欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  IT编程

javaweb设计中filter粗粒度权限控制代码示例

程序员文章站 2024-02-24 16:57:10
1 说明 我们给出三个页面:index.jsp、user.jsp、admin.jsp。 index.jsp:谁都可以访问,没有限制; user.jsp:只...

1 说明

我们给出三个页面:index.jsp、user.jsp、admin.jsp。

index.jsp:谁都可以访问,没有限制;

user.jsp:只有登录用户才能访问;

admin.jsp:只有管理员才能访问。

2 分析

设计user类:username、password、grade,其中grade表示用户等级,1表示普通用户,2表示管理员用户。

当用户登录成功后,把user保存到session中。

创建loginfilter,它有两种过滤方式:

如果访问的是user.jsp,查看session中是否存在user;
如果访问的是admin.jsp,查看session中是否存在user,并且user的grade等于2。

3 代码

<?xml version="1.0" encoding="utf-8"?> 
<web-app version="2.5" 
 xmlns="http://java.sun.com/xml/ns/javaee" 
 xmlns:xsi="http://www.w3.org/2001/xmlschema-instance" 
 xsi:schemalocation="http://java.sun.com/xml/ns/javaee 
 http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"> 
<servlet> 
 <servlet-name>loginservlet</servlet-name> 
 <servlet-class>com.cug.web.servlet.loginservlet</servlet-class> 
</servlet> 
<servlet-mapping> 
 <servlet-name>loginservlet</servlet-name> 
 <url-pattern>/loginservlet</url-pattern> 
</servlet-mapping> 
<welcome-file-list> 
 <welcome-file>index.jsp</welcome-file> 
</welcome-file-list> 
<filter> 
 <filter-name>userfilter</filter-name> 
 <filter-class>com.cug.filter.userfilter</filter-class> 
</filter> 
<filter-mapping> 
 <filter-name>userfilter</filter-name> 
 <url-pattern>/user/*</url-pattern> 
</filter-mapping> 
<filter> 
 <filter-name>adminfilter</filter-name> 
 <filter-class>com.cug.filter.adminfilter</filter-class> 
</filter> 
<filter-mapping> 
 <filter-name>adminfilter</filter-name> 
 <url-pattern>/admin/*</url-pattern> 
</filter-mapping> 
</web-app> 

loginservlet.java

package com.cug.web.servlet;
import java.io.ioexception;
import javax.servlet.servletexception;
import javax.servlet.http.httpservlet;
import javax.servlet.http.httpservletrequest;
import javax.servlet.http.httpservletresponse;
import com.cug.domain.user;
import com.cug.web.service.userservice;
public class loginservlet extends httpservlet{
	@override 
	 protected void dopost(httpservletrequest req, httpservletresponse resp) 
	   throws servletexception, ioexception {
		req.setcharacterencoding("utf-8");
		resp.setcontenttype("text/html;charset=utf-8");
		string username = req.getparameter("username");
		string password = req.getparameter("password");
		user user = userservice.login(username, password);
		if(user == null){
			req.setattribute("msg", "用户名或者密码错误");
			req.getrequestdispatcher("/login.jsp").forward(req, resp);
		} else{
			req.getsession().setattribute("user", user);
			req.getrequestdispatcher("index.jsp").forward(req,resp);
		}
	}
}

userservice

package com.cug.web.service;
import java.util.hashmap;
import java.util.map;
import com.cug.domain.user;
public class userservice {
	private static map<string, user> users = new hashmap<string, user>();
	static{
		users.put("zhu", new user("zhu", "123", 2));
		users.put("xiao", new user("xiao", "123", 1));
	}
	public static user login(string username, string password){
		user user = users.get(username);
		if(user == null) 
		   return null;
		if(!user.getpassword().equals(password)) 
		   return null;
		return user;
	}
}

adminfilter

package com.cug.filter;
import java.io.ioexception;
import javax.servlet.filter;
import javax.servlet.filterchain;
import javax.servlet.filterconfig;
import javax.servlet.servletexception;
import javax.servlet.servletrequest;
import javax.servlet.servletresponse;
import javax.servlet.http.httpservletrequest;
import com.cug.domain.user;
public class adminfilter implements filter{
	@override 
	 public void destroy() {
	}
	@override 
	 public void dofilter(servletrequest req, servletresponse resp, 
	   filterchain chain) throws ioexception, servletexception {
		req.setcharacterencoding("utf-8");
		resp.setcontenttype("text/html;charset=utf-8");
		httpservletrequest request = (httpservletrequest)req;
		user user = (user)request.getsession().getattribute("user");
		if(user == null){
			resp.getwriter().print("用户还没有登陆");
			request.getrequestdispatcher("/login.jsp").forward(req, resp);
		}
		if(user.getgrade() < 2){
			resp.getwriter().print("您的等级不够");
			return;
		}
		chain.dofilter(req, resp);
	}
	@override 
	 public void init(filterconfig arg0) throws servletexception {
	}
}

userfilter

package com.cug.filter;
import java.io.ioexception;
import javax.servlet.filter;
import javax.servlet.filterchain;
import javax.servlet.filterconfig;
import javax.servlet.servletexception;
import javax.servlet.servletrequest;
import javax.servlet.servletresponse;
import javax.servlet.http.httpservletrequest;
import com.cug.domain.user;
public class userfilter implements filter{
	@override 
	 public void destroy() {
	}
	@override 
	 public void dofilter(servletrequest request, servletresponse response, 
	   filterchain chain) throws ioexception, servletexception {
		request.setcharacterencoding("utf-8");
		response.setcontenttype("text/html;charset=utf-8");
		httpservletrequest httpreq = (httpservletrequest)request;
		user user = (user)httpreq.getsession().getattribute("user");
		if(user == null){
			request.getrequestdispatcher("/login.jsp").forward(request, response);
		}
		chain.dofilter(request, response);
	}
	@override 
	 public void init(filterconfig filterconfig) throws servletexception {
	}
}

user

package com.cug.domain;
public class user {
	private string username;
	private string password;
	private int grade;
	public user() {
		super();
	}
	public user(string username, string password, int grade) {
		super();
		this.username = username;
		this.password = password;
		this.grade = grade;
	}
	public string getusername() {
		return username;
	}
	public void setusername(string username) {
		this.username = username;
	}
	public string getpassword() {
		return password;
	}
	public void setpassword(string password) {
		this.password = password;
	}
	public int getgrade() {
		return grade;
	}
	public void setgrade(int grade) {
		this.grade = grade;
	}
	@override 
	 public string tostring() {
		return "user [username=" + username + ", password=" + password 
		    + ", grade=" + grade + "]";
	}
}

html

<%@ page language="java" import="java.util.*" pageencoding="utf-8"%> 
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> 
<% 
string path = request.getcontextpath(); 
string basepath = request.getscheme()+"://"+request.getservername()+":"+request.getserverport()+path+"/"; 
%> 
<!doctype html public "-//w3c//dtd html 4.01 transitional//en"> 
<html> 
 <head> 
 <base href="<%=basepath%>" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" > 
 <title>my jsp 'admin.jsp' starting page</title> 
 <meta http-equiv="pragma" content="no-cache"> 
 <meta http-equiv="cache-control" content="no-cache"> 
 <meta http-equiv="expires" content="0">  
 <meta http-equiv="keywords" content="keyword1,keyword2,keyword3"> 
 <meta http-equiv="description" content="this is my page"> 
 <!-- 
 <link rel="stylesheet" type="text/css" href="styles.css" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" > 
 --> 
 </head> 
 <body> 
 <h1>admin.jsp</h1> 
 <h3>${user.username }</h3> 
 <a href="<c:url value='/index.jsp'/>" rel="external nofollow" rel="external nofollow" rel="external nofollow" >首页</a><br/> 
 <a href="<c:url value='/user/user.jsp'/>" rel="external nofollow" rel="external nofollow" rel="external nofollow" >用户页</a><br/> 
 <a href="<c:url value='/admin/admin.jsp'/>" rel="external nofollow" rel="external nofollow" rel="external nofollow" >系统管理员</a><br/> 
 </body> 
</html> 

<%@ page language="java" import="java.util.*" pageencoding="utf-8"%> 
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> 
<% 
string path = request.getcontextpath(); 
string basepath = request.getscheme()+"://"+request.getservername()+":"+request.getserverport()+path+"/"; 
%> 
<!doctype html public "-//w3c//dtd html 4.01 transitional//en"> 
<html> 
 <head> 
 <base href="<%=basepath%>" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" > 
 <title>my jsp 'user.jsp' starting page</title> 
 <meta http-equiv="pragma" content="no-cache"> 
 <meta http-equiv="cache-control" content="no-cache"> 
 <meta http-equiv="expires" content="0">  
 <meta http-equiv="keywords" content="keyword1,keyword2,keyword3"> 
 <meta http-equiv="description" content="this is my page"> 
 <!-- 
 <link rel="stylesheet" type="text/css" href="styles.css" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" > 
 --> 
 </head> 
 <body> 
 <h1>user.jsp</h1> 
 <h3>${user.username }</h3> 
 <a href="<c:url value='/index.jsp'/>" rel="external nofollow" rel="external nofollow" rel="external nofollow" >首页</a><br> 
 <a href="<c:url value='/user/user.jsp'/>" rel="external nofollow" rel="external nofollow" rel="external nofollow" >用户登陆界面</a><br> 
 <a href="<c:url value='/admin/admin.jsp'/>" rel="external nofollow" rel="external nofollow" rel="external nofollow" >管理员登陆界面</a><br> 
 </body> 
</html> 

用户登录

<%@ page language="java" import="java.util.*" pageencoding="utf-8"%> 
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> 
<% 
string path = request.getcontextpath(); 
string basepath = request.getscheme()+"://"+request.getservername()+":"+request.getserverport()+path+"/"; 
%> 
<!doctype html public "-//w3c//dtd html 4.01 transitional//en"> 
<html> 
 <head> 
 <base href="<%=basepath%>" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" > 
 <title>my jsp 'login.jsp' starting page</title> 
 <meta http-equiv="pragma" content="no-cache"> 
 <meta http-equiv="cache-control" content="no-cache"> 
 <meta http-equiv="expires" content="0">  
 <meta http-equiv="keywords" content="keyword1,keyword2,keyword3"> 
 <meta http-equiv="description" content="this is my page"> 
 <!-- 
 <link rel="stylesheet" type="text/css" href="styles.css" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" > 
 --> 
 </head> 
 <body> 
 ${msg } 
 <form action="<c:url value='/loginservlet'/>" method="post"> 
  用户名:<input type="text" name="username"/><br/> 
  密码:<input type="password" name="password"/><br/> 
  <input type="submit" value="登陆"/> 
 </form> 
 </body> 
</html> 

<%@ page language="java" import="java.util.*" pageencoding="utf-8"%> 
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> 
<% 
string path = request.getcontextpath(); 
string basepath = request.getscheme()+"://"+request.getservername()+":"+request.getserverport()+path+"/"; 
%> 
<!doctype html public "-//w3c//dtd html 4.01 transitional//en"> 
<html> 
 <head> 
 <base href="<%=basepath%>" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" > 
 <title>my jsp 'index.jsp' starting page</title> 
 <meta http-equiv="pragma" content="no-cache"> 
 <meta http-equiv="cache-control" content="no-cache"> 
 <meta http-equiv="expires" content="0">  
 <meta http-equiv="keywords" content="keyword1,keyword2,keyword3"> 
 <meta http-equiv="description" content="this is my page"> 
 <!-- 
 <link rel="stylesheet" type="text/css" href="styles.css" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" > 
 --> 
 </head> 
 <body> 
 <h1>index.jsp</h1> 
 <h3>${user.username }</h3> 
 <a href="<c:url value='/index.jsp'/>" rel="external nofollow" rel="external nofollow" rel="external nofollow" >首页</a><br> 
 <a href="<c:url value='/user/user.jsp'/>" rel="external nofollow" rel="external nofollow" rel="external nofollow" >用户登陆界面</a><br> 
 <a href="<c:url value='/admin/admin.jsp'/>" rel="external nofollow" rel="external nofollow" rel="external nofollow" >管理员登陆界面</a><br> 
 </body> 
</html> 

总结

以上就是本文关于javaweb设计中filter粗粒度权限控制代码示例的全部内容,感兴趣的朋友可以继续参阅:javaweb项目中dll文件动态加载方法解析(详细步骤)javaweb使用cors完成跨域ajax数据交互javaweb项目session超时解决方案等。

希望对大家有所帮助,如有不足之处,欢迎留言指正。感谢大家对本站的支持!