一:实现思路

(1)将request强转成HttpServletRequest,这样才有getRequestURI()方法

(2)获取资源访问路径

(3)判断uri中是否有登录选项,要注意排除掉css/js/图片/验证码等资源

(4)如果包含登录选项,直接放行,如果不包含,则需要验证用户是否登录

(5)从session中获取user,登录了就放行,没有登录就转发到登录页面

二:代码实现

@WebFilter("/*")
public class LoginFilter implements Filter {
    public void destroy() {
    }

    public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException {
       //先强转成HttpServletRequest,这样才有getRequestURI()方法
        HttpServletRequest request = (HttpServletRequest) req;
        //获取资源访问路径
        String uri = request.getRequestURI();
        System.out.println(uri);
        //判断uri中是否有登录选项
        if(uri.contains("login_v2.jsp")||uri.contains("/login")||uri.contains("/css/")|| uri.contains("/js/")|| uri.contains("/fonts/")||uri.contains("/code")){
            //直接放行
            chain.doFilter(req, resp);
        }else {
            //判断session中是否有user
            //有,直接放行
            Object user = request.getSession().getAttribute("user");
                if(user!=null){
                    chain.doFilter(req, resp);
                }else {
                    //没有,提醒去登录,并请求转发到登录页面
                    request.setAttribute("login-msg","您尚未登录,请登录");
                    request.getRequestDispatcher("/login_v2.jsp").forward(request,resp);
                }


        }

    }

    public void init(FilterConfig config) throws ServletException {

    }

}