安全检查过滤器
来源:互联网 发布:黄金交易平台软件 编辑:程序博客网 时间:2024/04/25 22:07
使用说明:
本项目的结构如下图所示:
过滤声明:admin用户能够访问admin目录,manager目录,norestriction目录和根目录下的所有资源,manager用户具有除了admin目录外所有资源的权限,非登陆用户可以访问norestriction目录和根目录下的所有资源。login.jsp用于用户登录,list.jsp列出课访问的Web资源,当没有权限访问某些资源时,显示403.jsp网页
代码:
login.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%><!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>登录页面</title></head><body><form action="Login" method="post"><br><br><span style="color:red">${ message }</span> <br><br>用户:<input id="user" name="user" type="text"/><br>密码:<input id="pwd" name="pwd" type="password"/><br><input type="submit" id="submit" value="提交"/><br><br><h3>用户有admin和manager,密码都是123</h3></form></body></html>
list.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%><!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>资源列表页面</title></head><body><br><br>登录用户: ${ sessionScope.user }<br><br><a href="admin/index.jsp">admin页面</a><br><a href="manager/index.jsp">manager页面</a><br><a href="norestriction/index.jsp">norestriction页面</a><br><br><a href="login.jsp">登录</a><br><a href="LoginOut">登出</a><br></body></html>
403.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%><!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>403错误页面</title></head><body><br><br>对不起,您没有对应权限!请<a href="list.jsp">返回</a></body></html>
index.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%><!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>admin页面</title></head><body><h3>欢迎${sessionScope.user }大驾光临!</h3></body></html>
Login.java
package com.servlet;import java.io.IOException;import java.util.Enumeration;import javax.servlet.ServletContext;import javax.servlet.ServletException;import javax.servlet.annotation.WebServlet;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import javax.servlet.http.HttpSession;import javax.servlet.http.HttpSessionContext;public class Login extends HttpServlet {private static final long serialVersionUID = 1L; public Login() { super(); // TODO Auto-generated constructor stub }protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {// TODO Auto-generated method stubdoPost(request, response);}protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {// TODO Auto-generated method stubrequest.setCharacterEncoding("UTF-8");String user=request.getParameter("user");String pwd=request.getParameter("pwd"); // 比对用户名和密码 // 这里采用硬编码,在实际应用时可改为比对数据库用户表信息 if(user==null || (!"admin".equals(user) && !"manager".equals(user))){request.setAttribute("message", "用户名或密码错误!");request.getRequestDispatcher("/login.jsp").forward(request, response);return ;}if (pwd == null || !"123".equals(pwd)) {request.setAttribute("message", "用户名或密码错误!"); request.getRequestDispatcher("/login.jsp").forward(request, response); return;}//获取会话对象HttpSession session=request.getSession();// 将登录用户放到Session中session.setAttribute("user", user);response.sendRedirect("list.jsp");}}
LoginOut.java
package com.servlet;import java.io.IOException;import javax.servlet.ServletException;import javax.servlet.annotation.WebServlet;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;public class LoginOut extends HttpServlet {private static final long serialVersionUID = 1L; public LoginOut() { super(); // TODO Auto-generated constructor stub }protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {// TODO Auto-generated method stubdoPost(request, response);}protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {// TODO Auto-generated method stub//登出request.getSession().invalidate();response.sendRedirect(request.getContextPath()+"/login.jsp");}}
CheckRightsFilter.java
package com.filter;import java.io.IOException;import javax.servlet.Filter;import javax.servlet.FilterChain;import javax.servlet.FilterConfig;import javax.servlet.ServletException;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import javax.servlet.annotation.WebFilter;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;public class CheckRightsFilter implements Filter { public CheckRightsFilter() { // TODO Auto-generated constructor stub }public void destroy() {// TODO Auto-generated method stub}public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {// TODO Auto-generated method stubHttpServletRequest httprequest=(HttpServletRequest)request;HttpServletResponse httpresponse=(HttpServletResponse)response;//搜索各种PathString contextPath=httprequest.getContextPath();String servletPath=httprequest.getServletPath();String user=(String)httprequest.getSession().getAttribute("user");//判断admin权限if(servletPath.startsWith("/admin")){if(user==null || !"admin".equals(user)){httpresponse.sendRedirect(contextPath+"/403.jsp");return ;}}//判断manager权限if(servletPath.startsWith("/manager")){if(user==null || (!"manager".equals(user) &&!"admin".equals(user))){httpresponse.sendRedirect(contextPath+"/403.jsp");return ;}}chain.doFilter(request, response);}public void init(FilterConfig fConfig) throws ServletException {// TODO Auto-generated method stub}}
截图:
(登陆和退出登录后的页面)
(admin用户登录---所有页面的权限)
(manager用户权限:可以访问除admin外所有页面)
(manager用户访问admin目录下的页面时,显示错误)
0 0
- 安全检查过滤器
- VS2008安全检查
- Ubuntu 安全检查
- 计算机网络安全检查
- 缓冲区安全检查
- Windows 2000 安全检查清单
- SQL Server 安全检查列表
- 深度探索编译器安全检查
- Windows 2000 安全检查清单
- SQL Server 安全检查列表
- 深度探索编译器安全检查
- Windows2000安全检查清单
- Windows 2000 安全检查清单
- Windows 2000 安全检查清单
- Windows 2000安全检查清单
- Windows 2000 安全检查清单
- Linux安全检查方法
- Linux安全检查方法
- IntelliJ Idea 常用快捷键列表
- iOS 宏定义规范
- CodeForces-731B
- 知识点滴(文章索引)
- JSON详解?
- 安全检查过滤器
- Ubuntu下使用CodeLite编写OpenCV程序
- 小学生的故事
- C++ Primer课后练习10.22,10.24,10.25
- mysql秘技(更新时间:2016-10-18)
- socket通信相关
- 运算符、表达式和语句
- windows 配置 SSD ——CPU模式
- 64位系统如何使用32位IE浏览器