javaweb设计中filter粗粒度权限控制代码示例

2023-09-23 06:34:06 354

1说明

我们给出三个页面：index.jsp、user.jsp、admin.jsp。

index.jsp：谁都可以访问，没有限制；

user.jsp：只有登录用户才能访问；

admin.jsp：只有管理员才能访问。

2分析

设计User类：username、password、grade，其中grade表示用户等级，1表示普通用户，2表示管理员用户。

当用户登录成功后，把user保存到session中。

创建LoginFilter，它有两种过滤方式：

如果访问的是user.jsp，查看session中是否存在user；
如果访问的是admin.jsp，查看session中是否存在user，并且user的grade等于2。

3代码




LoginServlet
com.cug.web.servlet.LoginServlet


LoginServlet
/LoginServlet


index.jsp


UserFilter
com.cug.filter.UserFilter


UserFilter
/user/*


AdminFilter
com.cug.filter.AdminFilter


AdminFilter
/admin/*

LoginServlet.java

packagecom.cug.web.servlet;
importjava.io.IOException;
importjavax.servlet.ServletException;
importjavax.servlet.http.HttpServlet;
importjavax.servlet.http.HttpServletRequest;
importjavax.servlet.http.HttpServletResponse;
importcom.cug.domain.User;
importcom.cug.web.service.UserService;
publicclassLoginServletextendsHttpServlet{
	@Override
	protectedvoiddoPost(HttpServletRequestreq,HttpServletResponseresp)
	throwsServletException,IOException{
		req.setCharacterEncoding("utf-8");
		resp.setContentType("text/html;charset=utf-8");
		Stringusername=req.getParameter("username");
		Stringpassword=req.getParameter("password");
		Useruser=UserService.login(username,password);
		if(user==null){
			req.setAttribute("msg","用户名或者密码错误");
			req.getRequestDispatcher("/login.jsp").forward(req,resp);
		}else{
			req.getSession().setAttribute("user",user);
			req.getRequestDispatcher("index.jsp").forward(req,resp);
		}
	}
}

UserService

packagecom.cug.web.service;
importjava.util.HashMap;
importjava.util.Map;
importcom.cug.domain.User;
publicclassUserService{
	privatestaticMapusers=newHashMap();
	static{
		users.put("zhu",newUser("zhu","123",2));
		users.put("xiao",newUser("xiao","123",1));
	}
	publicstaticUserlogin(Stringusername,Stringpassword){
		Useruser=users.get(username);
		if(user==null)
		returnnull;
		if(!user.getPassword().equals(password))
		returnnull;
		returnuser;
	}
}

AdminFilter

packagecom.cug.filter;
importjava.io.IOException;
importjavax.servlet.Filter;
importjavax.servlet.FilterChain;
importjavax.servlet.FilterConfig;
importjavax.servlet.ServletException;
importjavax.servlet.ServletRequest;
importjavax.servlet.ServletResponse;
importjavax.servlet.http.HttpServletRequest;
importcom.cug.domain.User;
publicclassAdminFilterimplementsFilter{
	@Override
	publicvoiddestroy(){
	}
	@Override
	publicvoiddoFilter(ServletRequestreq,ServletResponseresp,
	FilterChainchain)throwsIOException,ServletException{
		req.setCharacterEncoding("utf-8");
		resp.setContentType("text/html;charset=utf-8");
		HttpServletRequestrequest=(HttpServletRequest)req;
		Useruser=(User)request.getSession().getAttribute("user");
		if(user==null){
			resp.getWriter().print("用户还没有登陆");
			request.getRequestDispatcher("/login.jsp").forward(req,resp);
		}
		if(user.getGrade()<2){
			resp.getWriter().print("您的等级不够");
			return;
		}
		chain.doFilter(req,resp);
	}
	@Override
	publicvoidinit(FilterConfigarg0)throwsServletException{
	}
}

UserFilter

packagecom.cug.filter;
importjava.io.IOException;
importjavax.servlet.Filter;
importjavax.servlet.FilterChain;
importjavax.servlet.FilterConfig;
importjavax.servlet.ServletException;
importjavax.servlet.ServletRequest;
importjavax.servlet.ServletResponse;
importjavax.servlet.http.HttpServletRequest;
importcom.cug.domain.User;
publicclassUserFilterimplementsFilter{
	@Override
	publicvoiddestroy(){
	}
	@Override
	publicvoiddoFilter(ServletRequestrequest,ServletResponseresponse,
	FilterChainchain)throwsIOException,ServletException{
		request.setCharacterEncoding("utf-8");
		response.setContentType("text/html;charset=utf-8");
		HttpServletRequesthttpReq=(HttpServletRequest)request;
		Useruser=(User)httpReq.getSession().getAttribute("user");
		if(user==null){
			request.getRequestDispatcher("/login.jsp").forward(request,response);
		}
		chain.doFilter(request,response);
	}
	@Override
	publicvoidinit(FilterConfigfilterConfig)throwsServletException{
	}
}

User

packagecom.cug.domain;
publicclassUser{
	privateStringusername;
	privateStringpassword;
	privateintgrade;
	publicUser(){
		super();
	}
	publicUser(Stringusername,Stringpassword,intgrade){
		super();
		this.username=username;
		this.password=password;
		this.grade=grade;
	}
	publicStringgetUsername(){
		returnusername;
	}
	publicvoidsetUsername(Stringusername){
		this.username=username;
	}
	publicStringgetPassword(){
		returnpassword;
	}
	publicvoidsetPassword(Stringpassword){
		this.password=password;
	}
	publicintgetGrade(){
		returngrade;
	}
	publicvoidsetGrade(intgrade){
		this.grade=grade;
	}
	@Override
	publicStringtoString(){
		return"User[username="+username+",password="+password
		+",grade="+grade+"]";
	}
}

html

<%@pagelanguage="java"import="java.util.*"pageEncoding="UTF-8"%>
<%@taglibprefix="c"uri="http://java.sun.com/jsp/jstl/core"%>
<%
Stringpath=request.getContextPath();
StringbasePath=request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>



"rel="externalnofollow"rel="externalnofollow"rel="externalnofollow"rel="externalnofollow">
MyJSP'admin.jsp'startingpage








admin.jsp
${user.username}
"rel="externalnofollow"rel="externalnofollow"rel="externalnofollow">首页

"rel="externalnofollow"rel="externalnofollow"rel="externalnofollow">用户页

"rel="externalnofollow"rel="externalnofollow"rel="externalnofollow">系统管理员

<%@pagelanguage="java"import="java.util.*"pageEncoding="UTF-8"%>
<%@taglibprefix="c"uri="http://java.sun.com/jsp/jstl/core"%>
<%
Stringpath=request.getContextPath();
StringbasePath=request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>



"rel="externalnofollow"rel="externalnofollow"rel="externalnofollow"rel="externalnofollow">
MyJSP'user.jsp'startingpage








user.jsp
${user.username}
"rel="externalnofollow"rel="externalnofollow"rel="externalnofollow">首页

"rel="externalnofollow"rel="externalnofollow"rel="externalnofollow">用户登陆界面

"rel="externalnofollow"rel="externalnofollow"rel="externalnofollow">管理员登陆界面

用户登录

<%@pagelanguage="java"import="java.util.*"pageEncoding="UTF-8"%>
<%@taglibprefix="c"uri="http://java.sun.com/jsp/jstl/core"%>
<%
Stringpath=request.getContextPath();
StringbasePath=request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>



"rel="externalnofollow"rel="externalnofollow"rel="externalnofollow"rel="externalnofollow">
MyJSP'login.jsp'startingpage








${msg}
"method="post">
用户名：

密码：

<%@pagelanguage="java"import="java.util.*"pageEncoding="UTF-8"%>
<%@taglibprefix="c"uri="http://java.sun.com/jsp/jstl/core"%>
<%
Stringpath=request.getContextPath();
StringbasePath=request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>



"rel="externalnofollow"rel="externalnofollow"rel="externalnofollow"rel="externalnofollow">
MyJSP'index.jsp'startingpage








index.jsp
${user.username}
"rel="externalnofollow"rel="externalnofollow"rel="externalnofollow">首页

"rel="externalnofollow"rel="externalnofollow"rel="externalnofollow">用户登陆界面

"rel="externalnofollow"rel="externalnofollow"rel="externalnofollow">管理员登陆界面

总结

以上就是本文关于javaweb设计中filter粗粒度权限控制代码示例的全部内容，感兴趣的朋友可以继续参阅：JavaWeb项目中dll文件动态加载方法解析（详细步骤）、Javaweb使用cors完成跨域ajax数据交互、Javaweb项目session超时解决方案等。

希望对大家有所帮助，如有不足之处，欢迎留言指正。感谢大家对本站的支持！

javaweb设计中filter粗粒度权限控制代码示例

admin.jsp

${user.username}

user.jsp

${user.username}

index.jsp

${user.username}

热门推荐

随机推荐