java web 的粗粒度权限管理
java web 的粗粒度权限管理
抢地主 发表于9个月前
java web 的粗粒度权限管理
  • 发表于 9个月前
  • 阅读 54
  • 收藏 1
  • 点赞 0
  • 评论 0

腾讯云 新注册用户 域名抢购1元起>>>   

1.说明

还有一个login.jsp

 

分析,通过userfilter.java 来过滤user,admin。

通过adminfilter.java来过滤admin。

 

 

 

代码如下:

WebContext目录下:

admin目录:下的admin.jsp

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
    
<%@ taglib prefix="c"  uri="http://java.sun.com/jsp/jstl/core"%>    
    
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
	<h1>管理员界面</h1>
	<a href="<c:url value='/index.jsp'/>" >游客入口</a> <br />
	<a href="<c:url value='/user/user.jsp' />">会员入口</a>  <br />
	<a href="<c:url value='/admin/admin.jsp' />">管理入口</a>  <br />
</body>
</html>

user目录下的user.jsp

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
    
<%@ taglib prefix="c"  uri="http://java.sun.com/jsp/jstl/core"%>    
    
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
	<h1>会员界面</h1>
	<a href="<c:url value='/index.jsp'/>" >游客入口</a> <br />
	<a href="<c:url value='/user/user.jsp' />">会员入口</a>  <br />
	<a href="<c:url value='/admin/admin.jsp' />">管理入口</a>  <br />
</body>
</html>

 

WebContext目录下的index.jsp 和 login.jsp

//index.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
    
<%@ taglib prefix="c"  uri="http://java.sun.com/jsp/jstl/core"%>    
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
	<h1>游客界面</h1>
	<a href="<c:url value='/index.jsp'/>" >游客入口</a> <br />
	<a href="<c:url value='/user/user.jsp' />">会员入口</a>  <br />
	<a href="<c:url value='/admin/admin.jsp' />">管理入口</a>  <br />
</body>
</html>

//login.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
    
<%@ taglib prefix="c"  uri="http://java.sun.com/jsp/jstl/core"%>    
    
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
<h1>登录页面</h1>

<form action="<c:url  value='/LoginServlet'/>" method="post">
	<input type="text" name="username"/>
	<input type="submit" value="登录"  />
</form>

</body>
</html>

 

2.一个LoginServlet处理 jsp的登录动作。

package com.aslan.web.servlet;

import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * Servlet implementation class LoginServlet
 */
@WebServlet("/LoginServlet")
public class LoginServlet extends HttpServlet {
	private static final long serialVersionUID = 1L;
       
    /**
     * @see HttpServlet#HttpServlet()
     */
    public LoginServlet() {
        super();
        // TODO Auto-generated constructor stub
    }

	/**
	 * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
	 */
	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		// TODO Auto-generated method stub
	}

	/**
	 * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
	 */
	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		//1.获取用户名
		String username = request.getParameter("username");
		
		//2.判断用户名是否包含aslan
		//3.如果包含,就是管理员,如果不包含就是普通会员
		//4.登录信息保存到session
		//5.转发到index.jsp
		if (username.contains("aslan")) {
			request.getSession().setAttribute("admin", username);
		}
		else {
			request.getSession().setAttribute("username",username);			
		}
		System.out.println(username);
		request.getRequestDispatcher("/index.jsp").forward(request, response);
		
	}

}

 

3.使用2个Filter来控制User 和admin的访问权限

UserFilter.java

package com.aslan.filter;

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;

/**
 * Servlet Filter implementation class UserFilter
 */
@WebFilter("/user/*")
public class UserFilter implements Filter {

	private FilterConfig config;

	public void destroy() {
	}


	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
		//1.得到session
		HttpServletRequest req = (HttpServletRequest) request;
		String name = (String) req.getSession().getAttribute("admin");
		System.out.println("admin:"+name);
		
		//2.判断session域中是否存在admin,如果存在,放行
		if (name != null) {
			//放行
			chain.doFilter(request, response);
			return ;		
		}
		//3.判断session域中是否存在username,如果存在,放行
		
		name = (String) req.getSession().getAttribute("username");
		
		System.out.println("username:"+name);

		if (name != null) {
			//放行
			chain.doFilter(request, response);
		}
		else {
			req.setAttribute("msg", "您啥都不是,不要瞎溜达");
			req.getRequestDispatcher("/login.jsp").forward(request, response);
		}
	}


	public void init(FilterConfig fConfig) throws ServletException {
		this.config = fConfig;
	}

}

AdminFilter.java

package com.aslan.filter;

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;

/**
 * Servlet Filter implementation class AdminFilter
 */
@WebFilter("/admin/*")
public class AdminFilter implements Filter {

    /**
     * Default constructor. 
     */
    public AdminFilter() {
        // TODO Auto-generated constructor stub
    }

	/**
	 * @see Filter#destroy()
	 */
	public void destroy() {
		// TODO Auto-generated method stub
	}

	/**
	 * @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
	 */
	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
		
		HttpServletRequest req = (HttpServletRequest) request;
		
		String name = (String) req.getSession().getAttribute("admin");
		
		if (name == null) {
			req.setAttribute("msg", "不要瞎溜达");
			request.getRequestDispatcher("/login.jsp").forward(request, response);
			return;
		}
		
		if (name.contains("aslan")) {
			
			//放行
			chain.doFilter(request, response);
				
		}
		else {
			req.setAttribute("msg", "不要瞎溜达");
			request.getRequestDispatcher("/login.jsp").forward(request, response);
		}
		
		
	}

	/**
	 * @see Filter#init(FilterConfig)
	 */
	public void init(FilterConfig fConfig) throws ServletException {
		// TODO Auto-generated method stub
	}

}

 

 

共有 人打赏支持
粉丝 5
博文 118
码字总数 24336
×
抢地主
如果觉得我的文章对您有用,请随意打赏。您的支持将鼓励我继续创作!
* 金额(元)
¥1 ¥5 ¥10 ¥20 其他金额
打赏人
留言
* 支付类型
微信扫码支付
打赏金额:
已支付成功
打赏金额: