javaweb设计中filter粗粒度权限控制代码示例
程序员文章站
2024-02-24 16:57:10
1 说明
我们给出三个页面:index.jsp、user.jsp、admin.jsp。
index.jsp:谁都可以访问,没有限制;
user.jsp:只...
1 说明
我们给出三个页面:index.jsp、user.jsp、admin.jsp。
index.jsp:谁都可以访问,没有限制;
user.jsp:只有登录用户才能访问;
admin.jsp:只有管理员才能访问。
2 分析
设计user类:username、password、grade,其中grade表示用户等级,1表示普通用户,2表示管理员用户。
当用户登录成功后,把user保存到session中。
创建loginfilter,它有两种过滤方式:
如果访问的是user.jsp,查看session中是否存在user;
如果访问的是admin.jsp,查看session中是否存在user,并且user的grade等于2。
3 代码
<?xml version="1.0" encoding="utf-8"?> <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/xmlschema-instance" xsi:schemalocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"> <servlet> <servlet-name>loginservlet</servlet-name> <servlet-class>com.cug.web.servlet.loginservlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>loginservlet</servlet-name> <url-pattern>/loginservlet</url-pattern> </servlet-mapping> <welcome-file-list> <welcome-file>index.jsp</welcome-file> </welcome-file-list> <filter> <filter-name>userfilter</filter-name> <filter-class>com.cug.filter.userfilter</filter-class> </filter> <filter-mapping> <filter-name>userfilter</filter-name> <url-pattern>/user/*</url-pattern> </filter-mapping> <filter> <filter-name>adminfilter</filter-name> <filter-class>com.cug.filter.adminfilter</filter-class> </filter> <filter-mapping> <filter-name>adminfilter</filter-name> <url-pattern>/admin/*</url-pattern> </filter-mapping> </web-app>
loginservlet.java
package com.cug.web.servlet;
import java.io.ioexception;
import javax.servlet.servletexception;
import javax.servlet.http.httpservlet;
import javax.servlet.http.httpservletrequest;
import javax.servlet.http.httpservletresponse;
import com.cug.domain.user;
import com.cug.web.service.userservice;
public class loginservlet extends httpservlet{
@override
protected void dopost(httpservletrequest req, httpservletresponse resp)
throws servletexception, ioexception {
req.setcharacterencoding("utf-8");
resp.setcontenttype("text/html;charset=utf-8");
string username = req.getparameter("username");
string password = req.getparameter("password");
user user = userservice.login(username, password);
if(user == null){
req.setattribute("msg", "用户名或者密码错误");
req.getrequestdispatcher("/login.jsp").forward(req, resp);
} else{
req.getsession().setattribute("user", user);
req.getrequestdispatcher("index.jsp").forward(req,resp);
}
}
}
userservice
package com.cug.web.service;
import java.util.hashmap;
import java.util.map;
import com.cug.domain.user;
public class userservice {
private static map<string, user> users = new hashmap<string, user>();
static{
users.put("zhu", new user("zhu", "123", 2));
users.put("xiao", new user("xiao", "123", 1));
}
public static user login(string username, string password){
user user = users.get(username);
if(user == null)
return null;
if(!user.getpassword().equals(password))
return null;
return user;
}
}
adminfilter
package com.cug.filter;
import java.io.ioexception;
import javax.servlet.filter;
import javax.servlet.filterchain;
import javax.servlet.filterconfig;
import javax.servlet.servletexception;
import javax.servlet.servletrequest;
import javax.servlet.servletresponse;
import javax.servlet.http.httpservletrequest;
import com.cug.domain.user;
public class adminfilter implements filter{
@override
public void destroy() {
}
@override
public void dofilter(servletrequest req, servletresponse resp,
filterchain chain) throws ioexception, servletexception {
req.setcharacterencoding("utf-8");
resp.setcontenttype("text/html;charset=utf-8");
httpservletrequest request = (httpservletrequest)req;
user user = (user)request.getsession().getattribute("user");
if(user == null){
resp.getwriter().print("用户还没有登陆");
request.getrequestdispatcher("/login.jsp").forward(req, resp);
}
if(user.getgrade() < 2){
resp.getwriter().print("您的等级不够");
return;
}
chain.dofilter(req, resp);
}
@override
public void init(filterconfig arg0) throws servletexception {
}
}
userfilter
package com.cug.filter;
import java.io.ioexception;
import javax.servlet.filter;
import javax.servlet.filterchain;
import javax.servlet.filterconfig;
import javax.servlet.servletexception;
import javax.servlet.servletrequest;
import javax.servlet.servletresponse;
import javax.servlet.http.httpservletrequest;
import com.cug.domain.user;
public class userfilter implements filter{
@override
public void destroy() {
}
@override
public void dofilter(servletrequest request, servletresponse response,
filterchain chain) throws ioexception, servletexception {
request.setcharacterencoding("utf-8");
response.setcontenttype("text/html;charset=utf-8");
httpservletrequest httpreq = (httpservletrequest)request;
user user = (user)httpreq.getsession().getattribute("user");
if(user == null){
request.getrequestdispatcher("/login.jsp").forward(request, response);
}
chain.dofilter(request, response);
}
@override
public void init(filterconfig filterconfig) throws servletexception {
}
}
user
package com.cug.domain;
public class user {
private string username;
private string password;
private int grade;
public user() {
super();
}
public user(string username, string password, int grade) {
super();
this.username = username;
this.password = password;
this.grade = grade;
}
public string getusername() {
return username;
}
public void setusername(string username) {
this.username = username;
}
public string getpassword() {
return password;
}
public void setpassword(string password) {
this.password = password;
}
public int getgrade() {
return grade;
}
public void setgrade(int grade) {
this.grade = grade;
}
@override
public string tostring() {
return "user [username=" + username + ", password=" + password
+ ", grade=" + grade + "]";
}
}
html
<%@ page language="java" import="java.util.*" pageencoding="utf-8"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%
string path = request.getcontextpath();
string basepath = request.getscheme()+"://"+request.getservername()+":"+request.getserverport()+path+"/";
%>
<!doctype html public "-//w3c//dtd html 4.01 transitional//en">
<html>
<head>
<base href="<%=basepath%>" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" >
<title>my jsp 'admin.jsp' starting page</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="this is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" >
-->
</head>
<body>
<h1>admin.jsp</h1>
<h3>${user.username }</h3>
<a href="<c:url value='/index.jsp'/>" rel="external nofollow" rel="external nofollow" rel="external nofollow" >首页</a><br/>
<a href="<c:url value='/user/user.jsp'/>" rel="external nofollow" rel="external nofollow" rel="external nofollow" >用户页</a><br/>
<a href="<c:url value='/admin/admin.jsp'/>" rel="external nofollow" rel="external nofollow" rel="external nofollow" >系统管理员</a><br/>
</body>
</html>
<%@ page language="java" import="java.util.*" pageencoding="utf-8"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<%
string path = request.getcontextpath();
string basepath = request.getscheme()+"://"+request.getservername()+":"+request.getserverport()+path+"/";
%>
<!doctype html public "-//w3c//dtd html 4.01 transitional//en">
<html>
<head>
<base href="<%=basepath%>" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" >
<title>my jsp 'user.jsp' starting page</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="this is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" >
-->
</head>
<body>
<h1>user.jsp</h1>
<h3>${user.username }</h3>
<a href="<c:url value='/index.jsp'/>" rel="external nofollow" rel="external nofollow" rel="external nofollow" >首页</a><br>
<a href="<c:url value='/user/user.jsp'/>" rel="external nofollow" rel="external nofollow" rel="external nofollow" >用户登陆界面</a><br>
<a href="<c:url value='/admin/admin.jsp'/>" rel="external nofollow" rel="external nofollow" rel="external nofollow" >管理员登陆界面</a><br>
</body>
</html>
用户登录
<%@ page language="java" import="java.util.*" pageencoding="utf-8"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%
string path = request.getcontextpath();
string basepath = request.getscheme()+"://"+request.getservername()+":"+request.getserverport()+path+"/";
%>
<!doctype html public "-//w3c//dtd html 4.01 transitional//en">
<html>
<head>
<base href="<%=basepath%>" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" >
<title>my jsp 'login.jsp' starting page</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="this is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" >
-->
</head>
<body>
${msg }
<form action="<c:url value='/loginservlet'/>" method="post">
用户名:<input type="text" name="username"/><br/>
密码:<input type="password" name="password"/><br/>
<input type="submit" value="登陆"/>
</form>
</body>
</html>
<%@ page language="java" import="java.util.*" pageencoding="utf-8"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%
string path = request.getcontextpath();
string basepath = request.getscheme()+"://"+request.getservername()+":"+request.getserverport()+path+"/";
%>
<!doctype html public "-//w3c//dtd html 4.01 transitional//en">
<html>
<head>
<base href="<%=basepath%>" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" >
<title>my jsp 'index.jsp' starting page</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="this is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" >
-->
</head>
<body>
<h1>index.jsp</h1>
<h3>${user.username }</h3>
<a href="<c:url value='/index.jsp'/>" rel="external nofollow" rel="external nofollow" rel="external nofollow" >首页</a><br>
<a href="<c:url value='/user/user.jsp'/>" rel="external nofollow" rel="external nofollow" rel="external nofollow" >用户登陆界面</a><br>
<a href="<c:url value='/admin/admin.jsp'/>" rel="external nofollow" rel="external nofollow" rel="external nofollow" >管理员登陆界面</a><br>
</body>
</html>
总结
以上就是本文关于javaweb设计中filter粗粒度权限控制代码示例的全部内容,感兴趣的朋友可以继续参阅:javaweb项目中dll文件动态加载方法解析(详细步骤)、javaweb使用cors完成跨域ajax数据交互、javaweb项目session超时解决方案等。
希望对大家有所帮助,如有不足之处,欢迎留言指正。感谢大家对本站的支持!
上一篇: 深入理解Django中内置的用户认证
下一篇: php薪水分层