服务器之家

服务器之家 > 正文

javaweb设计中filter粗粒度权限控制代码示例

时间:2021-01-18 09:55     来源/作者:bluzelee2011

1 说明

我们给出三个页面:index.jsp、user.jsp、admin.jsp。

index.jsp:谁都可以访问,没有限制;

user.jsp:只有登录用户才能访问;

admin.jsp:只有管理员才能访问。

2 分析

设计User类:username、password、grade,其中grade表示用户等级,1表示普通用户,2表示管理员用户。

当用户登录成功后,把user保存到session中。

创建LoginFilter,它有两种过滤方式:

如果访问的是user.jsp,查看session中是否存在user;
如果访问的是admin.jsp,查看session中是否存在user,并且user的grade等于2。

3 代码

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5"
 xmlns="http://java.sun.com/xml/ns/javaee"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
 http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<servlet>
 <servlet-name>LoginServlet</servlet-name>
 <servlet-class>com.cug.web.servlet.LoginServlet</servlet-class>
</servlet>
<servlet-mapping>
 <servlet-name>LoginServlet</servlet-name>
 <url-pattern>/LoginServlet</url-pattern>
</servlet-mapping>
<welcome-file-list>
 <welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<filter>
 <filter-name>UserFilter</filter-name>
 <filter-class>com.cug.filter.UserFilter</filter-class>
</filter>
<filter-mapping>
 <filter-name>UserFilter</filter-name>
 <url-pattern>/user/*</url-pattern>
</filter-mapping>
<filter>
 <filter-name>AdminFilter</filter-name>
 <filter-class>com.cug.filter.AdminFilter</filter-class>
</filter>
<filter-mapping>
 <filter-name>AdminFilter</filter-name>
 <url-pattern>/admin/*</url-pattern>
</filter-mapping>
</web-app>

LoginServlet.java

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
package com.cug.web.servlet;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.cug.domain.User;
import com.cug.web.service.UserService;
public class LoginServlet extends HttpServlet{
    @Override
     protected void doPost(HttpServletRequest req, HttpServletResponse resp)
       throws ServletException, IOException {
        req.setCharacterEncoding("utf-8");
        resp.setContentType("text/html;charset=utf-8");
        String username = req.getParameter("username");
        String password = req.getParameter("password");
        User user = UserService.login(username, password);
        if(user == null){
            req.setAttribute("msg", "用户名或者密码错误");
            req.getRequestDispatcher("/login.jsp").forward(req, resp);
        } else{
            req.getSession().setAttribute("user", user);
            req.getRequestDispatcher("index.jsp").forward(req,resp);
        }
    }
}

UserService

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
package com.cug.web.service;
import java.util.HashMap;
import java.util.Map;
import com.cug.domain.User;
public class UserService {
    private static Map<String, User> users = new HashMap<String, User>();
    static{
        users.put("zhu", new User("zhu", "123", 2));
        users.put("xiao", new User("xiao", "123", 1));
    }
    public static User login(String username, String password){
        User user = users.get(username);
        if(user == null)
           return null;
        if(!user.getPassword().equals(password))
           return null;
        return user;
    }
}

AdminFilter

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
package com.cug.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import com.cug.domain.User;
public class AdminFilter implements Filter{
    @Override
     public void destroy() {
    }
    @Override
     public void doFilter(ServletRequest req, ServletResponse resp,
       FilterChain chain) throws IOException, ServletException {
        req.setCharacterEncoding("utf-8");
        resp.setContentType("text/html;charset=utf-8");
        HttpServletRequest request = (HttpServletRequest)req;
        User user = (User)request.getSession().getAttribute("user");
        if(user == null){
            resp.getWriter().print("用户还没有登陆");
            request.getRequestDispatcher("/login.jsp").forward(req, resp);
        }
        if(user.getGrade() < 2){
            resp.getWriter().print("您的等级不够");
            return;
        }
        chain.doFilter(req, resp);
    }
    @Override
     public void init(FilterConfig arg0) throws ServletException {
    }
}

UserFilter

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
package com.cug.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import com.cug.domain.User;
public class UserFilter implements Filter{
    @Override
     public void destroy() {
    }
    @Override
     public void doFilter(ServletRequest request, ServletResponse response,
       FilterChain chain) throws IOException, ServletException {
        request.setCharacterEncoding("utf-8");
        response.setContentType("text/html;charset=utf-8");
        HttpServletRequest httpReq = (HttpServletRequest)request;
        User user = (User)httpReq.getSession().getAttribute("user");
        if(user == null){
            request.getRequestDispatcher("/login.jsp").forward(request, response);
        }
        chain.doFilter(request, response);
    }
    @Override
     public void init(FilterConfig filterConfig) throws ServletException {
    }
}

User

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
package com.cug.domain;
public class User {
    private String username;
    private String password;
    private int grade;
    public User() {
        super();
    }
    public User(String username, String password, int grade) {
        super();
        this.username = username;
        this.password = password;
        this.grade = grade;
    }
    public String getUsername() {
        return username;
    }
    public void setUsername(String username) {
        this.username = username;
    }
    public String getPassword() {
        return password;
    }
    public void setPassword(String password) {
        this.password = password;
    }
    public int getGrade() {
        return grade;
    }
    public void setGrade(int grade) {
        this.grade = grade;
    }
    @Override
     public String toString() {
        return "User [username=" + username + ", password=" + password
            + ", grade=" + grade + "]";
    }
}

html

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
 <head>
 <base href="<%=basePath%>" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" >
 <title>My JSP 'admin.jsp' starting page</title>
 <meta http-equiv="pragma" content="no-cache">
 <meta http-equiv="cache-control" content="no-cache">
 <meta http-equiv="expires" content="0"
 <meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
 <meta http-equiv="description" content="This is my page">
 <!--
 <link rel="stylesheet" type="text/css" href="styles.css" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" >
 -->
 </head>
 <body>
 <h1>admin.jsp</h1>
 <h3>${user.username }</h3>
 <a href="<c:url value='/index.jsp'/>" rel="external nofollow" rel="external nofollow" rel="external nofollow" >首页</a><br/>
 <a href="<c:url value='/user/user.jsp'/>" rel="external nofollow" rel="external nofollow" rel="external nofollow" >用户页</a><br/>
 <a href="<c:url value='/admin/admin.jsp'/>" rel="external nofollow" rel="external nofollow" rel="external nofollow" >系统管理员</a><br/>
 </body>
</html>

 

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
 <head>
 <base href="<%=basePath%>" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" >
 <title>My JSP 'user.jsp' starting page</title>
 <meta http-equiv="pragma" content="no-cache">
 <meta http-equiv="cache-control" content="no-cache">
 <meta http-equiv="expires" content="0"
 <meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
 <meta http-equiv="description" content="This is my page">
 <!--
 <link rel="stylesheet" type="text/css" href="styles.css" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" >
 -->
 </head>
 <body>
 <h1>user.jsp</h1>
 <h3>${user.username }</h3>
 <a href="<c:url value='/index.jsp'/>" rel="external nofollow" rel="external nofollow" rel="external nofollow" >首页</a><br>
 <a href="<c:url value='/user/user.jsp'/>" rel="external nofollow" rel="external nofollow" rel="external nofollow" >用户登陆界面</a><br>
 <a href="<c:url value='/admin/admin.jsp'/>" rel="external nofollow" rel="external nofollow" rel="external nofollow" >管理员登陆界面</a><br>
 </body>
</html>

用户登录

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
 <head>
 <base href="<%=basePath%>" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" >
 <title>My JSP 'login.jsp' starting page</title>
 <meta http-equiv="pragma" content="no-cache">
 <meta http-equiv="cache-control" content="no-cache">
 <meta http-equiv="expires" content="0"
 <meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
 <meta http-equiv="description" content="This is my page">
 <!--
 <link rel="stylesheet" type="text/css" href="styles.css" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" >
 -->
 </head>
 <body>
 ${msg }
 <form action="<c:url value='/LoginServlet'/>" method="post">
  用户名:<input type="text" name="username"/><br/>
  密码:<input type="password" name="password"/><br/>
  <input type="submit" value="登陆"/>
 </form>
 </body>
</html>

 

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
 <head>
 <base href="<%=basePath%>" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" >
 <title>My JSP 'index.jsp' starting page</title>
 <meta http-equiv="pragma" content="no-cache">
 <meta http-equiv="cache-control" content="no-cache">
 <meta http-equiv="expires" content="0"
 <meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
 <meta http-equiv="description" content="This is my page">
 <!--
 <link rel="stylesheet" type="text/css" href="styles.css" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" >
 -->
 </head>
 <body>
 <h1>index.jsp</h1>
 <h3>${user.username }</h3>
 <a href="<c:url value='/index.jsp'/>" rel="external nofollow" rel="external nofollow" rel="external nofollow" >首页</a><br>
 <a href="<c:url value='/user/user.jsp'/>" rel="external nofollow" rel="external nofollow" rel="external nofollow" >用户登陆界面</a><br>
 <a href="<c:url value='/admin/admin.jsp'/>" rel="external nofollow" rel="external nofollow" rel="external nofollow" >管理员登陆界面</a><br>
 </body>
</html>

 

总结

以上就是本文关于javaweb设计中filter粗粒度权限控制代码示例的全部内容,希望对大家有所帮助,如有不足之处,欢迎留言指正。感谢大家对本站的支持!

原文链接:http://blog.csdn.net/bluzelee2011/article/details/42784479

相关文章

热门资讯

2020微信伤感网名听哭了 让对方看到心疼的伤感网名大全
2020微信伤感网名听哭了 让对方看到心疼的伤感网名大全 2019-12-26
Intellij idea2020永久破解,亲测可用!!!
Intellij idea2020永久破解,亲测可用!!! 2020-07-29
背刺什么意思 网络词语背刺是什么梗
背刺什么意思 网络词语背刺是什么梗 2020-05-22
苹果12mini价格表官网报价 iPhone12mini全版本价格汇总
苹果12mini价格表官网报价 iPhone12mini全版本价格汇总 2020-11-13
歪歪漫画vip账号共享2020_yy漫画免费账号密码共享
歪歪漫画vip账号共享2020_yy漫画免费账号密码共享 2020-04-07
返回顶部