使用HttpSession和过滤器实现一个简单的用户登录认证的功能

这篇文章分享一下怎么通过session结合过滤器来实现控制登录访问的功能，涉及的代码非常简单，通过session保存用户登录的信息，如果没有用户登录的话，会在过滤器中处理，重定向回登录页面。

创建一个springboot项目，添加springbooot-starter-web和lombok的依赖。创建对应的实体类、controller、service，并创建两个简单的html页面测试过滤器的效果。

一、登录功能实现

controller

package cn.edu.sgu.www.login.controller;import cn.edu.sgu.www.login.entity.User;
import cn.edu.sgu.www.login.service.UserService;
import cn.edu.sgu.www.login.util.UserUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;import java.io.IOException;/*** @author heyunlin* @version 1.0*/
@RestController
@RequestMapping(path = "/user", produces = "application/json;charset=utf-8")
public class UserController {private final UserService userService;@Autowiredpublic UserController(UserService userService) {this.userService = userService;}@RequestMapping(value = "/login", method = RequestMethod.POST)public void login(User user) throws IOException {userService.login(user);UserUtils.getResponse().sendRedirect("/index.html");}}

service

UserService

package cn.edu.sgu.www.login.service;import cn.edu.sgu.www.login.entity.User;/*** @author heyunlin* @version 1.0*/
public interface UserService {/*** 登录认证* @param user 用户输入的信息*/void login(User user);
}

UserServiceImpl

package cn.edu.sgu.www.login.service.impl;import cn.edu.sgu.www.login.entity.User;
import cn.edu.sgu.www.login.service.UserService;
import cn.edu.sgu.www.login.util.UserUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;/*** @author heyunlin* @version 1.0*/
@Service
public class UserServiceImpl implements UserService {private final UserUtils userUtils;@Autowiredpublic UserServiceImpl(UserUtils userUtils) {this.userUtils = userUtils;}@Overridepublic void login(User user) {String username = user.getUsername();String password = user.getPassword();if (username == null || "".equals(username)) {throw new RuntimeException("用户名不能为空~");} else if (password == null || "".equals(password)) {throw new RuntimeException("密码不能为空~");} else {if (username.equals("admin") && password.equals("12345")) {userUtils.getSession().setAttribute("user", user);} else {throw new RuntimeException("用户名或密码错误！");}}}}

二、过滤器实现资源访问控制

LoginFilter

package cn.edu.sgu.www.login.filter;import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;/*** 登录过滤器* @author heyunlin* @version 1.0*/
@WebFilter(filterName = "loginFilter", urlPatterns = {"/", "/html/*", "/index.html"})
public class LoginFilter implements Filter {@Overridepublic void doFilter(ServletRequest req, ServletResponse resp, FilterChain filterChain) throws IOException, ServletException {HttpServletRequest request = (HttpServletRequest) req;HttpSession session = request.getSession();// 获取登录信息Object obj = session.getAttribute("user");if (obj == null) { // 未登录，重定向到登录页/** 登录页面的地址*/String loginPage = "/login.html";// 获取响应对象HttpServletResponse response = (HttpServletResponse) resp;response.sendRedirect(loginPage);} else { // 当前有用户登录，放行filterChain.doFilter(req, resp);}}}

在任意配置类上使用@ServletComponentScan("cn.edu.sgu.www.login.filter")开启servlet的组件扫描~

package cn.edu.sgu.www.login;import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.web.servlet.ServletComponentScan;@ServletComponentScan("cn.edu.sgu.www.login.filter")
@SpringBootApplication
public class FilterLoginApplication {public static void main(String[] args) {SpringApplication.run(FilterLoginApplication.class, args);}}

文章设计的代码已上传到git仓库，可按需获取~

使用过滤器实现一个最简单的登录认证功能https://gitee.com/he-yunlin/filter-login.git