JavaWEB采用Filter的权限管理
来源:互联网 发布:mac散热不好烫手 编辑:程序博客网 时间:2024/06/05 15:01
1.权限查看及管理界面代码:
<body>
<h3>权限查看及管理</h3>
<form action="AuthorityServlet?method=getAuthorities" method="post">
<input type="text" placeholder="请输入用户名" name="username">
<input type="submit" value="确定">
</form>
<br><br>
<c:if test="${param.username !=null}">
${param.username}的权限是:
<form action="AuthorityServlet?method=update" method="post">
<input type="hidden" value="${param.username}" name="username"><br>
<c:forEach items="${authorities}" var="auth">
<c:set var="flag" value="false"></c:set>
<c:forEach items="${user.authorities}" var="ua">
<c:if test="${ua.url==auth.url}">
<c:set var="flag" value="true"></c:set>
</c:if>
</c:forEach>
<c:if test="${flag==true}">
<input type="checkbox" name="authority" value="${auth.url }" checked="checked">${auth.displayName}<br><br>
</c:if>
<c:if test="${flag==false}">
<input type="checkbox" name="authority" value="${auth.url }">${auth.displayName}<br><br>
</c:if>
</c:forEach>
<input type="submit" value="Update">
</form>
</c:if>
</body>
2.用户的pojo--User.java:
public class User {
private String username;
private List<Authority> authorities;
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public List<Authority> getAuthorities() {
return authorities;
}
public void setAuthorities(List<Authority> authorities) {
this.authorities = authorities;
}
public User(String username, List<Authority> authorities) {
super();
this.username = username;
this.authorities = authorities;
}
public User() {
}
}
3.权限的pojo--Authority .java:
public class Authority {
//显示到页面上的权限的名字
private String displayName;
//权限对应的URL地址
private String url;
public String getDisplayName() {
return displayName;
}
public void setDisplayName(String displayName) {
this.displayName = displayName;
}
public String getUrl() {
return url;
}
public void setUrl(String url) {
this.url = url;
}
public Authority(String displayName, String url) {
super();
this.displayName = displayName;
this.url = url;
}
public Authority() {
}
@Override
public int hashCode() {
final int prime = 31;
int result = 1;
result = prime * result + ((url == null) ? 0 : url.hashCode());
return result;
}
@Override
public boolean equals(Object obj) {
if (this == obj)
return true;
if (obj == null)
return false;
if (getClass() != obj.getClass())
return false;
Authority other = (Authority) obj;
if (url == null) {
if (other.url != null)
return false;
} else if (!url.equals(other.url))
return false;
return true;
}
}
4.UserDao.java:
public class UserDao {
private static Map<String,User> users;
private static List<Authority> authorities=null;
static{
authorities = new ArrayList<Authority>();
authorities.add(new Authority("权限1","/qx1.jsp"));
authorities.add(new Authority("权限2","/qx2.jsp"));
authorities.add(new Authority("权限3","/qx3.jsp"));
authorities.add(new Authority("权限4","/qx4.jsp"));
//为用户设置默认权限
users = new HashMap<String, User>();
User user1 = new User("AAA",authorities.subList(0, 2));
users.put("AAA", user1);
user1 = new User("BBB",authorities.subList(2, 4));
users.put("BBB", user1);
}
public User get(String username){
return users.get(username);
}
public void update(String username,List<Authority> authorities){
users.get(username).setAuthorities(authorities);
}
public List<Authority> getAuthorities() {
return authorities;
}
public List<Authority> getAuthorities(String[] urls) {
List<Authority> authorities2 = new ArrayList<Authority>();
for(Authority authority:authorities){
if(urls!=null){
for(String url:urls){
if(url.equals(authority.getUrl())){
authorities2.add(authority);
}
}
}
}
return authorities2;
}
}
5.查看及修改权限的Servlet--AuthorityServlet.java:
public class AuthorityServlet extends HttpServlet{
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
doPost(req, resp);
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
String methodName = req.getParameter("method");
try {
Method method = getClass().getDeclaredMethod(methodName, HttpServletRequest.class,HttpServletResponse.class);
method.invoke(this, req,resp);
} catch (Exception e) {
e.printStackTrace();
}
}
private UserDao userDao = new UserDao();
//查看权限
public void getAuthorities(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
//trim()去空格
String username = req.getParameter("username").trim();
User user = userDao.get(username);
req.setAttribute("user", user);
req.setAttribute("authorities", userDao.getAuthorities());
req.getRequestDispatcher("index.jsp").forward(req, resp);
}
//修改权限
public void update(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
String username = req.getParameter("username").trim();
String [] authorities = req.getParameterValues("authority");
List<Authority> authorityList = userDao.getAuthorities(authorities);
userDao.update(username, authorityList);
resp.sendRedirect("index.jsp");
}
}
实现效果图:
用户登录界面login.jsp:
<body>
<form action="LoginServlet?method=login" method="post">
<input type="text" placeholder="请输入用户名" name="name">
<input type="submit" value="确定">
</form>
</body>
LoginServlet.java:
public class LoginServlet extends HttpServlet{
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
doPost(req, resp);
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
String methodName = req.getParameter("method");
try {
Method method = getClass().getDeclaredMethod(methodName, HttpServletRequest.class,HttpServletResponse.class);
method.invoke(this, req,resp);
} catch (Exception e) {
e.printStackTrace();
}
}
private UserDao userDao = new UserDao();
public void login(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
String name = req.getParameter("name").trim();
User user = userDao.get(name);
req.getSession().setAttribute("user", user);
resp.sendRedirect("list.jsp");
}
//退出
public void logout(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
req.getSession().invalidate();
resp.sendRedirect("login.jsp");
}
}
拦截器AuthorityFilter.java:
public class AuthorityFilter extends HttpFilter{
@Override
public void doFilter(HttpServletRequest request,
HttpServletResponse response, FilterChain filterChain)
throws IOException, ServletException {
String servletPath = request.getServletPath();
//不需要被拦截的url列表
List<String> uncheckedUrls = Arrays.asList("/list.jsp","/exit.jsp","/index.jsp","/login.jsp");
if(uncheckedUrls.contains(servletPath)){
filterChain.doFilter(request, response);
return;
}
//在用户已登录的情况下获取用户信息
User user = (User) request.getSession().getAttribute("user");
if(user == null){
response.sendRedirect("login.jsp");
return;
}
//获取用户所具有的权限
List<Authority> authorities = user.getAuthorities();
//检验用户是否有权限
Authority authority = new Authority(null, servletPath);
//若有则放行
if(authorities.contains(authority)){
filterChain.doFilter(request, response);
return;
}
//若没有则重定向到exit.jsp
response.sendRedirect("exit.jsp");
return;
}
}
其中的继承的 HttpFilter.java:
public abstract class HttpFilter implements Filter{
public void destroy() {
}
public void doFilter(ServletRequest req, ServletResponse resp,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) resp;
doFilter(request, response, chain);
}
public abstract void doFilter(HttpServletRequest request,HttpServletResponse response,
FilterChain filterChain)throws IOException, ServletException;
private FilterConfig filterConfig;
public void init(FilterConfig filterConfig) throws ServletException {
this.filterConfig = filterConfig;
init();
}
private void init() {
}
public FilterConfig getFilterConfig() {
return filterConfig;
}
}
配置文件web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<filter>
<filter-name>AuthorityFilter</filter-name>
<filter-class>com.dzl.filter.AuthorityFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AuthorityFilter</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>AuthorityServlet</servlet-name>
<servlet-class>com.dzl.servlet.AuthorityServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>AuthorityServlet</servlet-name>
<url-pattern>/AuthorityServlet</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>LoginServlet</servlet-name>
<servlet-class>com.dzl.servlet.LoginServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>LoginServlet</servlet-name>
<url-pattern>/LoginServlet</url-pattern>
</servlet-mapping>
</web-app>
登录成功后的界面list.jsp:
<body>
<a href="qx1.jsp">权限1的界面</a><br><br>
<a href="qx2.jsp">权限2的界面</a><br><br>
<a href="qx3.jsp">权限3的界面</a><br><br>
<a href="qx4.jsp">权限4的界面</a><br><br>
<a href="LoginServlet?method=logout">退出</a>
</body>
若刚才登录的用户有访问权限则显示:
若没有访问权限则显示:
- JavaWEB采用Filter的权限管理
- javaweb开发中的权限管理的方法
- javaweb 项目的系统权限管理
- JavaWeb-权限管理
- Filter 权限管理
- JavaWeb的Filter过滤器
- javaweb+SSH实现简单的权限管理系统
- JavaWeb Filter 的执行顺序
- 关于javaWeb的Filter过滤器
- JavaWeb的Filter过滤器应用
- javaWeb的过滤器(Filter)
- JAVAWEB开发之权限管理(一)——权限管理详解(权限管理原理以及方案)、不使用权限框架的原始授权方式详解
- 浅谈用Filter实现系统权限管理
- 个人学习-java-权限管理登陆(filter)
- javaWeb-filter
- JavaWeb-Filter
- 采用Filter完成字符集的统一设置
- 采用Filter完成字符集的设置
- defer和async的详细区别
- MVP模式+Dagger2+Rxjava+retrofit2+lambda表达式 … retrofit2带进度的上传下载
- CentOS 搭建hadoop2.7.2
- CSS深入理解vertical-align和line-height的基友关系
- [CPP]宏的字符串处理
- JavaWEB采用Filter的权限管理
- 博客的第一天
- php中heredoc的使用方法
- c++模板的定义和实现为啥分开
- SpringMVC框架搭建及详解
- UML—概述
- Appium 自动化用例设计(Excel 配置篇)
- 数组是对象吗?
- (五上)过滤器,调用方式,filter过滤器,过滤器函数参数
