粗粒度权限控制(拦截是否登录拦截用户名admin权限)
Posted gdwkong
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了粗粒度权限控制(拦截是否登录拦截用户名admin权限)相关的知识,希望对你有一定的参考价值。
RBAC --> 基于角色的权限控制
- tb_user
- tb_role
- tb_userrole
- tb_menu(增、删、改、查)
- tb_rolemenu
1 说明
给出三个页面:index.jsp、user.jsp、admin.jsp。
- index.jsp:谁都可以访问,没有限制;
- user.jsp:只有登录用户才能访问;
- admin.jsp:只有管理员才能访问。
2 分析
设计User类:username、password、grade,其中grade表示用户等级,1表示普通用户,2表示管理员用户。
当用户登录成功后,把user保存到session中。
创建LoginFilter,它有两种过滤方式:
- 如果访问的是user.jsp,查看session中是否存在user;
- 如果访问的是admin.jsp,查看session中是否存在user,并且user的grade等于2。
3 代码
index.jsp
1 <%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> 2 <%@ page contentType="text/html;charset=UTF-8" language="java" %> 3 <html> 4 <head> 5 <title>$Title$</title> 6 </head> 7 <body> 8 <h1>主页</h1> 9 <h3>${user.username }</h3> 10 <hr/> 11 <a href="<c:url value=‘/login.jsp‘/>">登录</a><br/> 12 <a href="<c:url value=‘/users/users.jsp‘/>">用户页面</a><br/> 13 <a href="<c:url value=‘/admin/admin.jsp‘/>">管理员页面</a> 14 </body> 15 </html>
login.jsp
1 <%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
2 <%@ page contentType="text/html;charset=UTF-8" language="java" %>
3 <html>
4 <head>
5 <title>Title</title>
6 </head>
7 <body>
8 <h1>登录</h1>
9 <p style="font-weight: 900; color: red">${msg }</p>
10 <form action="<c:url value=‘/LoginServlet‘/>" method="post">
11 用户名:<input type="text" name="username"/><br/>
12 密 码:<input type="password" name="password"/><br/>
13 <input type="submit" value="登录"/>
14 </form>
15 </form>
16 </body>
17 </html>
users.jsp
1 <%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
2 <%--
3 Created by IntelliJ IDEA.
4 web.user.User: Mac
5 Date: 13/09/2017
6 Time: 1:22 PM
7 To change this template use File | Settings | File Templates.
8 --%>
9 <%@ page contentType="text/html;charset=UTF-8" language="java" %>
10 <html>
11 <head>
12 <title>Title</title>
13 </head>
14 <body>
15 <h1>用户页面</h1>
16 <h3>${user.username }</h3>
17 <hr/>
18 </body>
19 </html>
admin.jsp
1 <%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
2 <%@ page contentType="text/html;charset=UTF-8" language="java" %>
3 <html>
4 <head>
5 <title>Title</title>
6 </head>
7 <body>
8 <h1>管理员页面</h1>
9 <h3>${user.username }</h3>
10 <hr/>
11 </body>
12 </html>
User.java
1 public class User {
2 private String username;
3 private String password;
4 private int grade;
5
6 public User(String username, String password, int grade) {
7 this.username = username;
8 this.password = password;
9 this.grade = grade;
10 }
11
12 public int getGrade() {
13 return grade;
14 }
15
16 public void setGrade(int grade) {
17 this.grade = grade;
18 }
19
20 public String getUsername() {
21 return username;
22 }
23
24 public void setUsername(String username) {
25 this.username = username;
26 }
27
28 public String getPassword() {
29 return password;
30 }
31
32 public void setPassword(String password) {
33 this.password = password;
34 }
35
36 @Override
37 public String toString() {
38 return "web.user.User{" +
39 "username=‘" + username + ‘\‘‘ +
40 ", password=‘" + password + ‘\‘‘ +
41 ‘}‘;
42 }
43 }
LoginServlet.java
1 package web.servlet;
2
3 import web.service.UserService;
4 import web.user.User;
5 import javax.servlet.ServletException;
6 import javax.servlet.annotation.WebServlet;
7 import javax.servlet.http.HttpServlet;
8 import javax.servlet.http.HttpServletRequest;
9 import javax.servlet.http.HttpServletResponse;
10 import java.io.IOException;
11
12 @WebServlet(name = "LoginServlet",urlPatterns = "/LoginServlet")
13 public class LoginServlet extends HttpServlet {
14
15 public void doPost(HttpServletRequest request, HttpServletResponse response)
16 throws ServletException, IOException {
17 request.setCharacterEncoding("utf-8");
18 response.setContentType("text/html;charset=utf-8");
19
20 String username = request.getParameter("username");
21 String password = request.getParameter("password");
22 UserService userService = new UserService();
23 User user = userService.login(username, password);
24 if(user == null ) {
25 request.setAttribute("msg", "用户名或密码错误");
26 request.getRequestDispatcher("/login.jsp").forward(request, response);
27 } else {
28 request.getSession().setAttribute("user", user);
29 request.getRequestDispatcher("/index.jsp").forward(request, response);
30 }
31 }
32 }
UserServlet.java
1 package web.servlet;
2
3 import web.user.User;
4
5 import javax.servlet.ServletException;
6 import javax.servlet.annotation.WebServlet;
7 import javax.servlet.http.HttpServlet;
8 import javax.servlet.http.HttpServletRequest;
9 import javax.servlet.http.HttpServletResponse;
10 import java.io.IOException;
11 import java.util.HashMap;
12 import java.util.Map;
13
14 @WebServlet(name = "UserServlet",urlPatterns = "/UserServlet")
15 public class UserServlet extends HttpServlet {
16 private static Map<String,User> users = new HashMap<String, User>();
17 static {
18 users.put("zhangSan", new User("zhangSan", "123", 1));
19 users.put("liSi", new User("liSi", "123", 2));
20 }
21
22 public User login (String username, String password) {
23 User user = users.get(username);
24 if(user == null) return null;
25 return user.getPassword().equals(password) ? user : null;
26 }
27 }
UserService.java
1 package web.service;
2
3 import web.user.User;
4 import java.util.HashMap;
5 import java.util.Map;
6
7 public class UserService {
8 private static Map<String,User> users = new HashMap<String, User>();
9 static {
10 users.put("zhangSan", new User("zhangSan", "123", 1));
11 users.put("liSi", new User("liSi", "123", 2));
12 }
13
14 public User login (String username, String password) {
15 User user = users.get(username);
16 if(user == null) return null;
17 return user.getPassword().equals(password) ? user : null;
18 }
19 }
AdminFilter.java
1 package web.filter;
2
3 import web.user.User;
4
5 import javax.servlet.*;
6 import javax.servlet.annotation.WebFilter;
7 import javax.servlet.http.HttpServletRequest;
8 import java.io.IOException;
9
10 @WebFilter(filterName = "AdminFilter",urlPatterns = "/admin/*")
11 public class AdminFilter implements Filter {
12 public void destroy() {}
13 public void init(FilterConfig fConfig) throws ServletException {}
14
15 public void doFilter(ServletRequest request, ServletResponse response,
16 FilterChain chain) throws IOException, ServletException {
17 response.setContentType("text/html;charset=utf-8");
18 HttpServletRequest req = (HttpServletRequest) request;
19 User user = (User) req.getSession().getAttribute("user");
20 if(user == null) {
21 response.getWriter().print("您还没有登录!");
22 return;
23 }
24 if(user.getGrade() < 2) {
25 response.getWriter().print("您的等级不够!");
26 return;
27 }
28 chain.doFilter(request, response);
29 }
30
31 }
UserFilter.java
1 package web.filter;
2
3 import web.user.User;
4
5 import javax.servlet.*;
6 import javax.servlet.annotation.WebFilter;
7 import javax.servlet.http.HttpServletRequest;
8 import java.io.IOException;
9
10 @WebFilter(filterName = "UseFilter",urlPatterns = "/users/*")
11 public class UseFilter implements Filter {
12 public void destroy() {
13 }
14 public void doFilter(ServletRequest request, ServletResponse response,
15 FilterChain chain) throws IOException, ServletException {
16 response.setContentType("text/html;charset=utf-8");
17 HttpServletRequest req = (HttpServletRequest) request;
18 User user = (User) req.getSession().getAttribute("user");
19 if(user == null) {
20 response.getWriter().print("您还没有登录");
21 return;
22 }
23 chain.doFilter(request, response);
24 }
25
26 public void init(FilterConfig config) throws ServletException {
27
28 }
29 }
以上是关于粗粒度权限控制(拦截是否登录拦截用户名admin权限)的主要内容,如果未能解决你的问题,请参考以下文章