javaweb设计中filter粗粒度权限控制代码示例
程序员文章站
2024-02-24 16:57:10
1 说明
我们给出三个页面:index.jsp、user.jsp、admin.jsp。
index.jsp:谁都可以访问,没有限制;
user.jsp:只...
1 说明
我们给出三个页面:index.jsp、user.jsp、admin.jsp。
index.jsp:谁都可以访问,没有限制;
user.jsp:只有登录用户才能访问;
admin.jsp:只有管理员才能访问。
2 分析
设计user类:username、password、grade,其中grade表示用户等级,1表示普通用户,2表示管理员用户。
当用户登录成功后,把user保存到session中。
创建loginfilter,它有两种过滤方式:
如果访问的是user.jsp,查看session中是否存在user;
如果访问的是admin.jsp,查看session中是否存在user,并且user的grade等于2。
3 代码
<?xml version="1.0" encoding="utf-8"?> <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/xmlschema-instance" xsi:schemalocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"> <servlet> <servlet-name>loginservlet</servlet-name> <servlet-class>com.cug.web.servlet.loginservlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>loginservlet</servlet-name> <url-pattern>/loginservlet</url-pattern> </servlet-mapping> <welcome-file-list> <welcome-file>index.jsp</welcome-file> </welcome-file-list> <filter> <filter-name>userfilter</filter-name> <filter-class>com.cug.filter.userfilter</filter-class> </filter> <filter-mapping> <filter-name>userfilter</filter-name> <url-pattern>/user/*</url-pattern> </filter-mapping> <filter> <filter-name>adminfilter</filter-name> <filter-class>com.cug.filter.adminfilter</filter-class> </filter> <filter-mapping> <filter-name>adminfilter</filter-name> <url-pattern>/admin/*</url-pattern> </filter-mapping> </web-app>
loginservlet.java
package com.cug.web.servlet; import java.io.ioexception; import javax.servlet.servletexception; import javax.servlet.http.httpservlet; import javax.servlet.http.httpservletrequest; import javax.servlet.http.httpservletresponse; import com.cug.domain.user; import com.cug.web.service.userservice; public class loginservlet extends httpservlet{ @override protected void dopost(httpservletrequest req, httpservletresponse resp) throws servletexception, ioexception { req.setcharacterencoding("utf-8"); resp.setcontenttype("text/html;charset=utf-8"); string username = req.getparameter("username"); string password = req.getparameter("password"); user user = userservice.login(username, password); if(user == null){ req.setattribute("msg", "用户名或者密码错误"); req.getrequestdispatcher("/login.jsp").forward(req, resp); } else{ req.getsession().setattribute("user", user); req.getrequestdispatcher("index.jsp").forward(req,resp); } } }
userservice
package com.cug.web.service; import java.util.hashmap; import java.util.map; import com.cug.domain.user; public class userservice { private static map<string, user> users = new hashmap<string, user>(); static{ users.put("zhu", new user("zhu", "123", 2)); users.put("xiao", new user("xiao", "123", 1)); } public static user login(string username, string password){ user user = users.get(username); if(user == null) return null; if(!user.getpassword().equals(password)) return null; return user; } }
adminfilter
package com.cug.filter; import java.io.ioexception; import javax.servlet.filter; import javax.servlet.filterchain; import javax.servlet.filterconfig; import javax.servlet.servletexception; import javax.servlet.servletrequest; import javax.servlet.servletresponse; import javax.servlet.http.httpservletrequest; import com.cug.domain.user; public class adminfilter implements filter{ @override public void destroy() { } @override public void dofilter(servletrequest req, servletresponse resp, filterchain chain) throws ioexception, servletexception { req.setcharacterencoding("utf-8"); resp.setcontenttype("text/html;charset=utf-8"); httpservletrequest request = (httpservletrequest)req; user user = (user)request.getsession().getattribute("user"); if(user == null){ resp.getwriter().print("用户还没有登陆"); request.getrequestdispatcher("/login.jsp").forward(req, resp); } if(user.getgrade() < 2){ resp.getwriter().print("您的等级不够"); return; } chain.dofilter(req, resp); } @override public void init(filterconfig arg0) throws servletexception { } }
userfilter
package com.cug.filter; import java.io.ioexception; import javax.servlet.filter; import javax.servlet.filterchain; import javax.servlet.filterconfig; import javax.servlet.servletexception; import javax.servlet.servletrequest; import javax.servlet.servletresponse; import javax.servlet.http.httpservletrequest; import com.cug.domain.user; public class userfilter implements filter{ @override public void destroy() { } @override public void dofilter(servletrequest request, servletresponse response, filterchain chain) throws ioexception, servletexception { request.setcharacterencoding("utf-8"); response.setcontenttype("text/html;charset=utf-8"); httpservletrequest httpreq = (httpservletrequest)request; user user = (user)httpreq.getsession().getattribute("user"); if(user == null){ request.getrequestdispatcher("/login.jsp").forward(request, response); } chain.dofilter(request, response); } @override public void init(filterconfig filterconfig) throws servletexception { } }
user
package com.cug.domain; public class user { private string username; private string password; private int grade; public user() { super(); } public user(string username, string password, int grade) { super(); this.username = username; this.password = password; this.grade = grade; } public string getusername() { return username; } public void setusername(string username) { this.username = username; } public string getpassword() { return password; } public void setpassword(string password) { this.password = password; } public int getgrade() { return grade; } public void setgrade(int grade) { this.grade = grade; } @override public string tostring() { return "user [username=" + username + ", password=" + password + ", grade=" + grade + "]"; } }
html
<%@ page language="java" import="java.util.*" pageencoding="utf-8"%> <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> <% string path = request.getcontextpath(); string basepath = request.getscheme()+"://"+request.getservername()+":"+request.getserverport()+path+"/"; %> <!doctype html public "-//w3c//dtd html 4.01 transitional//en"> <html> <head> <base href="<%=basepath%>" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" > <title>my jsp 'admin.jsp' starting page</title> <meta http-equiv="pragma" content="no-cache"> <meta http-equiv="cache-control" content="no-cache"> <meta http-equiv="expires" content="0"> <meta http-equiv="keywords" content="keyword1,keyword2,keyword3"> <meta http-equiv="description" content="this is my page"> <!-- <link rel="stylesheet" type="text/css" href="styles.css" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" > --> </head> <body> <h1>admin.jsp</h1> <h3>${user.username }</h3> <a href="<c:url value='/index.jsp'/>" rel="external nofollow" rel="external nofollow" rel="external nofollow" >首页</a><br/> <a href="<c:url value='/user/user.jsp'/>" rel="external nofollow" rel="external nofollow" rel="external nofollow" >用户页</a><br/> <a href="<c:url value='/admin/admin.jsp'/>" rel="external nofollow" rel="external nofollow" rel="external nofollow" >系统管理员</a><br/> </body> </html>
<%@ page language="java" import="java.util.*" pageencoding="utf-8"%> <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> <% string path = request.getcontextpath(); string basepath = request.getscheme()+"://"+request.getservername()+":"+request.getserverport()+path+"/"; %> <!doctype html public "-//w3c//dtd html 4.01 transitional//en"> <html> <head> <base href="<%=basepath%>" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" > <title>my jsp 'user.jsp' starting page</title> <meta http-equiv="pragma" content="no-cache"> <meta http-equiv="cache-control" content="no-cache"> <meta http-equiv="expires" content="0"> <meta http-equiv="keywords" content="keyword1,keyword2,keyword3"> <meta http-equiv="description" content="this is my page"> <!-- <link rel="stylesheet" type="text/css" href="styles.css" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" > --> </head> <body> <h1>user.jsp</h1> <h3>${user.username }</h3> <a href="<c:url value='/index.jsp'/>" rel="external nofollow" rel="external nofollow" rel="external nofollow" >首页</a><br> <a href="<c:url value='/user/user.jsp'/>" rel="external nofollow" rel="external nofollow" rel="external nofollow" >用户登陆界面</a><br> <a href="<c:url value='/admin/admin.jsp'/>" rel="external nofollow" rel="external nofollow" rel="external nofollow" >管理员登陆界面</a><br> </body> </html>
用户登录
<%@ page language="java" import="java.util.*" pageencoding="utf-8"%> <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> <% string path = request.getcontextpath(); string basepath = request.getscheme()+"://"+request.getservername()+":"+request.getserverport()+path+"/"; %> <!doctype html public "-//w3c//dtd html 4.01 transitional//en"> <html> <head> <base href="<%=basepath%>" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" > <title>my jsp 'login.jsp' starting page</title> <meta http-equiv="pragma" content="no-cache"> <meta http-equiv="cache-control" content="no-cache"> <meta http-equiv="expires" content="0"> <meta http-equiv="keywords" content="keyword1,keyword2,keyword3"> <meta http-equiv="description" content="this is my page"> <!-- <link rel="stylesheet" type="text/css" href="styles.css" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" > --> </head> <body> ${msg } <form action="<c:url value='/loginservlet'/>" method="post"> 用户名:<input type="text" name="username"/><br/> 密码:<input type="password" name="password"/><br/> <input type="submit" value="登陆"/> </form> </body> </html>
<%@ page language="java" import="java.util.*" pageencoding="utf-8"%> <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> <% string path = request.getcontextpath(); string basepath = request.getscheme()+"://"+request.getservername()+":"+request.getserverport()+path+"/"; %> <!doctype html public "-//w3c//dtd html 4.01 transitional//en"> <html> <head> <base href="<%=basepath%>" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" > <title>my jsp 'index.jsp' starting page</title> <meta http-equiv="pragma" content="no-cache"> <meta http-equiv="cache-control" content="no-cache"> <meta http-equiv="expires" content="0"> <meta http-equiv="keywords" content="keyword1,keyword2,keyword3"> <meta http-equiv="description" content="this is my page"> <!-- <link rel="stylesheet" type="text/css" href="styles.css" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" > --> </head> <body> <h1>index.jsp</h1> <h3>${user.username }</h3> <a href="<c:url value='/index.jsp'/>" rel="external nofollow" rel="external nofollow" rel="external nofollow" >首页</a><br> <a href="<c:url value='/user/user.jsp'/>" rel="external nofollow" rel="external nofollow" rel="external nofollow" >用户登陆界面</a><br> <a href="<c:url value='/admin/admin.jsp'/>" rel="external nofollow" rel="external nofollow" rel="external nofollow" >管理员登陆界面</a><br> </body> </html>
总结
以上就是本文关于javaweb设计中filter粗粒度权限控制代码示例的全部内容,感兴趣的朋友可以继续参阅:javaweb项目中dll文件动态加载方法解析(详细步骤)、javaweb使用cors完成跨域ajax数据交互、javaweb项目session超时解决方案等。
希望对大家有所帮助,如有不足之处,欢迎留言指正。感谢大家对本站的支持!
上一篇: 深入理解Django中内置的用户认证
下一篇: php薪水分层