froop/LoginFilter.java

## LoginFilter.java
@WebFilter(urlPatterns = { "/*" })
public class LoginFilter implements Filter {
  private static final String URL_LOGIN = "/login/";
  private static final String[] URL_EXCLUDES = {URL_LOGIN, "/common/"};
  private static final String ATTR_LOGIN = "login";
  private static final String ATTR_ORIGIN_URL = "originUrl";

  @Override
  public void doFilter(ServletRequest request, ServletResponse response,
      FilterChain chain) throws IOException, ServletException {

    HttpServletRequest httpReq = (HttpServletRequest) request;
    HttpServletResponse httpRes = (HttpServletResponse) response;

    if (!isExcludeUrl(httpReq)) {
      HttpSession session = httpReq.getSession();

      if (session == null || session.getAttribute(ATTR_LOGIN) == null) {
        session = httpReq.getSession(true);

        String originUrl = buildOriginUrl(httpReq);
        session.setAttribute(ATTR_ORIGIN_URL, originUrl);

        httpRes.sendRedirect(httpReq.getContextPath() + URL_LOGIN);
        return;
      }
    }

    chain.doFilter(request, response);
  }

  /**
   * リダイレクト対象外のURLがチェック.
   * @return 対象外ならtrue
   */
  private boolean isExcludeUrl(HttpServletRequest request) {
    String target = request.getRequestURI();
    String contextPath = request.getContextPath();
    for (String exclude : URL_EXCLUDES) {
      if (target.startsWith(contextPath + exclude)) {
        return true;
      }
    }
    return false;
  }

  /**
   * 遷移元URLを組み立て.
   */
  private String buildOriginUrl(HttpServletRequest request) {
    String originUrl = request.getRequestURI();

    if ("GET".equalsIgnoreCase(request.getMethod())) {
      Map<String, String[]> paramMap = request.getParameterMap();

      List<String> params = new ArrayList<String>();
      for (Map.Entry<String, String[]> param : paramMap.entrySet()) {
        String key = param.getKey();
        String[] values = param.getValue();

        for (String value : values) {
          params.add(key + "=" + encodeUrl(value));
        }
      }

      if (params.size() > 0) {
        originUrl += "?" + StringUtils.join(params, "&");
      }
    }

    return originUrl;
  }

  private static String encodeUrl(String text) {
    if (text == null) {
      return null;
    }
    try {
      return URLEncoder.encode(text, "Windows-31J");
    } catch (UnsupportedEncodingException e) {
      throw new RuntimeException(e);
    }
  }

  @Override
  public void destroy() {
  }

  @Override
  public void init(FilterConfig arg0) throws ServletException {
  }
}

## LoginServlet.java
public class LoginServlet extends HttpServlet {

  @Override
  protected void doGet(HttpServletRequest request,
      HttpServletResponse response) throws ServletException, IOException {
    forward(request, response, "login.jsp");
  }

  @Override
  protected void doPost(HttpServletRequest request,
      HttpServletResponse response) throws ServletException, IOException {

    String id = request.getParameter("id");
    String pass = request.getParameter("pass");

    LoginModel model = new LoginModel(new LoginDaoImpl());
    try {
      // ログイン実施
      LoginUser user = model.login(id, pass);

      // リダイレクト先を取得
      String redirectUrl = "";
      HttpSession oldSession = request.getSession();
      if (oldSession != null) {
        redirectUrl = (String) oldSession.getAttribute("originUrl");
      }
      if (StringUtils.isBlank(redirectUrl)) {
        redirectUrl = request.getContextPath() + "/";
      }

      // 新しいセッションを開始し、ログイン情報を保存
      clearSession(request);
      HttpSession newSession = request.getSession(true);
      newSession.setAttribute("login", user);

      // 本来のURLへリダイレクト
      response.sendRedirect(redirectUrl);
      return;

    } catch (LoginException e) {
      request.setAttribute("error", e.getMessage());
      forward(request, response, "login.jsp");
    }
  }

  private void forward(HttpServletRequest request,
      HttpServletResponse response, String path)
      throws ServletException, IOException {
    ServletContext sc = getServletContext();
    RequestDispatcher rd = sc.getRequestDispatcher(path);
    rd.forward(request, response);
  }

  private void clearSession(HttpServletRequest request) {
    HttpSession session = request.getSession();
    if (session != null) {
//      session.invalidate();
      Enumeration<String> names = session.getAttributeNames();
      while (names.hasMoreElements()) {
        String name = names.nextElement();
        session.removeAttribute(name);
      }
    }
  }
}
	@WebFilter(urlPatterns = { "/*" })
	public class LoginFilter implements Filter {
	private static final String URL_LOGIN = "/login/";
	private static final String[] URL_EXCLUDES = {URL_LOGIN, "/common/"};
	private static final String ATTR_LOGIN = "login";
	private static final String ATTR_ORIGIN_URL = "originUrl";

	@Override
	public void doFilter(ServletRequest request, ServletResponse response,
	FilterChain chain) throws IOException, ServletException {

	HttpServletRequest httpReq = (HttpServletRequest) request;
	HttpServletResponse httpRes = (HttpServletResponse) response;

	if (!isExcludeUrl(httpReq)) {
	HttpSession session = httpReq.getSession();

	if (session == null \|\| session.getAttribute(ATTR_LOGIN) == null) {
	session = httpReq.getSession(true);

	String originUrl = buildOriginUrl(httpReq);
	session.setAttribute(ATTR_ORIGIN_URL, originUrl);

	httpRes.sendRedirect(httpReq.getContextPath() + URL_LOGIN);
	return;
	}
	}

	chain.doFilter(request, response);
	}

	/**
	* リダイレクト対象外のURLがチェック.
	* @return 対象外ならtrue
	*/
	private boolean isExcludeUrl(HttpServletRequest request) {
	String target = request.getRequestURI();
	String contextPath = request.getContextPath();
	for (String exclude : URL_EXCLUDES) {
	if (target.startsWith(contextPath + exclude)) {
	return true;
	}
	}
	return false;
	}

	/**
	* 遷移元URLを組み立て.
	*/
	private String buildOriginUrl(HttpServletRequest request) {
	String originUrl = request.getRequestURI();

	if ("GET".equalsIgnoreCase(request.getMethod())) {
	Map<String, String[]> paramMap = request.getParameterMap();

	List<String> params = new ArrayList<String>();
	for (Map.Entry<String, String[]> param : paramMap.entrySet()) {
	String key = param.getKey();
	String[] values = param.getValue();

	for (String value : values) {
	params.add(key + "=" + encodeUrl(value));
	}
	}

	if (params.size() > 0) {
	originUrl += "?" + StringUtils.join(params, "&");
	}
	}

	return originUrl;
	}

	private static String encodeUrl(String text) {
	if (text == null) {
	return null;
	}
	try {
	return URLEncoder.encode(text, "Windows-31J");
	} catch (UnsupportedEncodingException e) {
	throw new RuntimeException(e);
	}
	}

	@Override
	public void destroy() {
	}

	@Override
	public void init(FilterConfig arg0) throws ServletException {
	}
	}
	public class LoginServlet extends HttpServlet {

	@Override
	protected void doGet(HttpServletRequest request,
	HttpServletResponse response) throws ServletException, IOException {
	forward(request, response, "login.jsp");
	}

	@Override
	protected void doPost(HttpServletRequest request,
	HttpServletResponse response) throws ServletException, IOException {

	String id = request.getParameter("id");
	String pass = request.getParameter("pass");

	LoginModel model = new LoginModel(new LoginDaoImpl());
	try {
	// ログイン実施
	LoginUser user = model.login(id, pass);

	// リダイレクト先を取得
	String redirectUrl = "";
	HttpSession oldSession = request.getSession();
	if (oldSession != null) {
	redirectUrl = (String) oldSession.getAttribute("originUrl");
	}
	if (StringUtils.isBlank(redirectUrl)) {
	redirectUrl = request.getContextPath() + "/";
	}

	// 新しいセッションを開始し、ログイン情報を保存
	clearSession(request);
	HttpSession newSession = request.getSession(true);
	newSession.setAttribute("login", user);

	// 本来のURLへリダイレクト
	response.sendRedirect(redirectUrl);
	return;

	} catch (LoginException e) {
	request.setAttribute("error", e.getMessage());
	forward(request, response, "login.jsp");
	}
	}

	private void forward(HttpServletRequest request,
	HttpServletResponse response, String path)
	throws ServletException, IOException {
	ServletContext sc = getServletContext();
	RequestDispatcher rd = sc.getRequestDispatcher(path);
	rd.forward(request, response);
	}

	private void clearSession(HttpServletRequest request) {
	HttpSession session = request.getSession();
	if (session != null) {
	// session.invalidate();
	Enumeration<String> names = session.getAttributeNames();
	while (names.hasMoreElements()) {
	String name = names.nextElement();
	session.removeAttribute(name);
	}
	}
	}
	}