到服务器,然后让无论是错误code(用户名/密码不匹配),或从服务器的身份验证密钥。当用户登录成功,我想要的网站会自动跳转至presents网站的主要功能 main.jsp中
页。
The website has a login page for visitors. It will take username and encrypted password and sent them to server, then get either a error code (username/password doesn't match)or an auth key from the server. When the user logged in successfully, I want the website automatically jump to the main.jsp
page that presents the main functionality of the website.
在这种情况下,我想 main.jsp中
检查用户身份验证。也就是说,我不希望这样的事情发生,比如用户可以直接打开 www.example.com/main.jsp
,如果他们做了这样的事,我想他们重定向到登录页面。
In this case, I want main.jsp
check the user authentication. That is, I don't want such thing happens like user can directly open www.example.com/main.jsp
, and if they did thing like this, I want to redirect them to login page.
所以,我怎么可能通过跨页面验证信息,我怎么能prevent用户直接访问 main.jsp中
没有登录?我是否需要使用会话或什么?
So how could I pass authentication information across page, and how could I prevent user from directly accessing the main.jsp
without login? Do I need to use session or anything?
推荐答案
您可以尝试使用的过滤器
过滤器可以pre-过程中,它达到一个servlet之前的请求,
后处理的响应离开servlet或两者都做。
过滤器可以拦截,检查和修改请求和响应。
Filter can pre-process a request before it reaches a servlet, post-process a response leaving a servlet, or do both. Filters can intercept, examine, and modify requests and responses.
注意:一定要添加一个会话属性一旦你的用户登录,您可以使用会话属性过滤器上的
NOTE: be sure to add a session attribute once your user is logged in, you can use that session attribute on the filter
在的login.jsp 添加
session.setAttribute("LOGIN_USER", user);
//user entity if you have or user type of your user account...
//if not set then LOGIN_USER will be null
的web.xml
<filter>
<filter-name>SessionCheckFilter</filter-name>
<filter-class>yourjavapackage.SessionCheckFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>SessionCheckFilter</filter-name>
<!--url-pattern>/app/*</url-pattern-->
<url-pattern>/main.jsp</url-pattern> <!-- url from where you implement the filtering -->
</filter-mapping>
SessionCheckFilter.java
public class SessionCheckFilter implements Filter {
private String contextPath;
@Override
public void init(FilterConfig fc) throws ServletException {
contextPath = fc.getServletContext().getContextPath();
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain fc) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
if (req.getSession().getAttribute("LOGIN_USER") == null) { //checks if there's a LOGIN_USER set in session...
res.sendRedirect(contextPath + "/login.jsp"); //or page where you want to redirect
} else {
String userType = (String) req.getSession().getAttribute("LOGIN_USER");
if (!userType.equals("ADMIN")){ //check if user type is not admin
res.sendRedirect(contextPath + "/login.jsp"); //or page where you want to
}
fc.doFilter(request, response);
}
}
@Override
public void destroy() {
}
}
这篇关于如何JSP页面应该检查认证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!