java web 的粗粒度权限管理
生活随笔
收集整理的這篇文章主要介紹了
java web 的粗粒度权限管理
小編覺得挺不錯的,現(xiàn)在分享給大家,幫大家做個參考.
2019獨角獸企業(yè)重金招聘Python工程師標(biāo)準(zhǔn)>>>
1.說明
還有一個login.jsp
?
分析,通過userfilter.java 來過濾user,admin。
通過adminfilter.java來過濾admin。
?
?
?
代碼如下:
WebContext目錄下:
admin目錄:下的admin.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"pageEncoding="UTF-8"%><%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Insert title here</title> </head> <body><h1>管理員界面</h1><a href="<c:url value='/index.jsp'/>" >游客入口</a> <br /><a href="<c:url value='/user/user.jsp' />">會員入口</a> <br /><a href="<c:url value='/admin/admin.jsp' />">管理入口</a> <br /> </body> </html>user目錄下的user.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"pageEncoding="UTF-8"%><%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Insert title here</title> </head> <body><h1>會員界面</h1><a href="<c:url value='/index.jsp'/>" >游客入口</a> <br /><a href="<c:url value='/user/user.jsp' />">會員入口</a> <br /><a href="<c:url value='/admin/admin.jsp' />">管理入口</a> <br /> </body> </html>?
WebContext目錄下的index.jsp 和 login.jsp
//index.jsp <%@ page language="java" contentType="text/html; charset=UTF-8"pageEncoding="UTF-8"%><%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Insert title here</title> </head> <body><h1>游客界面</h1><a href="<c:url value='/index.jsp'/>" >游客入口</a> <br /><a href="<c:url value='/user/user.jsp' />">會員入口</a> <br /><a href="<c:url value='/admin/admin.jsp' />">管理入口</a> <br /> </body> </html>//login.jsp <%@ page language="java" contentType="text/html; charset=UTF-8"pageEncoding="UTF-8"%><%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Insert title here</title> </head> <body> <h1>登錄頁面</h1><form action="<c:url value='/LoginServlet'/>" method="post"><input type="text" name="username"/><input type="submit" value="登錄" /> </form></body> </html>?
2.一個LoginServlet處理 jsp的登錄動作。
package com.aslan.web.servlet;import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.annotation.WebServlet; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse;/*** Servlet implementation class LoginServlet*/ @WebServlet("/LoginServlet") public class LoginServlet extends HttpServlet {private static final long serialVersionUID = 1L;/*** @see HttpServlet#HttpServlet()*/public LoginServlet() {super();// TODO Auto-generated constructor stub}/*** @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)*/protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {// TODO Auto-generated method stub}/*** @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)*/protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {//1.獲取用戶名String username = request.getParameter("username");//2.判斷用戶名是否包含aslan//3.如果包含,就是管理員,如果不包含就是普通會員//4.登錄信息保存到session//5.轉(zhuǎn)發(fā)到index.jspif (username.contains("aslan")) {request.getSession().setAttribute("admin", username);}else {request.getSession().setAttribute("username",username); }System.out.println(username);request.getRequestDispatcher("/index.jsp").forward(request, response);}}?
3.使用2個Filter來控制User 和admin的訪問權(quán)限
UserFilter.java
package com.aslan.filter;import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.annotation.WebFilter; import javax.servlet.http.HttpServletRequest;/*** Servlet Filter implementation class UserFilter*/ @WebFilter("/user/*") public class UserFilter implements Filter {private FilterConfig config;public void destroy() {}public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {//1.得到sessionHttpServletRequest req = (HttpServletRequest) request;String name = (String) req.getSession().getAttribute("admin");System.out.println("admin:"+name);//2.判斷session域中是否存在admin,如果存在,放行if (name != null) {//放行chain.doFilter(request, response);return ; }//3.判斷session域中是否存在username,如果存在,放行name = (String) req.getSession().getAttribute("username");System.out.println("username:"+name);if (name != null) {//放行chain.doFilter(request, response);}else {req.setAttribute("msg", "您啥都不是,不要瞎溜達");req.getRequestDispatcher("/login.jsp").forward(request, response);}}public void init(FilterConfig fConfig) throws ServletException {this.config = fConfig;}}AdminFilter.java
package com.aslan.filter;import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.annotation.WebFilter; import javax.servlet.http.HttpServletRequest;/*** Servlet Filter implementation class AdminFilter*/ @WebFilter("/admin/*") public class AdminFilter implements Filter {/*** Default constructor. */public AdminFilter() {// TODO Auto-generated constructor stub}/*** @see Filter#destroy()*/public void destroy() {// TODO Auto-generated method stub}/*** @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)*/public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {HttpServletRequest req = (HttpServletRequest) request;String name = (String) req.getSession().getAttribute("admin");if (name == null) {req.setAttribute("msg", "不要瞎溜達");request.getRequestDispatcher("/login.jsp").forward(request, response);return;}if (name.contains("aslan")) {//放行chain.doFilter(request, response);}else {req.setAttribute("msg", "不要瞎溜達");request.getRequestDispatcher("/login.jsp").forward(request, response);}}/*** @see Filter#init(FilterConfig)*/public void init(FilterConfig fConfig) throws ServletException {// TODO Auto-generated method stub}}?
?
轉(zhuǎn)載于:https://my.oschina.net/aslanjia/blog/847255
總結(jié)
以上是生活随笔為你收集整理的java web 的粗粒度权限管理的全部內(nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: java自动猜测文件编码
- 下一篇: NUMA架构的CPU -- 你真的用好了