javaweb设计中filter粗粒度权限控制代码示例

javaweb设计中filter粗粒度权限控制代码示例

1 说明

我们给出三个页面：index.jsp、user.jsp、admin.jsp。

index.jsp：谁都可以访问，没有限制；

user.jsp：只有登录用户才能访问；

admin.jsp：只有管理员才能访问。

2 分析

设计User类：username、password、grade，其中grade表示用户等级，1表示普通用户，2表示管理员用户。

当用户登录成功后，把user保存到session中。

创建LoginFilter，它有两种过滤方式：

如果访问的是user.jsp，查看session中是否存在user；

如果访问的是admin.jsp，查看session中是否存在user，并且user的grade等于2。

3 代码

xmlns="http://java.sun.com/xml/ns/javaee"

xmlns:xsi="http://w3.org/2001/XMLSchema-instance"

xsi:schemaLocation="http://java.sun.com/xml/ns/javaee

http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">

LoginServlet

com.cug.web.servlet.LoginServlet

LoginServlet

/LoginServlet

index.jsp

UserFilter

com.cug.filter.UserFilter

UserFilter

/user/*

AdminFilter

com.cug.filter.AdminFilter

AdminFilter

/admin/*

xmlns="http://java.sun.com/xml/ns/javaee"

xmlns:xsi="http://w3.org/2001/XMLSchema-instance"

xsi:schemaLocation="http://java.sun.com/xml/ns/javaee

http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">

LoginServlet

com.cug.web.servlet.LoginServlet

LoginServlet

/LoginServlet

index.jsp

UserFilter

com.cug.filter.UserFilter

UserFilter

/user/*

AdminFilter

com.cug.filter.AdminFilter

AdminFilter

/admin/*

LoginServlet.java

package com.cug.web.servlet;

import java.io.IOException;

import javax.servlet.ServletException;

import javax.servlet.http.HttpServlet;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

import com.cug.domain.User;

import com.cug.web.service.UserService;

public class LoginServlet extends HttpServlet{

@Override

protected void doPost(HttpServletRequest req, HttpServletResponse resp)

throws ServletException, IOException {

req.setCharacterEncoding("utf-8");

resp.setContentType("text/html;charset=utf-8");

String username = req.getParameter("username");

String password = req.getParameter("password");

User user = UserService.login(username, password);

if(user == null){

req.setAttribute("msg", "用户名或者密码错误");

req.getRequestDispatcher("/login.jsp").forward(req, resp);

} else{

req.getSession().setAttribute("user", user);

req.getRequestDispatcher("index.jsp").forward(req,resp);

}

}

}

UserService

package com.cug.web.service;

import java.util.HashMap;

import java.util.Map;

import com.cug.domain.User;

public class UserService {

private static Map users = new HashMap();

static{

users.put("zhu", new User("zhu", "123", 2));

users.put("xiao", new User("xiao", "123", 1));

}

public static User login(String username, String password){

User user = users.get(username);

if(user == null)

return null;

if(!user.getPassword().equals(password))

return null;

return user;

}

}

AdminFilter

package com.cug.filter;

import java.io.IOException;

import javax.servlet.Filter;

import javax.servlet.FilterChain;

import javax.servlet.FilterConfig;

import javax.servlet.ServletException;

import javax.servlet.ServletRequest;

import javax.servlet.ServletResponse;

import javax.servlet.http.HttpServletRequest;

import com.cug.domain.User;

public class AdminFilter implements Filter{

@Override

public void destroy() {

}

@Override

public void doFilter(ServletRequest req, ServletResponse resp,

FilterChain chain) throws IOException, ServletException {

req.setCharacterEncoding("utf-8");

resp.setContentType("text/html;charset=utf-8");

HttpServletRequest request = (HttpServletRequest)req;

User user = (User)request.getSession().getAttribute("user");

if(user == null){

resp.getWriter().print("用户还没有登陆");

request.getRequestDispatcher("/login.jsp").forward(req, resp);

}

if(user.getGrade() < 2){

resp.getWriter().print("您的等级不够");

return;

}

chain.doFilter(req, resp);

}

@Override

public void init(FilterConfig arg0) throws ServletException {

}

}

UserFilter

package com.cug.filter;

import java.io.IOException;

import javax.servlet.Filter;

import javax.servlet.FilterChain;

import javax.servlet.FilterConfig;

import javax.servlet.ServletException;

import javax.servlet.ServletRequest;

import javax.servlet.ServletResponse;

import javax.servlet.http.HttpServletRequest;

import com.cug.domain.User;

public class UserFilter implements Filter{

@Override

public void destroy() {

}

@Override

public void doFilter(ServletRequest request, ServletResponse response,

FilterChain chain) throws IOException, ServletException {

request.setCharacterEncoding("utf-8");

response.setContentType("text/html;charset=utf-8");

HttpServletRequest httpReq = (HttpServletRequest)request;

User user = (User)httpReq.getSession().getAttribute("user");

if(user == null){

request.getRequestDispatcher("/login.jsp").forward(request, response);

}

chain.doFilter(request, response);

}

@Override

public void init(FilterConfig filterConfig) throws ServletException {

}

}

User

package com.cug.domain;

public class User {

private String username;

private String password;

private int grade;

public User() {

super();

}

public User(String username, String password, int grade) {

super();

this.username = username;

this.password = password;

this.grade = grade;

}

public String getUsername() {

return username;

}

public void setUsername(String username) {

this.username = username;

}

public String getPassword() {

return password;

}

public void setPassword(String password) {

this.password = password;

}

public int getGrade() {

return grade;

}

public void setGrade(int grade) {

this.grade = grade;

}

@Override

public String toString() {

return "User [username=" + username + ", password=" + password

+ ", grade=" + grade + "]";

}

}

html

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>

<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>

<%

String path = request.getContextPath();

String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";

%>

首页

用户页

系统管理员

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>

<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>

<%

String path = request.getContextPath();

String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";

%>

首页

用户登陆界面

管理员登陆界面

用户登录

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>

<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>

<%

String path = request.getContextPath();

String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";

%>

${msg }

用户名：

密码：

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>

<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>

<%

String path = request.getContextPath();

String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";

%>

首页

用户登陆界面

管理员登陆界面

总结

以上就是本文关于javaweb设计中filter粗粒度权限控制代码示例的全部内容，感兴趣的朋友可以继续参阅：JavaWeb项目中dll文件动态加载方法解析（详细步骤）、Javaweb使用cors完成跨域ajax数据交互、Javaweb项目session超时解决方案等。

希望对大家有所帮助，如有不足之处，欢迎留言指正。感谢大家对本站的支持！

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。