一聚教程网:一个值得你收藏的教程网站

热门教程

javaweb设计中filter粗粒度权限控制代码示例

时间:2022-06-29 01:15:11 编辑:袖梨 来源:一聚教程网

1 说明

我们给出三个页面:index.jsp、user.jsp、admin.jsp。

index.jsp:谁都可以访问,没有限制;

user.jsp:只有登录用户才能访问;

admin.jsp:只有管理员才能访问。

2 分析

设计User类:username、password、grade,其中grade表示用户等级,1表示普通用户,2表示管理员用户。

当用户登录成功后,把user保存到session中。

创建LoginFilter,它有两种过滤方式:

如果访问的是user.jsp,查看session中是否存在user;
如果访问的是admin.jsp,查看session中是否存在user,并且user的grade等于2。

3 代码

 
 
 
 LoginServlet 
 com.cug.web.servlet.LoginServlet 
 
 
 LoginServlet 
 /LoginServlet 
 
 
 index.jsp 
 
 
 UserFilter 
 com.cug.filter.UserFilter 
 
 
 UserFilter 
 /user/* 
 
 
 AdminFilter 
 com.cug.filter.AdminFilter 
 
 
 AdminFilter 
 /admin/* 
 
 

LoginServlet.java

package com.cug.web.servlet;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.cug.domain.User;
import com.cug.web.service.UserService;
public class LoginServlet extends HttpServlet{
	@Override 
	 protected void doPost(HttpServletRequest req, HttpServletResponse resp) 
	   throws ServletException, IOException {
		req.setCharacterEncoding("utf-8");
		resp.setContentType("text/html;charset=utf-8");
		String username = req.getParameter("username");
		String password = req.getParameter("password");
		User user = UserService.login(username, password);
		if(user == null){
			req.setAttribute("msg", "用户名或者密码错误");
			req.getRequestDispatcher("/login.jsp").forward(req, resp);
		} else{
			req.getSession().setAttribute("user", user);
			req.getRequestDispatcher("index.jsp").forward(req,resp);
		}
	}
}

UserService

package com.cug.web.service;
import java.util.HashMap;
import java.util.Map;
import com.cug.domain.User;
public class UserService {
	private static Map users = new HashMap();
	static{
		users.put("zhu", new User("zhu", "123", 2));
		users.put("xiao", new User("xiao", "123", 1));
	}
	public static User login(String username, String password){
		User user = users.get(username);
		if(user == null) 
		   return null;
		if(!user.getPassword().equals(password)) 
		   return null;
		return user;
	}
}

AdminFilter

package com.cug.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import com.cug.domain.User;
public class AdminFilter implements Filter{
	@Override 
	 public void destroy() {
	}
	@Override 
	 public void doFilter(ServletRequest req, ServletResponse resp, 
	   FilterChain chain) throws IOException, ServletException {
		req.setCharacterEncoding("utf-8");
		resp.setContentType("text/html;charset=utf-8");
		HttpServletRequest request = (HttpServletRequest)req;
		User user = (User)request.getSession().getAttribute("user");
		if(user == null){
			resp.getWriter().print("用户还没有登陆");
			request.getRequestDispatcher("/login.jsp").forward(req, resp);
		}
		if(user.getGrade() < 2){
			resp.getWriter().print("您的等级不够");
			return;
		}
		chain.doFilter(req, resp);
	}
	@Override 
	 public void init(FilterConfig arg0) throws ServletException {
	}
}

UserFilter

package com.cug.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import com.cug.domain.User;
public class UserFilter implements Filter{
	@Override 
	 public void destroy() {
	}
	@Override 
	 public void doFilter(ServletRequest request, ServletResponse response, 
	   FilterChain chain) throws IOException, ServletException {
		request.setCharacterEncoding("utf-8");
		response.setContentType("text/html;charset=utf-8");
		HttpServletRequest httpReq = (HttpServletRequest)request;
		User user = (User)httpReq.getSession().getAttribute("user");
		if(user == null){
			request.getRequestDispatcher("/login.jsp").forward(request, response);
		}
		chain.doFilter(request, response);
	}
	@Override 
	 public void init(FilterConfig filterConfig) throws ServletException {
	}
}

User

package com.cug.domain;
public class User {
	private String username;
	private String password;
	private int grade;
	public User() {
		super();
	}
	public User(String username, String password, int grade) {
		super();
		this.username = username;
		this.password = password;
		this.grade = grade;
	}
	public String getUsername() {
		return username;
	}
	public void setUsername(String username) {
		this.username = username;
	}
	public String getPassword() {
		return password;
	}
	public void setPassword(String password) {
		this.password = password;
	}
	public int getGrade() {
		return grade;
	}
	public void setGrade(int grade) {
		this.grade = grade;
	}
	@Override 
	 public String toString() {
		return "User [username=" + username + ", password=" + password 
		    + ", grade=" + grade + "]";
	}
}

html

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%> 
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> 
<% 
String path = request.getContextPath(); 
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/"; 
%> 
 
 
  
  
 My JSP 'admin.jsp' starting page 
  
  
   
  
  
  
  
  
 

admin.jsp

${user.username }

首页
用户页
系统管理员
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%> 
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> 
<% 
String path = request.getContextPath(); 
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/"; 
%> 
 
 
  
  
 My JSP 'user.jsp' starting page 
  
  
   
  
  
  
  
  
 

user.jsp

${user.username }

首页
用户登陆界面
管理员登陆界面

用户登录

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%> 
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> 
<% 
String path = request.getContextPath(); 
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/"; 
%> 
 
 
  
  
 My JSP 'login.jsp' starting page 
  
  
   
  
  
  
  
  
 ${msg } 
 
用户名:
密码:
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%> 
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> 
<% 
String path = request.getContextPath(); 
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/"; 
%> 
 
 
  
  
 My JSP 'index.jsp' starting page 
  
  
   
  
  
  
  
  
 

index.jsp

${user.username }

首页
用户登陆界面
管理员登陆界面

热门栏目