javaweb设计中filter粗粒度权限控制代码示例
作者:袖梨
2022-06-29
1 说明
我们给出三个页面:index.jsp、user.jsp、admin.jsp。
index.jsp:谁都可以访问,没有限制;
user.jsp:只有登录用户才能访问;
admin.jsp:只有管理员才能访问。
2 分析
设计User类:username、password、grade,其中grade表示用户等级,1表示普通用户,2表示管理员用户。
当用户登录成功后,把user保存到session中。
创建LoginFilter,它有两种过滤方式:
如果访问的是user.jsp,查看session中是否存在user;
如果访问的是admin.jsp,查看session中是否存在user,并且user的grade等于2。
3 代码
LoginServlet com.cug.web.servlet.LoginServlet LoginServlet /LoginServlet index.jsp UserFilter com.cug.filter.UserFilter UserFilter /user/* AdminFilter com.cug.filter.AdminFilter AdminFilter /admin/*
LoginServlet.java
package com.cug.web.servlet;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.cug.domain.User;
import com.cug.web.service.UserService;
public class LoginServlet extends HttpServlet{
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
req.setCharacterEncoding("utf-8");
resp.setContentType("text/html;charset=utf-8");
String username = req.getParameter("username");
String password = req.getParameter("password");
User user = UserService.login(username, password);
if(user == null){
req.setAttribute("msg", "用户名或者密码错误");
req.getRequestDispatcher("/login.jsp").forward(req, resp);
} else{
req.getSession().setAttribute("user", user);
req.getRequestDispatcher("index.jsp").forward(req,resp);
}
}
}
UserService
package com.cug.web.service;
import java.util.HashMap;
import java.util.Map;
import com.cug.domain.User;
public class UserService {
private static Map users = new HashMap();
static{
users.put("zhu", new User("zhu", "123", 2));
users.put("xiao", new User("xiao", "123", 1));
}
public static User login(String username, String password){
User user = users.get(username);
if(user == null)
return null;
if(!user.getPassword().equals(password))
return null;
return user;
}
}
AdminFilter
package com.cug.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import com.cug.domain.User;
public class AdminFilter implements Filter{
@Override
public void destroy() {
}
@Override
public void doFilter(ServletRequest req, ServletResponse resp,
FilterChain chain) throws IOException, ServletException {
req.setCharacterEncoding("utf-8");
resp.setContentType("text/html;charset=utf-8");
HttpServletRequest request = (HttpServletRequest)req;
User user = (User)request.getSession().getAttribute("user");
if(user == null){
resp.getWriter().print("用户还没有登陆");
request.getRequestDispatcher("/login.jsp").forward(req, resp);
}
if(user.getGrade() < 2){
resp.getWriter().print("您的等级不够");
return;
}
chain.doFilter(req, resp);
}
@Override
public void init(FilterConfig arg0) throws ServletException {
}
}
UserFilter
package com.cug.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import com.cug.domain.User;
public class UserFilter implements Filter{
@Override
public void destroy() {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
request.setCharacterEncoding("utf-8");
response.setContentType("text/html;charset=utf-8");
HttpServletRequest httpReq = (HttpServletRequest)request;
User user = (User)httpReq.getSession().getAttribute("user");
if(user == null){
request.getRequestDispatcher("/login.jsp").forward(request, response);
}
chain.doFilter(request, response);
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
}
User
package com.cug.domain;
public class User {
private String username;
private String password;
private int grade;
public User() {
super();
}
public User(String username, String password, int grade) {
super();
this.username = username;
this.password = password;
this.grade = grade;
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public int getGrade() {
return grade;
}
public void setGrade(int grade) {
this.grade = grade;
}
@Override
public String toString() {
return "User [username=" + username + ", password=" + password
+ ", grade=" + grade + "]";
}
}
html
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%> <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> <% String path = request.getContextPath(); String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/"; %>My JSP 'admin.jsp' starting page admin.jsp
${user.username }
首页
用户页
系统管理员
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%> <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> <% String path = request.getContextPath(); String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/"; %>My JSP 'user.jsp' starting page user.jsp
${user.username }
首页
用户登陆界面
管理员登陆界面
用户登录
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%> <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> <% String path = request.getContextPath(); String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/"; %>My JSP 'login.jsp' starting page ${msg }
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%> <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> <% String path = request.getContextPath(); String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/"; %>My JSP 'index.jsp' starting page index.jsp
${user.username }
首页
用户登陆界面
管理员登陆界面
相关文章
精彩推荐
-
忍者必须死34399账号登录版 最新版v1.0.138v2.0.72
下载 -
勇者秘境oppo版 安卓版v1.0.5
下载 -
忍者必须死3一加版 最新版v1.0.138v2.0.72
下载 -
绝世仙王官方正版 最新安卓版v1.0.49
下载
-
下载
Goat Simulator 3手机版 安卓版v1.0.8.2
模拟经营 Goat Simulator 3手机版 安卓版v1.0.8.2Goat Simulator 3手机版是一个非常有趣的模拟游
-
下载
Goat Simulator 3国际服 安卓版v1.0.8.2
模拟经营 Goat Simulator 3国际服 安卓版v1.0.8.2Goat Simulator 3国际版是一个非常有趣的山羊模
-
下载
烟花燃放模拟器中文版 2025最新版v1.0
模拟经营 烟花燃放模拟器中文版 2025最新版v1.0烟花燃放模拟器是款仿真的烟花绽放模拟器类型单机小游戏,全方位
-
下载
我的世界动漫世界 手机版v友y整合
模拟经营 我的世界动漫世界 手机版v友y整合我的世界动漫世界模组整合包是一款加入了动漫元素的素材整合包,
-
下载
我的世界贝爷生存整合包 最新版v隔壁老王
模拟经营 我的世界贝爷生存整合包 最新版v隔壁老王我的世界MITE贝爷生存整合包是一款根据原版MC制作的魔改整
