本文主要是介绍粗粒度权限控制(拦截是否登录、拦截用户名admin权限),希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
RBAC --> 基于角色的权限控制
- tb_user
- tb_role
- tb_userrole
- tb_menu(增、删、改、查)
- tb_rolemenu
1 说明
给出三个页面:index.jsp、user.jsp、admin.jsp。
- index.jsp:谁都可以访问,没有限制;
- user.jsp:只有登录用户才能访问;
- admin.jsp:只有管理员才能访问。
2 分析
设计User类:username、password、grade,其中grade表示用户等级,1表示普通用户,2表示管理员用户。
当用户登录成功后,把user保存到session中。
创建LoginFilter,它有两种过滤方式:
- 如果访问的是user.jsp,查看session中是否存在user;
- 如果访问的是admin.jsp,查看session中是否存在user,并且user的grade等于2。
3 代码
index.jsp
1 <%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>2 <%@ page contentType="text/html;charset=UTF-8" language="java" %>3 <html>4 <head>5 <title>$Title$</title>6 </head>7 <body>8 <h1>主页</h1>9 <h3>${user.username }</h3>
10 <hr/>
11 <a href="<c:url value='/login.jsp'/>">登录</a><br/>
12 <a href="<c:url value='/users/users.jsp'/>">用户页面</a><br/>
13 <a href="<c:url value='/admin/admin.jsp'/>">管理员页面</a>
14 </body>
15 </html>login.jsp
1 <%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>2 <%@ page contentType="text/html;charset=UTF-8" language="java" %>3 <html>4 <head>5 <title>Title</title>6 </head>7 <body>8 <h1>登录</h1>9 <p style="font-weight: 900; color: red">${msg }</p>
10 <form action="<c:url value='/LoginServlet'/>" method="post">
11 用户名:<input type="text" name="username"/><br/>
12 密 码:<input type="password" name="password"/><br/>
13 <input type="submit" value="登录"/>
14 </form>
15 </form>
16 </body>
17 </html>users.jsp
1 <%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>2 <%--3 Created by IntelliJ IDEA.4 web.user.User: Mac5 Date: 13/09/20176 Time: 1:22 PM7 To change this template use File | Settings | File Templates.8 --%>9 <%@ page contentType="text/html;charset=UTF-8" language="java" %>
10 <html>
11 <head>
12 <title>Title</title>
13 </head>
14 <body>
15 <h1>用户页面</h1>
16 <h3>${user.username }</h3>
17 <hr/>
18 </body>
19 </html>admin.jsp
1 <%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>2 <%@ page contentType="text/html;charset=UTF-8" language="java" %>3 <html>4 <head>5 <title>Title</title>6 </head>7 <body>8 <h1>管理员页面</h1>9 <h3>${user.username }</h3>
10 <hr/>
11 </body>
12 </html>User.java
1 public class User {2 private String username;3 private String password;4 private int grade;5 6 public User(String username, String password, int grade) { 7 this.username = username; 8 this.password = password; 9 this.grade = grade; 10 } 11 12 public int getGrade() { 13 return grade; 14 } 15 16 public void setGrade(int grade) { 17 this.grade = grade; 18 } 19 20 public String getUsername() { 21 return username; 22 } 23 24 public void setUsername(String username) { 25 this.username = username; 26 } 27 28 public String getPassword() { 29 return password; 30 } 31 32 public void setPassword(String password) { 33 this.password = password; 34 } 35 36 @Override 37 public String toString() { 38 return "web.user.User{" 39 "username='" username '\'' 40 ", password='" password '\'' 41 '}'; 42 } 43 }LoginServlet.java
1 package web.servlet;2 3 import web.service.UserService;4 import web.user.User;5 import javax.servlet.ServletException;6 import javax.servlet.annotation.WebServlet; 7 import javax.servlet.http.HttpServlet; 8 import javax.servlet.http.HttpServletRequest; 9 import javax.servlet.http.HttpServletResponse; 10 import java.io.IOException; 11 12 @WebServlet(name = "LoginServlet",urlPatterns = "/LoginServlet") 13 public class LoginServlet extends HttpServlet { 14 15 public void doPost(HttpServletRequest request, HttpServletResponse response) 16 throws ServletException, IOException { 17 request.setCharacterEncoding("utf-8"); 18 response.setContentType("text/html;charset=utf-8"); 19 20 String username = request.getParameter("username"); 21 String password = request.getParameter("password"); 22 UserService userService = new UserService(); 23 User user = userService.login(username, password); 24 if(user == null ) { 25 request.setAttribute("msg", "用户名或密码错误"); 26 request.getRequestDispatcher("/login.jsp").forward(request, response); 27 } else { 28 request.getSession().setAttribute("user", user); 29 request.getRequestDispatcher("/index.jsp").forward(request, response); 30 } 31 } 32 }UserServlet.java
1 package web.servlet;2 3 import web.user.User;4 5 import javax.servlet.ServletException;6 import javax.servlet.annotation.WebServlet;7 import javax.servlet.http.HttpServlet; 8 import javax.servlet.http.HttpServletRequest; 9 import javax.servlet.http.HttpServletResponse; 10 import java.io.IOException; 11 import java.util.HashMap; 12 import java.util.Map; 13 14 @WebServlet(name = "UserServlet",urlPatterns = "/UserServlet") 15 public class UserServlet extends HttpServlet { 16 private static Map<String,User> users = new HashMap<String, User>(); 17 static { 18 users.put("zhangSan", new User("zhangSan", "123", 1)); 19 users.put("liSi", new User("liSi", "123", 2)); 20 } 21 22 public User login (String username, String password) { 23 User user = users.get(username); 24 if(user == null) return null; 25 return user.getPassword().equals(password) ? user : null; 26 } 27 }UserService.java
1 package web.service;2 3 import web.user.User;4 import java.util.HashMap;5 import java.util.Map;6 7 public class UserService { 8 private static Map<String,User> users = new HashMap<String, User>(); 9 static { 10 users.put("zhangSan", new User("zhangSan", "123", 1)); 11 users.put("liSi", new User("liSi", "123", 2)); 12 } 13 14 public User login (String username, String password) { 15 User user = users.get(username); 16 if(user == null) return null; 17 return user.getPassword().equals(password) ? user : null; 18 } 19 }AdminFilter.java
1 package web.filter;2 3 import web.user.User;4 5 import javax.servlet.*;6 import javax.servlet.annotation.WebFilter;7 import javax.servlet.http.HttpServletRequest; 8 import java.io.IOException; 9 10 @WebFilter(filterName = "AdminFilter",urlPatterns = "/admin/*") 11 public class AdminFilter implements Filter { 12 public void destroy() {} 13 public void init(FilterConfig fConfig) throws ServletException {} 14 15 public void doFilter(ServletRequest request, ServletResponse response, 16 FilterChain chain) throws IOException, ServletException { 17 response.setContentType("text/html;charset=utf-8"); 18 HttpServletRequest req = (HttpServletRequest) request; 19 User user = (User) req.getSession().getAttribute("user"); 20 if(user == null) { 21 response.getWriter().print("您还没有登录!"); 22 return; 23 } 24 if(user.getGrade() < 2) { 25 response.getWriter().print("您的等级不够!"); 26 return; 27 } 28 chain.doFilter(request, response); 29 } 30 31 }UserFilter.java
1 package web.filter;2 3 import web.user.User;4 5 import javax.servlet.*;6 import javax.servlet.annotation.WebFilter;7 import javax.servlet.http.HttpServletRequest; 8 import java.io.IOException; 9 10 @WebFilter(filterName = "UseFilter",urlPatterns = "/users/*") 11 public class UseFilter implements Filter { 12 public void destroy() { 13 } 14 public void doFilter(ServletRequest request, ServletResponse response, 15 FilterChain chain) throws IOException, ServletException { 16 response.setContentType("text/html;charset=utf-8"); 17 HttpServletRequest req = (HttpServletRequest) request; 18 User user = (User) req.getSession().getAttribute("user"); 19 if(user == null) { 20 response.getWriter().print("您还没有登录"); 21 return; 22 } 23 chain.doFilter(request, response); 24 } 25 26 public void init(FilterConfig config) throws ServletException { 27 28 } 29 }
这篇关于粗粒度权限控制(拦截是否登录、拦截用户名admin权限)的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
