filter:粗粒度权限管理
1、粗粒度权限控制(拦截是否登录、拦截用户名admin权限)
RBAC→基于角色的权限控制● tb user
● tb role
● tb userrole
● tb menu(增、删、改、查)
● tb rolemenu
2、说明
我们给出三个页面: index.jsp、 userjsp、 admin.jsp
●index.jsp:谁都可以访问,没有限制;
●user.jsp:只有登录用户才能访问;
●admin.jsp:只有管理员才能访问。。
3、分析
设计User类: username、password、 grade,其中grade表示用户等级,1表示普通用户,2表示管理员用户。
当用户登录成功后,把user保存到session中。
创建LoginFilter,它有两种过滤方式:
代码:
index.jsp
<%@ page language="java" contentType="text/html; charset=utf-8"
pageEncoding="utf-8"%>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Insert title here</title>
</head>
<body>
<h1>游客,你好</h1>
<a href="index.jsp">游客入口</a><br>
<a href="user/u.jsp">会员入口</a><br>
<a href="admin/a.jsp">管理员登录</a>
</body>
</html>login.jsp
<%@ page language="java" contentType="text/html; charset=utf-8"
pageEncoding="utf-8"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Insert title here</title>
</head>
<body>
<h1>登录</h1>
${msg }
<form action="<c:url value='/loginservlet' />" method="post">
用户名:<input type="text" name="username"/>
<input type="submit" value="登录"/>
</form>
</body>
</html>a.jsp
<%@ page language="java" contentType="text/html; charset=utf-8"
pageEncoding="utf-8"%>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Insert title here</title>
</head>
<body>
<h1>你好,admin</h1>
<a href="/culiduanli/index.jsp">游客入口</a><br>
<a href="/culiduanli/user/u.jsp">会员入口</a><br>
<a href="/culiduanli/admin/a.jsp">管理员登录</a>
</body>
</html>u.jsp
<%@ page language="java" contentType="text/html; charset=utf-8"
pageEncoding="utf-8"%>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Insert title here</title>
</head>
<body>
<h1>游客</h1>
<a href="/culiduanli/index.jsp">游客入口</a><br>
<a href="/culiduanli/user/u.jsp">会员入口</a><br>
<a href="/culiduanli/admin/a.jsp">管理员登录</a>
</body>
</html>loginservlet.java
package com.tinstu.servlet;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class loginservlet extends HttpServlet {
private static final long serialVersionUID = 1L;
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
request.setCharacterEncoding("utf-8");
response.setContentType("text/html;charset=utf-8");
/*
* 1.获取用户名
* 2.判断用户名中是否包含tin
* 3.如果包含,就是管理员
* 4.如果不包含就是普通会员
* 5.要把登录的用户名保存到session中
* 6.转发到index.jsp
*/
String username = request.getParameter("username");
if(username.equals("tin")) {
request.getSession().setAttribute("admin", username);
} else {
request.getSession().setAttribute("username", username);
}
request.getRequestDispatcher("/index.jsp").forward(request, response);
}
}
UserFilter.java
package com.tinstu.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
public class UserFilter implements Filter {
public UserFilter() {
}
public void destroy() {
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
/*
* 1.得到session
* 2.判断session域中是否存在admin,如果存在,放行
* 3.判断session域中username,如果存在,放行,否则回到login.jsp,并提示
*/
HttpServletRequest req = (HttpServletRequest) request;
String name = (String) req.getSession().getAttribute("admin");
if(name !=null ) {
chain.doFilter(request, response);
return;
}
name = (String) req.getSession().getAttribute("username");
if(name != null) {
chain.doFilter(request, response);
}else {
req.setAttribute("msg", "请登录!");
req.getRequestDispatcher("/login.jsp").forward(request, response);
}
}
public void init(FilterConfig fConfig) throws ServletException {
}
}
AdminFilter.java
package com.tinstu.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
public class AdminFilter implements Filter {
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
/*
* 1.得到session
* 2.判断session域中是否存在admin,如果存在,放行
* 3.判断session域中username,如果存在,放行,否则回到login.jsp,并提示
*/
HttpServletRequest req = (HttpServletRequest) request;
String name = (String) req.getSession().getAttribute("admin");
if(name !=null ) {
chain.doFilter(request, response);
}
else {
req.setAttribute("msg", "非管理员不可访问!!");
req.getRequestDispatcher("/login.jsp").forward(request, response);
}
}
public void init(FilterConfig fConfig) throws ServletException {
}
@Override
public void destroy() {
// TODO Auto-generated method stub
}
}
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0">
<display-name>culiduanli</display-name>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>
<servlet>
<servlet-name>loginservlet</servlet-name>
<servlet-class>com.tinstu.servlet.loginservlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>loginservlet</servlet-name>
<url-pattern>/loginservlet</url-pattern>
</servlet-mapping>
<filter>
<filter-name>UserFilter</filter-name>
<filter-class>com.tinstu.filter.UserFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>UserFilter</filter-name>
<url-pattern>/user/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>AdminFilter</filter-name>
<filter-class>com.tinstu.filter.AdminFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AdminFilter</filter-name>
<url-pattern>/admin/*</url-pattern>
</filter-mapping>
</web-app>
阅读剩余
版权声明:
作者:Tin
链接:http://www.tinstu.com/874.html
文章版权归作者所有,未经允许请勿转载。
THE END
