粗粒度权限控制（拦截是否登录、拦截用户名admin权限）

本文主要是介绍粗粒度权限控制（拦截是否登录、拦截用户名admin权限），希望对大家解决编程问题提供一定的参考价值，需要的开发者们随着小编来一起学习吧！

RBAC --> 基于角色的权限控制

tb_user
tb_role
tb_userrole
tb_menu(增、删、改、查)
tb_rolemenu

1　说明

给出三个页面：index.jsp、user.jsp、admin.jsp。

index.jsp：谁都可以访问，没有限制；
user.jsp：只有登录用户才能访问；
admin.jsp：只有管理员才能访问。

2　分析

设计User类：username、password、grade，其中grade表示用户等级，1表示普通用户，2表示管理员用户。

当用户登录成功后，把user保存到session中。

创建LoginFilter，它有两种过滤方式：

如果访问的是user.jsp，查看session中是否存在user；
如果访问的是admin.jsp，查看session中是否存在user，并且user的grade等于2。

3 代码

index.jsp　　

 1 <%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>2 <%@ page contentType="text/html;charset=UTF-8" language="java" %>3 <html>4   <head>5     <title>$Title$</title>6   </head>7   <body>8   <h1>主页</h1>9   <h3>${user.username }</h3>
10   <hr/>
11   <a href="<c:url value='/login.jsp'/>">登录</a><br/>
12   <a href="<c:url value='/users/users.jsp'/>">用户页面</a><br/>
13   <a href="<c:url value='/admin/admin.jsp'/>">管理员页面</a>
14   </body>
15 </html>

 1 <%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>2 <%@ page contentType="text/html;charset=UTF-8" language="java" %>3 <html>4 <head>5     <title>Title</title>6 </head>7 <body>8 <h1>登录</h1>9 <p style="font-weight: 900; color: red">${msg }</p>
10 <form action="<c:url value='/LoginServlet'/>" method="post">
11     用户名：<input type="text" name="username"/><br/>
12     密 码：<input type="password" name="password"/><br/>
13     <input type="submit" value="登录"/>
14 </form>
15 </form>
16 </body>
17 </html>

users.jsp

 1 <%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>2 <%--3   Created by IntelliJ IDEA.4   web.user.User: Mac5   Date: 13/09/20176   Time: 1:22 PM7   To change this template use File | Settings | File Templates.8 --%>9 <%@ page contentType="text/html;charset=UTF-8" language="java" %>
10 <html>
11 <head>
12     <title>Title</title>
13 </head>
14 <body>
15 <h1>用户页面</h1>
16 <h3>${user.username }</h3>
17 <hr/>
18 </body>
19 </html>

admin.jsp

 1 <%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>2 <%@ page contentType="text/html;charset=UTF-8" language="java" %>3 <html>4 <head>5     <title>Title</title>6 </head>7 <body>8 <h1>管理员页面</h1>9 <h3>${user.username }</h3>
10 <hr/>
11 </body>
12 </html>

User.java

 1 public class User {2     private String username;3     private String password;4     private int grade;5 6     public User(String username, String password, int grade) { 7 this.username = username; 8 this.password = password; 9 this.grade = grade; 10  } 11 12 public int getGrade() { 13 return grade; 14  } 15 16 public void setGrade(int grade) { 17 this.grade = grade; 18  } 19 20 public String getUsername() { 21 return username; 22  } 23 24 public void setUsername(String username) { 25 this.username = username; 26  } 27 28 public String getPassword() { 29 return password; 30  } 31 32 public void setPassword(String password) { 33 this.password = password; 34  } 35 36  @Override 37 public String toString() { 38 return "web.user.User{" 39 "username='" username '\'' 40 ", password='" password '\'' 41 '}'; 42  } 43 }

LoginServlet.java

 1 package web.servlet;2 3 import web.service.UserService;4 import web.user.User;5 import javax.servlet.ServletException;6 import javax.servlet.annotation.WebServlet; 7 import javax.servlet.http.HttpServlet; 8 import javax.servlet.http.HttpServletRequest; 9 import javax.servlet.http.HttpServletResponse; 10 import java.io.IOException; 11 12 @WebServlet(name = "LoginServlet",urlPatterns = "/LoginServlet") 13 public class LoginServlet extends HttpServlet { 14 15 public void doPost(HttpServletRequest request, HttpServletResponse response) 16 throws ServletException, IOException { 17 request.setCharacterEncoding("utf-8"); 18 response.setContentType("text/html;charset=utf-8"); 19 20 String username = request.getParameter("username"); 21 String password = request.getParameter("password"); 22 UserService userService = new UserService(); 23 User user = userService.login(username, password); 24 if(user == null ) { 25 request.setAttribute("msg", "用户名或密码错误"); 26 request.getRequestDispatcher("/login.jsp").forward(request, response); 27 } else { 28 request.getSession().setAttribute("user", user); 29 request.getRequestDispatcher("/index.jsp").forward(request, response); 30  } 31  } 32 }

UserServlet.java

 1 package web.servlet;2 3 import web.user.User;4 5 import javax.servlet.ServletException;6 import javax.servlet.annotation.WebServlet;7 import javax.servlet.http.HttpServlet; 8 import javax.servlet.http.HttpServletRequest; 9 import javax.servlet.http.HttpServletResponse; 10 import java.io.IOException; 11 import java.util.HashMap; 12 import java.util.Map; 13 14 @WebServlet(name = "UserServlet",urlPatterns = "/UserServlet") 15 public class UserServlet extends HttpServlet { 16 private static Map<String,User> users = new HashMap<String, User>(); 17 static { 18 users.put("zhangSan", new User("zhangSan", "123", 1)); 19 users.put("liSi", new User("liSi", "123", 2)); 20  } 21 22 public User login (String username, String password) { 23 User user = users.get(username); 24 if(user == null) return null; 25 return user.getPassword().equals(password) ? user : null; 26  } 27 }

UserService.java

 1 package web.service;2 3 import web.user.User;4 import java.util.HashMap;5 import java.util.Map;6 7 public class UserService { 8 private static Map<String,User> users = new HashMap<String, User>(); 9 static { 10 users.put("zhangSan", new User("zhangSan", "123", 1)); 11 users.put("liSi", new User("liSi", "123", 2)); 12  } 13 14 public User login (String username, String password) { 15 User user = users.get(username); 16 if(user == null) return null; 17 return user.getPassword().equals(password) ? user : null; 18  } 19 }

AdminFilter.java

 1 package web.filter;2 3 import web.user.User;4 5 import javax.servlet.*;6 import javax.servlet.annotation.WebFilter;7 import javax.servlet.http.HttpServletRequest; 8 import java.io.IOException; 9 10 @WebFilter(filterName = "AdminFilter",urlPatterns = "/admin/*") 11 public class AdminFilter implements Filter { 12 public void destroy() {} 13 public void init(FilterConfig fConfig) throws ServletException {} 14 15 public void doFilter(ServletRequest request, ServletResponse response, 16 FilterChain chain) throws IOException, ServletException { 17 response.setContentType("text/html;charset=utf-8"); 18 HttpServletRequest req = (HttpServletRequest) request; 19 User user = (User) req.getSession().getAttribute("user"); 20 if(user == null) { 21 response.getWriter().print("您还没有登录!"); 22 return; 23  } 24 if(user.getGrade() < 2) { 25 response.getWriter().print("您的等级不够！"); 26 return; 27  } 28  chain.doFilter(request, response); 29  } 30 31 }

UserFilter.java

 1 package web.filter;2 3 import web.user.User;4 5 import javax.servlet.*;6 import javax.servlet.annotation.WebFilter;7 import javax.servlet.http.HttpServletRequest; 8 import java.io.IOException; 9 10 @WebFilter(filterName = "UseFilter",urlPatterns = "/users/*") 11 public class UseFilter implements Filter { 12 public void destroy() { 13  } 14 public void doFilter(ServletRequest request, ServletResponse response, 15 FilterChain chain) throws IOException, ServletException { 16 response.setContentType("text/html;charset=utf-8"); 17 HttpServletRequest req = (HttpServletRequest) request; 18 User user = (User) req.getSession().getAttribute("user"); 19 if(user == null) { 20 response.getWriter().print("您还没有登录"); 21 return; 22  } 23  chain.doFilter(request, response); 24  } 25 26 public void init(FilterConfig config) throws ServletException { 27 28  } 29 }

这篇关于粗粒度权限控制（拦截是否登录、拦截用户名admin权限）的文章就介绍到这儿，希望我们推荐的文章对编程师们有所帮助！