Java web----Filter之粗粒度权限控制
来源:互联网 发布:动漫小说下载软件 编辑:程序博客网 时间:2024/05/16 04:39
1 说明
我们给出三个页面:index.jsp、user.jsp、admin.jsp。
- index.jsp:谁都可以访问,没有限制;
- user.jsp:只有登录用户才能访问;
- admin.jsp:只有管理员才能访问。
设计User类:username、password、grade,其中grade表示用户等级,1表示普通用户,2表示管理员用户。
当用户登录成功后,把user保存到session中。
创建LoginFilter,它有两种过滤方式:
- 如果访问的是user.jsp,查看session中是否存在user;
- 如果访问的是admin.jsp,查看session中是否存在user,并且user的grade等于2。
<?xml version="1.0" encoding="UTF-8"?><web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"><servlet><servlet-name>LoginServlet</servlet-name><servlet-class>com.cug.web.servlet.LoginServlet</servlet-class></servlet><servlet-mapping><servlet-name>LoginServlet</servlet-name><url-pattern>/LoginServlet</url-pattern></servlet-mapping><welcome-file-list> <welcome-file>index.jsp</welcome-file></welcome-file-list><filter><filter-name>UserFilter</filter-name><filter-class>com.cug.filter.UserFilter</filter-class></filter><filter-mapping><filter-name>UserFilter</filter-name><url-pattern>/user/*</url-pattern></filter-mapping><filter><filter-name>AdminFilter</filter-name><filter-class>com.cug.filter.AdminFilter</filter-class></filter><filter-mapping><filter-name>AdminFilter</filter-name><url-pattern>/admin/*</url-pattern></filter-mapping></web-app>
package com.cug.web.servlet;import java.io.IOException;import javax.servlet.ServletException;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import com.cug.domain.User;import com.cug.web.service.UserService;public class LoginServlet extends HttpServlet{@Overrideprotected void doPost(HttpServletRequest req, HttpServletResponse resp)throws ServletException, IOException {req.setCharacterEncoding("utf-8");resp.setContentType("text/html;charset=utf-8");String username = req.getParameter("username");String password = req.getParameter("password");User user = UserService.login(username, password);if(user == null){req.setAttribute("msg", "用户名或者密码错误");req.getRequestDispatcher("/login.jsp").forward(req, resp);} else{req.getSession().setAttribute("user", user);req.getRequestDispatcher("index.jsp").forward(req,resp);}}}package com.cug.web.service;import java.util.HashMap;import java.util.Map;import com.cug.domain.User;public class UserService {private static Map<String, User> users = new HashMap<String, User>();static{users.put("zhu", new User("zhu", "123", 2));users.put("xiao", new User("xiao", "123", 1));}public static User login(String username, String password){User user = users.get(username);if(user == null)return null;if(!user.getPassword().equals(password))return null;return user;}}package com.cug.filter;import java.io.IOException;import javax.servlet.Filter;import javax.servlet.FilterChain;import javax.servlet.FilterConfig;import javax.servlet.ServletException;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import javax.servlet.http.HttpServletRequest;import com.cug.domain.User;public class AdminFilter implements Filter{@Overridepublic void destroy() {}@Overridepublic void doFilter(ServletRequest req, ServletResponse resp,FilterChain chain) throws IOException, ServletException {req.setCharacterEncoding("utf-8");resp.setContentType("text/html;charset=utf-8");HttpServletRequest request = (HttpServletRequest)req;User user = (User)request.getSession().getAttribute("user");if(user == null){resp.getWriter().print("用户还没有登陆");request.getRequestDispatcher("/login.jsp").forward(req, resp);}if(user.getGrade() < 2){resp.getWriter().print("您的等级不够");return;}chain.doFilter(req, resp);}@Overridepublic void init(FilterConfig arg0) throws ServletException {}}package com.cug.filter;import java.io.IOException;import javax.servlet.Filter;import javax.servlet.FilterChain;import javax.servlet.FilterConfig;import javax.servlet.ServletException;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import javax.servlet.http.HttpServletRequest;import com.cug.domain.User;public class UserFilter implements Filter{@Overridepublic void destroy() {}@Overridepublic void doFilter(ServletRequest request, ServletResponse response,FilterChain chain) throws IOException, ServletException {request.setCharacterEncoding("utf-8");response.setContentType("text/html;charset=utf-8");HttpServletRequest httpReq = (HttpServletRequest)request;User user = (User)httpReq.getSession().getAttribute("user");if(user == null){request.getRequestDispatcher("/login.jsp").forward(request, response);}chain.doFilter(request, response);}@Overridepublic void init(FilterConfig filterConfig) throws ServletException {}}package com.cug.domain;public class User {private String username;private String password;private int grade;public User() {super();}public User(String username, String password, int grade) {super();this.username = username;this.password = password;this.grade = grade;}public String getUsername() {return username;}public void setUsername(String username) {this.username = username;}public String getPassword() {return password;}public void setPassword(String password) {this.password = password;}public int getGrade() {return grade;}public void setGrade(int grade) {this.grade = grade;}@Overridepublic String toString() {return "User [username=" + username + ", password=" + password+ ", grade=" + grade + "]";}}<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%><%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%><%String path = request.getContextPath();String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";%><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html> <head> <base href="<%=basePath%>"> <title>My JSP 'admin.jsp' starting page</title> <meta http-equiv="pragma" content="no-cache"><meta http-equiv="cache-control" content="no-cache"><meta http-equiv="expires" content="0"> <meta http-equiv="keywords" content="keyword1,keyword2,keyword3"><meta http-equiv="description" content="This is my page"><!--<link rel="stylesheet" type="text/css" href="styles.css">--> </head> <body> <h1>admin.jsp</h1> <h3>${user.username }</h3> <a href="<c:url value='/index.jsp'/>">首页</a><br/> <a href="<c:url value='/user/user.jsp'/>">用户页</a><br/> <a href="<c:url value='/admin/admin.jsp'/>">系统管理员</a><br/> </body></html><%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%><%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %><%String path = request.getContextPath();String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";%><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html> <head> <base href="<%=basePath%>"> <title>My JSP 'user.jsp' starting page</title> <meta http-equiv="pragma" content="no-cache"><meta http-equiv="cache-control" content="no-cache"><meta http-equiv="expires" content="0"> <meta http-equiv="keywords" content="keyword1,keyword2,keyword3"><meta http-equiv="description" content="This is my page"><!--<link rel="stylesheet" type="text/css" href="styles.css">--> </head> <body> <h1>user.jsp</h1> <h3>${user.username }</h3> <a href="<c:url value='/index.jsp'/>">首页</a><br> <a href="<c:url value='/user/user.jsp'/>">用户登陆界面</a><br> <a href="<c:url value='/admin/admin.jsp'/>">管理员登陆界面</a><br> </body></html><%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%><%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%><%String path = request.getContextPath();String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";%><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html> <head> <base href="<%=basePath%>"> <title>My JSP 'login.jsp' starting page</title> <meta http-equiv="pragma" content="no-cache"><meta http-equiv="cache-control" content="no-cache"><meta http-equiv="expires" content="0"> <meta http-equiv="keywords" content="keyword1,keyword2,keyword3"><meta http-equiv="description" content="This is my page"><!--<link rel="stylesheet" type="text/css" href="styles.css">--> </head> <body> ${msg } <form action="<c:url value='/LoginServlet'/>" method="post"> 用户名:<input type="text" name="username"/><br/> 密码:<input type="password" name="password"/><br/> <input type="submit" value="登陆"/> </form> </body></html><%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%><%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%><%String path = request.getContextPath();String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";%><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html> <head> <base href="<%=basePath%>"> <title>My JSP 'index.jsp' starting page</title><meta http-equiv="pragma" content="no-cache"><meta http-equiv="cache-control" content="no-cache"><meta http-equiv="expires" content="0"> <meta http-equiv="keywords" content="keyword1,keyword2,keyword3"><meta http-equiv="description" content="This is my page"><!--<link rel="stylesheet" type="text/css" href="styles.css">--> </head> <body> <h1>index.jsp</h1> <h3>${user.username }</h3> <a href="<c:url value='/index.jsp'/>">首页</a><br> <a href="<c:url value='/user/user.jsp'/>">用户登陆界面</a><br> <a href="<c:url value='/admin/admin.jsp'/>">管理员登陆界面</a><br> </body></html> 0 0
- Java web----Filter之粗粒度权限控制
- 权限控制之粗粒度与细粒度
- 003——filter粗粒度权限控制
- web day21 web过滤器Filter,应用案例统计IP,解决全站乱码,粗粒度权限控制,页面静态化
- 过滤器案例-------粗粒度权限控制
- shiro权限控制之粗细粒度的区别(转)
- SQL 2005 权限控制粒度
- java web 之filter
- Java Web之Filter
- 系统设计之粒度控制
- 系统设计之粒度控制
- java之权限控制
- solr权限控制之web界面和Java相关操作
- Java Web应用权限控制
- Filter来控制权限
- 1.权限控制:Filter
- filter实现权限控制
- Filter实现权限控制
- 微信公众平台开发—access_token的获取存储与更新(Python开发)
- XMVector3Cross
- HDU 2012 --- 素数判定
- 网络基本功(九):细说TCP重传
- 由交换机说起网络设备
- Java web----Filter之粗粒度权限控制
- 单链表是否相交(Java版)
- 网络基本功(十):细说TCP确认机制
- 读<iOS开发进阶>有感
- Hashtable和HashMap和Map和List和Set的区别?
- HDU 2013 -- 蟠桃记
- 网络基本功(十一):TCP窗口调整与流控
- log4j.properties配置详解
- Intel CPU 概览——从8086到四代酷睿i7
