securityservlet.java~37~

这是本人刚刚得到的JBuilder9软件开发项目实践的源码

package jxc;

import javax.servlet.*;
import javax.servlet.http.*;
import java.io.*;
import java.util.*;

/**
 * <p>Title: jxc demo</p>
 * <p>Description: </p>
 * <p>Copyright: Copyright (c) 2003</p>
 * <p>Company: </p>
 * @author cwx
 * @version 1.0
 */

public class SecurityServlet extends HttpServlet implements Filter {
  private FilterConfig filterConfig;
  //Handle the passed-in FilterConfig
  public void init(FilterConfig filterConfig) {
    this.filterConfig = filterConfig;
  }
  //Process the request/response pair
  public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) {
    try {
       //系统登录页面
       String signOnPage = "login.jsp";

       HttpServletRequest hreq = (HttpServletRequest) request;
       HttpServletResponse hres = (HttpServletResponse) response;

       String currentURL = hreq.getRequestURI();
       int ctxPathLen = 0;
       String ctxPath = hreq.getContextPath();
       if(ctxPath!=null)
         ctxPathLen = ctxPath.length();
       String targetURL = null;
       //去掉可能存在的虚拟目录字符串
       if(!currentURL.equals(ctxPath))
         targetURL = currentURL.substring(ctxPathLen+1, currentURL.length());
       else
         targetURL = "";

      if ((targetURL != null) && targetURL.equals("login.do")) {
         //处理登录，验证密码
         //获取用户名
         String userName = hreq.getParameter("username");
         //获取密码
         String password = hreq.getParameter("password");

         //如果存在session，则使之无效
         HttpSession session = hreq.getSession(false);
         if(session != null) {
           session.invalidate();
         }
         session = hreq.getSession();

         if(UserManager.login(userName, password)){
           session.setAttribute("logined", new Boolean(true));
         }
         else{
           //标记用户登录错误；在登录页面中使用此标志，用来提示用户登录出错
           session.setAttribute("loginFailed", new Boolean(true));
           hres.sendRedirect(signOnPage);
         }

         return;
       }

       if(targetURL.equals(signOnPage)){
         filterChain.doFilter(request, response);
         return;
       }

       HttpSession session = hreq.getSession();
       Boolean logined = (Boolean) session.getAttribute("logined");
       //用户是否已经登录
       if(logined!=null){
         if(logined.booleanValue() == true){
           //继续处理用户的请求
           filterChain.doFilter(request, response);
           return;
         }
       }

      //程序如果运行到这里则表示需要进行登录
       hres.sendRedirect(signOnPage);
     }
     catch(ServletException sx) {
       filterConfig.getServletContext().log(sx.getMessage());
     }
     catch(IOException iox) {
       filterConfig.getServletContext().log(iox.getMessage());
     }
  }
  //Clean up resources
  public void destroy() {
  }
}