publicclassForumFilterimplementsFilter{privatestaticfinalString[]UNLOGIN_URIS={"/index.jsp","/index.do","/login.jsp","/login/doLogin.do","/register.jsp","/register.do","/board/listBoardTopics-","/board/listTopicPosts-"};publicvoidinit(FilterConfigfilterConfig)throwsServletException{}publicvoiddoFilter(ServletRequestservletRequest,ServletResponseservletResponse,FilterChainfilterChain)throwsIOException,ServletException{HttpServletRequestrequest=(HttpServletRequest)servletRequest;Useruser=getSessionUser(request);if(user==null&&!isURILogin(request.getRequestURI(),request)){StringtoUrl=request.getRequestURI();if(!StringUtils.isEmpty(request.getQueryString())){toUrl+="?"+request.getQueryString();}request.getSession().setAttribute(Define.LOGIN_TO_URL,toUrl);request.getRequestDispatcher("/login.jsp").forward(servletRequest,servletResponse);return;}filterChain.doFilter(servletRequest,servletResponse);}}protectedUsergetSessionUser(HttpServletRequestrequest){return(User)request.getSession().getAttribute(Define.UserLine);}publicvoiddestroy(){}protectedbooleanisURILogin(StringrequestURI,HttpServletRequestrequest){if(request.getContextPath().equalsIgnoreCase(requestURI)||(request.getContextPath()+"/").equalsIgnoreCase(requestURI))returntrue;for(Stringuri:UNLOGIN_URIS){if(requestURI!=null&&requestURI.indexOf(uri)>=0){returntrue;}}returnfalse;}}

实现Filter接口,重写doFilter方法。

将ServletRequest转成HttpServletRequest并且获取session中的用户。

如果存在用户或者访问的url是可以不登入就可访问的,即已经登入成功了,那就直接doFilter();

如果不存在,那就保存当前要访问的url,然后跳转到登入界面,如果登入成功再跳回此url。


getContextPath():得到当前应用的根目录

在一些应用中,未登录用户请求了必须登录的资源时,提示用户登录,此时要记住用户访问的当前页面的URL,当他登录成功后根据记住的URL跳回用户最后访问的页面:

String lastAccessUrl = request.getRequestURI() + "?" + request.getQueryString();