當前位置：首頁 > 编程资源 > 编程问答 >内容正文

编程问答

简单实用一分钟上手级权限控制

發布時間：2023/12/15 编程问答 23 豆豆

生活随笔收集整理的這篇文章主要介紹了简单实用一分钟上手级权限控制小編覺得挺不錯的,現在分享給大家,幫大家做個參考.

找回來自己以前的一個項目，用的是通過filter過濾來管理權限的方法，很簡單，但也很實用。這個項目并不小，但這么一個類就已經可以滿足其權限管理的需要了，所以其實很多時候，權限管理大家并不必要想得那么復雜，對于不少系統，簡單通過filter來管理就ok了, simple 也是一種美^_^ 在web.xml里加入

view plaincopy to clipboardprint?


<filter>

<filter-name>Authentication</filter-name>

<filter-class>com.springside.demo.security.UrlFilter</filter-class>

<init-param>

<param-name>onError</param-name>

<param-value>/login.jsp</param-value>

</init-param>

</filter>

<filter-mapping>

<filter-name>Authentication</filter-name>



<url-pattern>*.jsp</url-pattern>

</filter-mapping>


<filter>

<filter-name>Authentication</filter-name>

<filter-class>com.springside.demo.security.UrlFilter</filter-class>

<init-param>

<param-name>onError</param-name>

<param-value>/login.jsp</param-value>

</init-param>

</filter>

<filter-mapping>

<filter-name>Authentication</filter-name>



<url-pattern>*.jsp</url-pattern>

</filter-mapping>

view plaincopy to clipboardprint?

public class UrlFilter implements Filter {

private FilterConfig filterConfig;

private FilterChain chain;

private HttpServletRequest request;

private HttpServletResponse response;

public void destroy() {

this.filterConfig = null;

}

public void init(FilterConfig filterConfig) throws ServletException {

this.filterConfig = filterConfig;

}

public void doFilter(ServletRequest servletRequest,

ServletResponse servletResponse, FilterChain chain)

throws IOException, ServletException {

this.chain = chain;

this.request = (HttpServletRequest) servletRequest;

this.response = ((HttpServletResponse) servletResponse);

String url = request.getServletPath();

if (url == null)

url = "";

// 獲取session中的loginuser對象

HttpSession session = request.getSession();

LoginUser loginuser = (LoginUser) session.getAttribute("loginuser");

if (baseUrl(url, request)) {

// 如果是登陸界面等無須權限訪問的的公用界面則跳過

chain.doFilter(request, response);

} else if (loginuser == null) {

checkLogin(url);

} else {

verifyUrl(url, loginuser);

}

}

private void checkLogin(String url) throws ServletException, IOException {

// 如果session中獲取不到 loginuser 對象，要不就是session 過期了，要不就是還沒登陸。所以返回登陸界面

// 在登陸后記得把 loginuser 對象置于 session中

if (url.indexOf("/index.jsp") >= 0

&& "login".equals(request.getParameter("act"))) {

// 獲取request中username,password

String username = request.getParameter("username");

String password = request.getParameter("password");

UserDao userDao = new UserDao();

if (userDao.authUser(username, password)) {

LoginUser user = userDao.getUser(username);

request.getSession().setAttribute("loginuser", user);

verifyUrl(url,user);

return;

}

}

response.sendRedirect("login.jsp");

}

private void verifyUrl(String url, LoginUser loginuser)

throws IOException, ServletException {

// 獲取 loginuser 擁有的所有資源串

Set royurl = loginuser.getResStrings();

if (royurl != null && royurl.size() > 0 && pass(royurl, url, request.getParameterMap())) {

chain.doFilter(request, response);

} else {

response.setContentType("text/html;charset=GBK");

response

.getWriter()

.println(

"<div style='margin: 100 auto;text-align: center;"

+ "font: bold 18px 宋體;color: #0066CC;vertical-align: middle'> Sorry,您沒有權限訪問該資源!</div>");

}

}

/**

* 判斷是否是公用界面

*/

protected boolean baseUrl(String url, HttpServletRequest request) {

if (url.indexOf("/login.jsp") >= 0) {

return true;

}

return false;

}

/**

* 判斷該用戶是否有權請求該url

*

* @param royurl

* user擁有的授權的的url串集合

* @param url

* 當前請求的url

* @param reqmap

* 當前request的參數

* @return 是否通過該url

*/

protected boolean pass(Set royurl, String url, Map reqmap) {

boolean match = true;

for (Iterator iter = royurl.iterator(); iter.hasNext();) {

// 獲取資源

match = true;

String res_string = (String) iter.next();

if (res_string.indexOf("*") > 0) {

res_string = res_string.substring(0, res_string.indexOf("*"));

if (url.substring(0, res_string.length()).equalsIgnoreCase(

res_string)) {

return true; // 增加通配符比較

}

}

// 分割url與參數

String[] spw = res_string.split("\\?"); // 用"\\?" 轉義后即可得到正確的結

if (!url.equalsIgnoreCase(spw[0])) {

match = false;

}

if (match && spw.length > 1) {

String[] spa = spw[1].split("\\&"); // 分拆各參數

for (int j = 0; j < spa.length; j++) {

String[] spe = spa[j].split("="); // 分拆鍵與值

String key = spe[0];

String value = "";

if (spe.length > 1) {

value = spe[1].trim();

}

// 輪詢

String[] values = (String[]) reqmap.get(key);

if (values != null) {

for (int k = 0; k < values.length; k++) {

if (value.equalsIgnoreCase(values[k])) {

match = true;

break;

}

match = false;

}

if (!match) {

break;

}

}

}

}

if (match) {

break;

}

}

return match;

}

public static void main(String[] args) {

UrlFilter filter = new UrlFilter();

String url = "/baseProd/product.do";

Map reqmap = new HashMap();

// 當前請求productline參數是11,12

reqmap.put("productline", new String[] { "11", "12" });

String str;

Set royurl = new HashSet();

// 和授權的的url根本不同，false

royurl.add("/user.do?a=1&b=2");

System.out.println("match false:" + filter.pass(royurl, url, reqmap));

// 授權的請求參數13,14時 false

royurl.add("/baseProd/product.do?productline=13&productline=14");

System.out.println("match false:" + filter.pass(royurl, url, reqmap));

// 授權的請求參數11,13時 false

royurl.add("/baseProd/product.do?productline=11&productline=13");

System.out.println("match false:" + filter.pass(royurl, url, reqmap));

// 授權的請求參數11時 true

royurl.add("/baseProd/product.do?productline=11");

System.out.println("match true:" + filter.pass(royurl, url, reqmap));

// 參數的不論順序 true

royurl.add("/baseProd/product.do?productline=12&productline=11");

System.out.println("match true:" + filter.pass(royurl, url, reqmap));

royurl.clear();

// 支持 "*" 號作通配符 true

royurl.add("/baseProd/product.do*");

System.out.println("match ture:" + filter.pass(royurl, url, reqmap));

}

}

public class UrlFilter implements Filter {

private FilterConfig filterConfig;

private FilterChain chain;

private HttpServletRequest request;

private HttpServletResponse response;

public void destroy() {

this.filterConfig = null;

}

public void init(FilterConfig filterConfig) throws ServletException {

this.filterConfig = filterConfig;

}

public void doFilter(ServletRequest servletRequest,

ServletResponse servletResponse, FilterChain chain)

throws IOException, ServletException {

this.chain = chain;

this.request = (HttpServletRequest) servletRequest;

this.response = ((HttpServletResponse) servletResponse);

String url = request.getServletPath();

if (url == null)

url = "";

// 獲取session中的loginuser對象

HttpSession session = request.getSession();

LoginUser loginuser = (LoginUser) session.getAttribute("loginuser");

if (baseUrl(url, request)) {

// 如果是登陸界面等無須權限訪問的的公用界面則跳過

chain.doFilter(request, response);

} else if (loginuser == null) {

checkLogin(url);

} else {

verifyUrl(url, loginuser);

}

}

private void checkLogin(String url) throws ServletException, IOException {

// 如果session中獲取不到 loginuser 對象，要不就是session 過期了，要不就是還沒登陸。所以返回登陸界面

// 在登陸后記得把 loginuser 對象置于 session中

if (url.indexOf("/index.jsp") >= 0

&& "login".equals(request.getParameter("act"))) {

// 獲取request中username,password

String username = request.getParameter("username");

String password = request.getParameter("password");

UserDao userDao = new UserDao();

if (userDao.authUser(username, password)) {

LoginUser user = userDao.getUser(username);

request.getSession().setAttribute("loginuser", user);

verifyUrl(url,user);

return;

}

}

response.sendRedirect("login.jsp");

}

private void verifyUrl(String url, LoginUser loginuser)

throws IOException, ServletException {

// 獲取 loginuser 擁有的所有資源串

Set royurl = loginuser.getResStrings();

if (royurl != null && royurl.size() > 0 && pass(royurl, url, request.getParameterMap())) {

chain.doFilter(request, response);

} else {

response.setContentType("text/html;charset=GBK");

response

.getWriter()

.println(

"<div style='margin: 100 auto;text-align: center;"

+ "font: bold 18px 宋體;color: #0066CC;vertical-align: middle'> Sorry,您沒有權限訪問該資源!</div>");

}

}

/**

* 判斷是否是公用界面

*/

protected boolean baseUrl(String url, HttpServletRequest request) {

if (url.indexOf("/login.jsp") >= 0) {

return true;

}

return false;

}

/**

* 判斷該用戶是否有權請求該url

*

* @param royurl

* user擁有的授權的的url串集合

* @param url

* 當前請求的url

* @param reqmap

* 當前request的參數

* @return 是否通過該url

*/

protected boolean pass(Set royurl, String url, Map reqmap) {

boolean match = true;

for (Iterator iter = royurl.iterator(); iter.hasNext();) {

// 獲取資源

match = true;

String res_string = (String) iter.next();

if (res_string.indexOf("*") > 0) {

res_string = res_string.substring(0, res_string.indexOf("*"));

if (url.substring(0, res_string.length()).equalsIgnoreCase(

res_string)) {

return true; // 增加通配符比較

}

}

// 分割url與參數

String[] spw = res_string.split("\\?"); // 用"\\?" 轉義后即可得到正確的結

if (!url.equalsIgnoreCase(spw[0])) {

match = false;

}

if (match && spw.length > 1) {

String[] spa = spw[1].split("\\&"); // 分拆各參數

for (int j = 0; j < spa.length; j++) {

String[] spe = spa[j].split("="); // 分拆鍵與值

String key = spe[0];

String value = "";

if (spe.length > 1) {

value = spe[1].trim();

}

// 輪詢

String[] values = (String[]) reqmap.get(key);

if (values != null) {

for (int k = 0; k < values.length; k++) {

if (value.equalsIgnoreCase(values[k])) {

match = true;

break;

}

match = false;

}

if (!match) {

break;

}

}

}

}

if (match) {

break;

}

}

return match;

}

public static void main(String[] args) {

UrlFilter filter = new UrlFilter();

String url = "/baseProd/product.do";

Map reqmap = new HashMap();

// 當前請求productline參數是11,12

reqmap.put("productline", new String[] { "11", "12" });

String str;

Set royurl = new HashSet();

// 和授權的的url根本不同，false

royurl.add("/user.do?a=1&b=2");

System.out.println("match false:" + filter.pass(royurl, url, reqmap));

// 授權的請求參數13,14時 false

royurl.add("/baseProd/product.do?productline=13&productline=14");

System.out.println("match false:" + filter.pass(royurl, url, reqmap));

// 授權的請求參數11,13時 false

royurl.add("/baseProd/product.do?productline=11&productline=13");

System.out.println("match false:" + filter.pass(royurl, url, reqmap));

// 授權的請求參數11時 true

royurl.add("/baseProd/product.do?productline=11");

System.out.println("match true:" + filter.pass(royurl, url, reqmap));

// 參數的不論順序 true

royurl.add("/baseProd/product.do?productline=12&productline=11");

System.out.println("match true:" + filter.pass(royurl, url, reqmap));

royurl.clear();

// 支持 "*" 號作通配符 true

royurl.add("/baseProd/product.do*");

System.out.println("match ture:" + filter.pass(royurl, url, reqmap));

}

}

LoginUser 類: view plaincopy to clipboardprint?

public class LoginUser {
private String name;

//用戶的授權url集合,如"/product.do?line=1&singer=2","/menu.do?son=1&son=2&son=3","/job.do*"

private Set resStrings;

public String getName() {

return name;

}

public void setName(String name) {

this.name = name;

}

public Set getResStrings() {

return resStrings;

}

public void setResStrings(Set resStrings) {

this.resStrings = resStrings;

}

}

public class LoginUser {
private String name;

//用戶的授權url集合,如"/product.do?line=1&singer=2","/menu.do?son=1&son=2&son=3","/job.do*"

private Set resStrings;

public String getName() {

return name;

}

public void setName(String name) {

this.name = name;

}

public Set getResStrings() {

return resStrings;

}

public void setResStrings(Set resStrings) {

this.resStrings = resStrings;

}

}

總結

以上是生活随笔為你收集整理的简单实用一分钟上手级权限控制的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。

上一篇：库存股注销钱去哪了
下一篇：向DWR传递map/返回map/list