javaweb设计中filter粗粒度权限控制代码示例
1说明
我们给出三个页面:index.jsp、user.jsp、admin.jsp。
index.jsp:谁都可以访问,没有限制;
user.jsp:只有登录用户才能访问;
admin.jsp:只有管理员才能访问。
2分析
设计User类:username、password、grade,其中grade表示用户等级,1表示普通用户,2表示管理员用户。
当用户登录成功后,把user保存到session中。
创建LoginFilter,它有两种过滤方式:
如果访问的是user.jsp,查看session中是否存在user;
如果访问的是admin.jsp,查看session中是否存在user,并且user的grade等于2。
3代码
LoginServlet com.cug.web.servlet.LoginServlet LoginServlet /LoginServlet index.jsp UserFilter com.cug.filter.UserFilter UserFilter /user/* AdminFilter com.cug.filter.AdminFilter AdminFilter /admin/*
LoginServlet.java
packagecom.cug.web.servlet; importjava.io.IOException; importjavax.servlet.ServletException; importjavax.servlet.http.HttpServlet; importjavax.servlet.http.HttpServletRequest; importjavax.servlet.http.HttpServletResponse; importcom.cug.domain.User; importcom.cug.web.service.UserService; publicclassLoginServletextendsHttpServlet{ @Override protectedvoiddoPost(HttpServletRequestreq,HttpServletResponseresp) throwsServletException,IOException{ req.setCharacterEncoding("utf-8"); resp.setContentType("text/html;charset=utf-8"); Stringusername=req.getParameter("username"); Stringpassword=req.getParameter("password"); Useruser=UserService.login(username,password); if(user==null){ req.setAttribute("msg","用户名或者密码错误"); req.getRequestDispatcher("/login.jsp").forward(req,resp); }else{ req.getSession().setAttribute("user",user); req.getRequestDispatcher("index.jsp").forward(req,resp); } } }
UserService
packagecom.cug.web.service; importjava.util.HashMap; importjava.util.Map; importcom.cug.domain.User; publicclassUserService{ privatestaticMapusers=newHashMap (); static{ users.put("zhu",newUser("zhu","123",2)); users.put("xiao",newUser("xiao","123",1)); } publicstaticUserlogin(Stringusername,Stringpassword){ Useruser=users.get(username); if(user==null) returnnull; if(!user.getPassword().equals(password)) returnnull; returnuser; } }
AdminFilter
packagecom.cug.filter; importjava.io.IOException; importjavax.servlet.Filter; importjavax.servlet.FilterChain; importjavax.servlet.FilterConfig; importjavax.servlet.ServletException; importjavax.servlet.ServletRequest; importjavax.servlet.ServletResponse; importjavax.servlet.http.HttpServletRequest; importcom.cug.domain.User; publicclassAdminFilterimplementsFilter{ @Override publicvoiddestroy(){ } @Override publicvoiddoFilter(ServletRequestreq,ServletResponseresp, FilterChainchain)throwsIOException,ServletException{ req.setCharacterEncoding("utf-8"); resp.setContentType("text/html;charset=utf-8"); HttpServletRequestrequest=(HttpServletRequest)req; Useruser=(User)request.getSession().getAttribute("user"); if(user==null){ resp.getWriter().print("用户还没有登陆"); request.getRequestDispatcher("/login.jsp").forward(req,resp); } if(user.getGrade()<2){ resp.getWriter().print("您的等级不够"); return; } chain.doFilter(req,resp); } @Override publicvoidinit(FilterConfigarg0)throwsServletException{ } }
UserFilter
packagecom.cug.filter; importjava.io.IOException; importjavax.servlet.Filter; importjavax.servlet.FilterChain; importjavax.servlet.FilterConfig; importjavax.servlet.ServletException; importjavax.servlet.ServletRequest; importjavax.servlet.ServletResponse; importjavax.servlet.http.HttpServletRequest; importcom.cug.domain.User; publicclassUserFilterimplementsFilter{ @Override publicvoiddestroy(){ } @Override publicvoiddoFilter(ServletRequestrequest,ServletResponseresponse, FilterChainchain)throwsIOException,ServletException{ request.setCharacterEncoding("utf-8"); response.setContentType("text/html;charset=utf-8"); HttpServletRequesthttpReq=(HttpServletRequest)request; Useruser=(User)httpReq.getSession().getAttribute("user"); if(user==null){ request.getRequestDispatcher("/login.jsp").forward(request,response); } chain.doFilter(request,response); } @Override publicvoidinit(FilterConfigfilterConfig)throwsServletException{ } }
User
packagecom.cug.domain; publicclassUser{ privateStringusername; privateStringpassword; privateintgrade; publicUser(){ super(); } publicUser(Stringusername,Stringpassword,intgrade){ super(); this.username=username; this.password=password; this.grade=grade; } publicStringgetUsername(){ returnusername; } publicvoidsetUsername(Stringusername){ this.username=username; } publicStringgetPassword(){ returnpassword; } publicvoidsetPassword(Stringpassword){ this.password=password; } publicintgetGrade(){ returngrade; } publicvoidsetGrade(intgrade){ this.grade=grade; } @Override publicStringtoString(){ return"User[username="+username+",password="+password +",grade="+grade+"]"; } }
html
<%@pagelanguage="java"import="java.util.*"pageEncoding="UTF-8"%> <%@taglibprefix="c"uri="http://java.sun.com/jsp/jstl/core"%> <% Stringpath=request.getContextPath(); StringbasePath=request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/"; %>"rel="externalnofollow"rel="externalnofollow"rel="externalnofollow"rel="externalnofollow"> MyJSP'admin.jsp'startingpage admin.jsp
${user.username}
"rel="externalnofollow"rel="externalnofollow"rel="externalnofollow">首页
"rel="externalnofollow"rel="externalnofollow"rel="externalnofollow">用户页
"rel="externalnofollow"rel="externalnofollow"rel="externalnofollow">系统管理员
<%@pagelanguage="java"import="java.util.*"pageEncoding="UTF-8"%> <%@taglibprefix="c"uri="http://java.sun.com/jsp/jstl/core"%> <% Stringpath=request.getContextPath(); StringbasePath=request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/"; %>"rel="externalnofollow"rel="externalnofollow"rel="externalnofollow"rel="externalnofollow"> MyJSP'user.jsp'startingpage user.jsp
${user.username}
"rel="externalnofollow"rel="externalnofollow"rel="externalnofollow">首页
"rel="externalnofollow"rel="externalnofollow"rel="externalnofollow">用户登陆界面
"rel="externalnofollow"rel="externalnofollow"rel="externalnofollow">管理员登陆界面
用户登录
<%@pagelanguage="java"import="java.util.*"pageEncoding="UTF-8"%> <%@taglibprefix="c"uri="http://java.sun.com/jsp/jstl/core"%> <% Stringpath=request.getContextPath(); StringbasePath=request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/"; %>"rel="externalnofollow"rel="externalnofollow"rel="externalnofollow"rel="externalnofollow"> MyJSP'login.jsp'startingpage ${msg} "method="post"> 用户名:
密码:
<%@pagelanguage="java"import="java.util.*"pageEncoding="UTF-8"%> <%@taglibprefix="c"uri="http://java.sun.com/jsp/jstl/core"%> <% Stringpath=request.getContextPath(); StringbasePath=request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/"; %>"rel="externalnofollow"rel="externalnofollow"rel="externalnofollow"rel="externalnofollow"> MyJSP'index.jsp'startingpage index.jsp
${user.username}
"rel="externalnofollow"rel="externalnofollow"rel="externalnofollow">首页
"rel="externalnofollow"rel="externalnofollow"rel="externalnofollow">用户登陆界面
"rel="externalnofollow"rel="externalnofollow"rel="externalnofollow">管理员登陆界面
总结
以上就是本文关于javaweb设计中filter粗粒度权限控制代码示例的全部内容,感兴趣的朋友可以继续参阅:JavaWeb项目中dll文件动态加载方法解析(详细步骤)、Javaweb使用cors完成跨域ajax数据交互、Javaweb项目session超时解决方案等。
希望对大家有所帮助,如有不足之处,欢迎留言指正。感谢大家对本站的支持!