当前位置: 移动技术网 > IT编程>开发语言>Java > javaweb设计中filter粗粒度权限控制代码示例

javaweb设计中filter粗粒度权限控制代码示例

2019年07月19日  | 移动技术网IT编程  | 我要评论

说明书设计,绵贯真弓,奥蜜思官网

1 说明

我们给出三个页面:index.jsp、user.jsp、admin.jsp。

index.jsp:谁都可以访问,没有限制;

user.jsp:只有登录用户才能访问;

admin.jsp:只有管理员才能访问。

2 分析

设计user类:username、password、grade,其中grade表示用户等级,1表示普通用户,2表示管理员用户。

当用户登录成功后,把user保存到session中。

创建loginfilter,它有两种过滤方式:

如果访问的是user.jsp,查看session中是否存在user;
如果访问的是admin.jsp,查看session中是否存在user,并且user的grade等于2。

3 代码

<?xml version="1.0" encoding="utf-8"?> 
<web-app version="2.5" 
 xmlns="http://java.sun.com/xml/ns/javaee" 
 xmlns:xsi="http://www.w3.org/2001/xmlschema-instance" 
 xsi:schemalocation="http://java.sun.com/xml/ns/javaee 
 http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"> 
<servlet> 
 <servlet-name>loginservlet</servlet-name> 
 <servlet-class>com.cug.web.servlet.loginservlet</servlet-class> 
</servlet> 
<servlet-mapping> 
 <servlet-name>loginservlet</servlet-name> 
 <url-pattern>/loginservlet</url-pattern> 
</servlet-mapping> 
<welcome-file-list> 
 <welcome-file>index.jsp</welcome-file> 
</welcome-file-list> 
<filter> 
 <filter-name>userfilter</filter-name> 
 <filter-class>com.cug.filter.userfilter</filter-class> 
</filter> 
<filter-mapping> 
 <filter-name>userfilter</filter-name> 
 <url-pattern>/user/*</url-pattern> 
</filter-mapping> 
<filter> 
 <filter-name>adminfilter</filter-name> 
 <filter-class>com.cug.filter.adminfilter</filter-class> 
</filter> 
<filter-mapping> 
 <filter-name>adminfilter</filter-name> 
 <url-pattern>/admin/*</url-pattern> 
</filter-mapping> 
</web-app>

loginservlet.java

package com.cug.web.servlet;
import java.io.ioexception;
import javax.servlet.servletexception;
import javax.servlet.http.httpservlet;
import javax.servlet.http.httpservletrequest;
import javax.servlet.http.httpservletresponse;
import com.cug.domain.user;
import com.cug.web.service.userservice;
public class loginservlet extends httpservlet{
	@override 
	 protected void dopost(httpservletrequest req, httpservletresponse resp) 
	   throws servletexception, ioexception {
		req.setcharacterencoding("utf-8");
		resp.setcontenttype("text/html;charset=utf-8");
		string username = req.getparameter("username");
		string password = req.getparameter("password");
		user user = userservice.login(username, password);
		if(user == null){
			req.setattribute("msg", "用户名或者密码错误");
			req.getrequestdispatcher("/login.jsp").forward(req, resp);
		} else{
			req.getsession().setattribute("user", user);
			req.getrequestdispatcher("index.jsp").forward(req,resp);
		}
	}
}

userservice

package com.cug.web.service;
import java.util.hashmap;
import java.util.map;
import com.cug.domain.user;
public class userservice {
	private static map<string, user> users = new hashmap<string, user>();
	static{
		users.put("zhu", new user("zhu", "123", 2));
		users.put("xiao", new user("xiao", "123", 1));
	}
	public static user login(string username, string password){
		user user = users.get(username);
		if(user == null) 
		   return null;
		if(!user.getpassword().equals(password)) 
		   return null;
		return user;
	}
}

adminfilter

package com.cug.filter;
import java.io.ioexception;
import javax.servlet.filter;
import javax.servlet.filterchain;
import javax.servlet.filterconfig;
import javax.servlet.servletexception;
import javax.servlet.servletrequest;
import javax.servlet.servletresponse;
import javax.servlet.http.httpservletrequest;
import com.cug.domain.user;
public class adminfilter implements filter{
	@override 
	 public void destroy() {
	}
	@override 
	 public void dofilter(servletrequest req, servletresponse resp, 
	   filterchain chain) throws ioexception, servletexception {
		req.setcharacterencoding("utf-8");
		resp.setcontenttype("text/html;charset=utf-8");
		httpservletrequest request = (httpservletrequest)req;
		user user = (user)request.getsession().getattribute("user");
		if(user == null){
			resp.getwriter().print("用户还没有登陆");
			request.getrequestdispatcher("/login.jsp").forward(req, resp);
		}
		if(user.getgrade() < 2){
			resp.getwriter().print("您的等级不够");
			return;
		}
		chain.dofilter(req, resp);
	}
	@override 
	 public void init(filterconfig arg0) throws servletexception {
	}
}

userfilter

package com.cug.filter;
import java.io.ioexception;
import javax.servlet.filter;
import javax.servlet.filterchain;
import javax.servlet.filterconfig;
import javax.servlet.servletexception;
import javax.servlet.servletrequest;
import javax.servlet.servletresponse;
import javax.servlet.http.httpservletrequest;
import com.cug.domain.user;
public class userfilter implements filter{
	@override 
	 public void destroy() {
	}
	@override 
	 public void dofilter(servletrequest request, servletresponse response, 
	   filterchain chain) throws ioexception, servletexception {
		request.setcharacterencoding("utf-8");
		response.setcontenttype("text/html;charset=utf-8");
		httpservletrequest httpreq = (httpservletrequest)request;
		user user = (user)httpreq.getsession().getattribute("user");
		if(user == null){
			request.getrequestdispatcher("/login.jsp").forward(request, response);
		}
		chain.dofilter(request, response);
	}
	@override 
	 public void init(filterconfig filterconfig) throws servletexception {
	}
}

user

package com.cug.domain;
public class user {
	private string username;
	private string password;
	private int grade;
	public user() {
		super();
	}
	public user(string username, string password, int grade) {
		super();
		this.username = username;
		this.password = password;
		this.grade = grade;
	}
	public string getusername() {
		return username;
	}
	public void setusername(string username) {
		this.username = username;
	}
	public string getpassword() {
		return password;
	}
	public void setpassword(string password) {
		this.password = password;
	}
	public int getgrade() {
		return grade;
	}
	public void setgrade(int grade) {
		this.grade = grade;
	}
	@override 
	 public string tostring() {
		return "user [username=" + username + ", password=" + password 
		    + ", grade=" + grade + "]";
	}
}

html

<%@ page language="java" import="java.util.*" pageencoding="utf-8"%> 
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> 
<% 
string path = request.getcontextpath(); 
string basepath = request.getscheme()+"://"+request.getservername()+":"+request.getserverport()+path+"/"; 
%> 
<!doctype html public "-//w3c//dtd html 4.01 transitional//en"> 
<html> 
 <head> 
 <base href="<%=basepath%>" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" > 
 <title>my jsp 'admin.jsp' starting page</title> 
 <meta http-equiv="pragma" content="no-cache"> 
 <meta http-equiv="cache-control" content="no-cache"> 
 <meta http-equiv="expires" content="0">  
 <meta http-equiv="keywords" content="keyword1,keyword2,keyword3"> 
 <meta http-equiv="description" content="this is my page"> 
 <!-- 
 <link rel="stylesheet" type="text/css" href="styles.css" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" > 
 --> 
 </head> 
 <body> 
 <h1>admin.jsp</h1> 
 <h3>${user.username }</h3> 
 <a href="<c:url value='/index.jsp'/>" rel="external nofollow" rel="external nofollow" rel="external nofollow" >首页</a><br/> 
 <a href="<c:url value='/user/user.jsp'/>" rel="external nofollow" rel="external nofollow" rel="external nofollow" >用户页</a><br/> 
 <a href="<c:url value='/admin/admin.jsp'/>" rel="external nofollow" rel="external nofollow" rel="external nofollow" >系统管理员</a><br/> 
 </body> 
</html> 

<%@ page language="java" import="java.util.*" pageencoding="utf-8"%> 
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> 
<% 
string path = request.getcontextpath(); 
string basepath = request.getscheme()+"://"+request.getservername()+":"+request.getserverport()+path+"/"; 
%> 
<!doctype html public "-//w3c//dtd html 4.01 transitional//en"> 
<html> 
 <head> 
 <base href="<%=basepath%>" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" > 
 <title>my jsp 'user.jsp' starting page</title> 
 <meta http-equiv="pragma" content="no-cache"> 
 <meta http-equiv="cache-control" content="no-cache"> 
 <meta http-equiv="expires" content="0">  
 <meta http-equiv="keywords" content="keyword1,keyword2,keyword3"> 
 <meta http-equiv="description" content="this is my page"> 
 <!-- 
 <link rel="stylesheet" type="text/css" href="styles.css" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" > 
 --> 
 </head> 
 <body> 
 <h1>user.jsp</h1> 
 <h3>${user.username }</h3> 
 <a href="<c:url value='/index.jsp'/>" rel="external nofollow" rel="external nofollow" rel="external nofollow" >首页</a><br> 
 <a href="<c:url value='/user/user.jsp'/>" rel="external nofollow" rel="external nofollow" rel="external nofollow" >用户登陆界面</a><br> 
 <a href="<c:url value='/admin/admin.jsp'/>" rel="external nofollow" rel="external nofollow" rel="external nofollow" >管理员登陆界面</a><br> 
 </body> 
</html>

用户登录

<%@ page language="java" import="java.util.*" pageencoding="utf-8"%> 
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> 
<% 
string path = request.getcontextpath(); 
string basepath = request.getscheme()+"://"+request.getservername()+":"+request.getserverport()+path+"/"; 
%> 
<!doctype html public "-//w3c//dtd html 4.01 transitional//en"> 
<html> 
 <head> 
 <base href="<%=basepath%>" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" > 
 <title>my jsp 'login.jsp' starting page</title> 
 <meta http-equiv="pragma" content="no-cache"> 
 <meta http-equiv="cache-control" content="no-cache"> 
 <meta http-equiv="expires" content="0">  
 <meta http-equiv="keywords" content="keyword1,keyword2,keyword3"> 
 <meta http-equiv="description" content="this is my page"> 
 <!-- 
 <link rel="stylesheet" type="text/css" href="styles.css" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" > 
 --> 
 </head> 
 <body> 
 ${msg } 
 <form action="<c:url value='/loginservlet'/>" method="post"> 
  用户名:<input type="text" name="username"/><br/> 
  密码:<input type="password" name="password"/><br/> 
  <input type="submit" value="登陆"/> 
 </form> 
 </body> 
</html> 

<%@ page language="java" import="java.util.*" pageencoding="utf-8"%> 
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> 
<% 
string path = request.getcontextpath(); 
string basepath = request.getscheme()+"://"+request.getservername()+":"+request.getserverport()+path+"/"; 
%> 
<!doctype html public "-//w3c//dtd html 4.01 transitional//en"> 
<html> 
 <head> 
 <base href="<%=basepath%>" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" > 
 <title>my jsp 'index.jsp' starting page</title> 
 <meta http-equiv="pragma" content="no-cache"> 
 <meta http-equiv="cache-control" content="no-cache"> 
 <meta http-equiv="expires" content="0">  
 <meta http-equiv="keywords" content="keyword1,keyword2,keyword3"> 
 <meta http-equiv="description" content="this is my page"> 
 <!-- 
 <link rel="stylesheet" type="text/css" href="styles.css" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" > 
 --> 
 </head> 
 <body> 
 <h1>index.jsp</h1> 
 <h3>${user.username }</h3> 
 <a href="<c:url value='/index.jsp'/>" rel="external nofollow" rel="external nofollow" rel="external nofollow" >首页</a><br> 
 <a href="<c:url value='/user/user.jsp'/>" rel="external nofollow" rel="external nofollow" rel="external nofollow" >用户登陆界面</a><br> 
 <a href="<c:url value='/admin/admin.jsp'/>" rel="external nofollow" rel="external nofollow" rel="external nofollow" >管理员登陆界面</a><br> 
 </body> 
</html>

总结

以上就是本文关于javaweb设计中filter粗粒度权限控制代码示例的全部内容,感兴趣的朋友可以继续参阅:javaweb项目中dll文件动态加载方法解析(详细步骤)javaweb使用cors完成跨域ajax数据交互javaweb项目session超时解决方案等。

希望对大家有所帮助,如有不足之处,欢迎留言指正。感谢大家对本站的支持!

您可能感兴趣的文章:

如对本文有疑问,请在下面进行留言讨论,广大热心网友会与你互动!! 点击进行留言回复

相关文章:

验证码:
最近更新的文章
大家感兴趣的文章
移动技术网