1、有选择的被访问

  描述:首先若用户没有在页面提交注册(直接访问list.jsp),就只能被允许访问a.jsp。其他页面均不被允许访问

在login.jsp提交信息之后,可以在b.jsp访问,

代码如下:

创建留个页面(login.jsp、list.jsp、a.jsp、b.jsp、c.jsp、d.jsp),这里就不写了,可以参考全部代码(在本文的最后面有链接)

创建Logservlet去处理登入后的逻辑处理

package com.gqx.login;

import java.io.IOException;

import java.io.PrintWriter;

import javax.servlet.ServletException;

import javax.servlet.http.HttpServlet;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

public class LogServlet extends HttpServlet {

	public void doGet(HttpServletRequest request, HttpServletResponse response)

			throws ServletException, IOException {

		String name=request.getParameter("user");

		if (name!=null && name!="") {

			request.getSession().setAttribute("user", name);

			response.sendRedirect(request.getContextPath()+"/login/list.jsp");

		}else {

			response.sendRedirect(request.getContextPath()+"/login/login.jsp");

		}

	}

	public void doPost(HttpServletRequest request, HttpServletResponse response)

			throws ServletException, IOException {

		this.doGet(request, response);

	}

}

然后是最重要的Filter过滤器了,这里对权限的设置实在web.xml里面配置实现的,如下

<!-- 用户信息放入到session中的关键字 -->

	<context-param>

		<param-name>userSession</param-name>

		<param-value>USERSISSION</param-value>

	</context-param>

	<!-- 未登入,需重定向的页面 -->

	<context-param>

		<param-name>rediretPage</param-name>

		<param-value>/login/login.jsp</param-value>

	</context-param>

	<!-- 不需要拦截或检查的url,可以被外界直接访问的-->

	<context-param>

		<param-name>uncheckedUrl</param-name>

		<param-value>/login/a.jsp,/login/list.jsp,/login/login.jsp,/LogServlet</param-value>

	</context-param>

	<filter>

		<filter-name>LoginFilter</filter-name>

		<filter-class>com.gqx.login.LoginFilter</filter-class>

	</filter>

	<filter-mapping>

		<filter-name>LoginFilter</filter-name>

		<url-pattern>/login/*</url-pattern>

	</filter-mapping>

接着是根据xml里面的配置去做有选择性的去做过滤

package com.gqx.login;

import java.io.IOException;

import java.util.ArrayList;

import java.util.Arrays;

import java.util.List;

import javax.jms.Session;

import javax.servlet.Filter;

import javax.servlet.FilterChain;

import javax.servlet.FilterConfig;

import javax.servlet.ServletContext;

import javax.servlet.ServletException;

import javax.servlet.ServletRequest;

import javax.servlet.ServletResponse;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

public class LoginFilter implements Filter {

	private String userSession;

	private String rediretPage;

	private String uncheckedUrl;

	@Override

	public void init(FilterConfig arg0) throws ServletException {

		// TODO Auto-generated method stub

		ServletContext servletContext=arg0.getServletContext();

		userSession=servletContext.getInitParameter("userSession");

		rediretPage=servletContext.getInitParameter("rediretPage");

		uncheckedUrl=servletContext.getInitParameter("uncheckedUrl");

	}

	@Override

	public void destroy() {

		// TODO Auto-generated method stub

	}

	@Override

	public void doFilter(ServletRequest arg0, ServletResponse arg1,

			FilterChain arg2) throws IOException, ServletException {

		// TODO Auto-generated method stub

		HttpServletRequest request=(HttpServletRequest)arg0;

		HttpServletResponse response=(HttpServletResponse)arg1;

		//1、获取来的请求的URL

		String requestUrl=request.getRequestURL().toString();	// http://localhost:8080/FilterDemo/login/login.jsp

		String requestUri=request.getRequestURI().toString();// /FilterDemo/login/login.jsp

		String  servletPath=request.getServletPath();// /login/login.jsp

		//2、检查1获取的servletPath是否为不需要检查的URL中的而一个

		List<String> urls=Arrays.asList(uncheckedUrl.split(","));

		if (urls.contains(servletPath)) {

			arg2.doFilter(request, response);

			return;

		}

		//3、从session中获取userSession,判断值是否存在

		Object user=request.getSession().getAttribute("user");

		if (user==null) {

			response.sendRedirect(request.getContextPath()+rediretPage);

			return;

		}

		//4、存在,就允许访问

		arg2.doFilter(request, response);

	}

}

根据以上的代码就可以实现那些功能了。

(2)、管理权限的去访问

问题描述:通过设置允许用户去访问某些页面,若设置某用户可以访问某些页面,提交之后,去登入,在列表页根据用户的权限去及时的反应。(由于没有存数据库,本地自己自己认为的加上了两个用户AAA和BBB)

权限修改之后,提交,再去login.jsp去访问,输入用户,便可以去访问相对应权限的文章

实现代码

(1)、首先两个javaBean。User(用于管理其对应的名字和所有的权限)和Authority类(每一个权限以及他的url,通过url去访问其文章)。

package com.gqx.demo1;

import java.util.List;

// 封装用户信息: User

public class User {

	private String username;

	private List<Authority> authorities;

	public String getUsername() {

		return username;

	}

	public void setUsername(String username) {

		this.username = username;

	}

	public List<Authority> getAuthorities() {

		return authorities;

	}

	public void setAuthorities(List<Authority> authorities) {

		this.authorities = authorities;

	}

	public User(String username, List<Authority> authorities) {

		super();

		this.username = username;

		this.authorities = authorities;

	}

	public User() {

		// TODO Auto-generated constructor stub

	}

}

package com.gqx.demo1;

public class Authority {

	//显示到页面上的权限的名字

	private String displayName;

	//权限对应的 URL 地址: 已权限对应着一个 URL, 例如 Article-1 -> /article-1.jsp

	private String url;

	public String getDisplayName() {

		return displayName;

	}

	public void setDisplayName(String displayName) {

		this.displayName = displayName;

	}

	public String getUrl() {

		return url;

	}

	public void setUrl(String url) {

		this.url = url;

	}

	public Authority(String displayName, String url) {

		super();

		this.displayName = displayName;

		this.url = url;

	}

	public Authority() {

		// TODO Auto-generated constructor stub

	}

	@Override

	public int hashCode() {

		final int prime = 31;

		int result = 1;

		result = prime * result + ((url == null) ? 0 : url.hashCode());

		return result;

	}

	@Override

	public boolean equals(Object obj) {

		if (this == obj)

			return true;

		if (obj == null)

			return false;

		if (getClass() != obj.getClass())

			return false;

		Authority other = (Authority) obj;

		if (url == null) {

			if (other.url != null)

				return false;

		} else if (!url.equals(other.url))

			return false;

		return true;

	}

}

用户权限的管理(UserDao)

package com.gqx.demo1;

import java.util.ArrayList;

import java.util.HashMap;

import java.util.List;

import java.util.Map;

//用户的权限管理,获取和修改操作

public class UserDao {

	private static Map<String, User> users;    //用户所有的权限

	private static List<Authority> authorities =null;	//权限的种类

	static{

		//在authorities中一共有多少种权限

		authorities=new ArrayList<Authority>();

		authorities.add(new Authority("Article-1", "/article-1.jsp"));

		authorities.add(new Authority("Article-2", "/article-2.jsp"));

		authorities.add(new Authority("Article-3", "/article-3.jsp"));

		authorities.add(new Authority("Article-4", "/article-4.jsp"));

		users=new HashMap<String, User>();

		User user1=new User("AAA",authorities.subList(0, 2)); //sublist:左闭右关

		users.put("AAA", user1);

		User user2=new User("BBB",authorities.subList(2,4)); //sublist:左闭右关

		users.put("BBB", user2);

	}

	//获取用户的全部信息

	User get(String username){

		return users.get(username);

	}

	//修改用户的信息

	void update(String name,List<Authority> authorities){

		users.get(name).setAuthorities(authorities);

	}

	//获取所有的Authorities(一共有多少种authority)

	public static List<Authority> getAuthorities() {

		return authorities;

	}

	public List<Authority> getAuthorities(String[] urls) {

		List<Authority> authorities2 = new ArrayList<>();

		for(Authority authority: authorities){

			if(urls != null){

				for(String url: urls){

					if(url.equals(authority.getUrl())){

						authorities2.add(authority);

					}

				}

			}

		}

		return authorities2;

	}

}

还有两个servlet,第一个是处理用户权限的访问(显示登入者所有的权限)以及修改其对应的权限

package com.gqx.demo1;

import java.io.IOException;

import java.io.PrintWriter;

import java.lang.reflect.InvocationTargetException;

import java.lang.reflect.Method;

import java.util.ArrayList;

import java.util.List;

import javax.servlet.ServletException;

import javax.servlet.http.HttpServlet;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

public class AuthorityServlet extends HttpServlet {

	private static final long serialVersionUID = 1L;

	public void doGet(HttpServletRequest request, HttpServletResponse response)

			throws ServletException, IOException {

		String methodName=request.getParameter("method");

		//为了让一个servlet响应多个请求,这里可以使用反射

		try {

			Method method=getClass().getMethod(methodName, HttpServletRequest.class,HttpServletResponse.class);

			method.invoke(this, request,response);

		} catch (Exception e) {

			// TODO Auto-generated catch block

			e.printStackTrace();

		}

	}

	public void doPost(HttpServletRequest request, HttpServletResponse response)

			throws ServletException, IOException {

		this.doGet(request, response);

	}

	private UserDao userDao=new UserDao();

	//获取用户所有的信息

	public void getAuthorities(HttpServletRequest request, HttpServletResponse response)

			throws ServletException, IOException {

		String userName=request.getParameter("username");

		User user =userDao.get(userName);

		request.setAttribute("user", user);

		request.setAttribute("authorities", userDao.getAuthorities());

		request.getRequestDispatcher("/authority-manager.jsp").forward(request, response);

	}

	public void updateAuthority(HttpServletRequest request, HttpServletResponse response)

			throws ServletException, IOException {

		String username = request.getParameter("username");

			String [] authorities = request.getParameterValues("authority");

			List<Authority> authorityList = userDao.getAuthorities(authorities);

			userDao.update(username, authorityList);

			response.sendRedirect(request.getContextPath() + "/authority-manager.jsp");

	}

}

另一个是登入的servlet(主要是完成登入和注销的功能)

package com.gqx.demo1;

import java.io.IOException;

import java.io.PrintWriter;

import java.lang.reflect.Method;

import javax.servlet.ServletException;

import javax.servlet.http.HttpServlet;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

public class LoginServlet extends HttpServlet {

	private static final long serialVersionUID = 1L;

	public void doGet(HttpServletRequest request, HttpServletResponse response)

			throws ServletException, IOException {

		String methodName=request.getParameter("method");

		//为了让一个servlet响应多个请求,这里可以使用反射

		try {

			Method method=getClass().getMethod(methodName, HttpServletRequest.class,HttpServletResponse.class);

			method.invoke(this, request,response);

		} catch (Exception e) {

			// TODO Auto-generated catch block

			e.printStackTrace();

		}

	}

	public void doPost(HttpServletRequest request, HttpServletResponse response)

			throws ServletException, IOException {

		this.doGet(request, response);

	}

	private UserDao userDao=new UserDao();

	public void login(HttpServletRequest request, HttpServletResponse response)

			throws ServletException, IOException {

		//1、获取用户的username

		String name=request.getParameter("name");

		//2、调用userDao获取信息,把用户信息放入到session中,

		User user=userDao.get(name);

		request.getSession().setAttribute("user", user);

		//3、重定向到article.jsp

		response.sendRedirect(request.getContextPath()+"/articles.jsp");

	}

	public void logout(HttpServletRequest request, HttpServletResponse response)

			throws ServletException, IOException {

			//1. 获取 HttpSession

				//2. 使 HttpSession 失效

				request.getSession().invalidate();

				//3. 重定向到 /loign.jsp

				response.sendRedirect(request.getContextPath() + "/login.jsp");

	}

}

最后是最重要的过滤器了,指定了哪些情况下是可以去访问哪些资源的,以及如何处理没有权限的访问。这里如果没有权限,则会统一去到一个页面(403.jsp)。

package com.gqx.demo1;

import java.io.IOException;

import java.util.Arrays;

import java.util.List;

import javax.servlet.Filter;

import javax.servlet.FilterChain;

import javax.servlet.FilterConfig;

import javax.servlet.ServletException;

import javax.servlet.ServletRequest;

import javax.servlet.ServletResponse;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

public class AuthorityFilter implements Filter {

	@Override

	public void destroy() {

		// TODO Auto-generated method stub

	}

	@Override

	public void doFilter(ServletRequest arg0, ServletResponse arg1,

			FilterChain filterChain) throws IOException, ServletException {

		// TODO Auto-generated method stub

		HttpServletRequest request=(HttpServletRequest)arg0;

		HttpServletResponse response=(HttpServletResponse)arg1;

//		- 获取 servletPath, 类似于 /app_3/article1.jsp

		String servletPath = request.getServletPath();

		//不需要被拦截的 url 列表.

		List<String> uncheckedUrls = Arrays.asList("/403.jsp", "/articles.jsp",

				"/authority-manager.jsp", "/login.jsp", "/logout.jsp");

		if(uncheckedUrls.contains(servletPath)){

			filterChain.doFilter(request, response);

			return;

		}

//		- 在用户已经登录(可使用 用户是否登录 的过滤器)的情况下, 获取用户信息. session.getAttribute("user")

		User user = (User)request.getSession().getAttribute("user");

		if(user == null){

			response.sendRedirect(request.getContextPath() + "/login.jsp");

			return;

		}

//		- 再获取用户所具有的权限的信息: List<Authority>

		List<Authority> authorities = user.getAuthorities();

		// - 检验用户是否有请求 servletPath 的权限: 可以思考除了遍历以外, 有没有更好的实现方式

		Authority authority = new Authority(null, servletPath);

		// - 若有权限则: 响应

		if (authorities.contains(authority)) {

			filterChain.doFilter(request, response);

			return;

		}

//		- 若没有权限: 重定向到 403.jsp

		response.sendRedirect(request.getContextPath() + "/403.jsp");

		return;

	}

	@Override

	public void init(FilterConfig arg0) throws ServletException {

		// TODO Auto-generated method stub

	}

}

其他的html代码,在文中最后部分有下载

代码下载

Filter案例的更多相关文章

  1. servlet3.0 新特性和springboot Listener和filter案例

    1.filter package com.newtouch.zxf.filter; import java.io.IOException; import javax.servlet.Filter; i ...

  2. Filter案例之敏感词过滤和代理模式

    一.需求分析 二 .代理模式 1.概念 2.代码实现 代理对象可以强转为真实对象,即对应的接口类: 3.通过代理增强方法 其中,方法对象invoke真实对象,反射原理: 三.过滤敏感词汇案例代码实现 ...

  3. Filter案例之登录验证

    一.登录验证,权限控制 1.需求分析 其中,登录有关的资源被访问时要直接放行,不然会死循环: 2.代码实现

  4. Spark RDD/Core 编程 API入门系列 之rdd案例(map、filter、flatMap、groupByKey、reduceByKey、join、cogroupy等)(四)

    声明: 大数据中,最重要的算子操作是:join  !!! 典型的transformation和action val nums = sc.parallelize(1 to 10) //根据集合创建RDD ...

  5. django 操作数据库--orm(object relation mapping)---models

    思想 django为使用一种新的方式,即:关系对象映射(Object Relational Mapping,简称ORM). PHP:activerecord Java:Hibernate C#:Ent ...

  6. 第16 天 JavaWEB过滤器和监听器技术

    Day16 JavaWEB过滤器和监听器技术 复习: 1.大结果集分页mysql的实现,是使用那个关键字,从user表中取第一页的数据,长度为10,sql语句怎么写? 2.分页查询的起始位置(star ...

  7. Java Web——过滤器

    <Java Web开发技术应用——过滤器> 过滤器是一个程序,它先于与之相关的servlet或JSP页面运行在服务器上.过滤器可附加到一个或多个servlet或JSP页面上,并且可以检查进 ...

  8. WDA-文档-基础篇/进阶篇/讨论篇

    本文介绍SAP官方Dynpro开发文档NET310,以及资深开发顾问编写的完整教程.   链接:http://pan.baidu.com/s/1eR9axpg 密码:kf5m NET310 ABAP ...

  9. javaEE(15)_Servlet过滤器

    一.Filter简介 1.Filter也称之为过滤器,它是Servlet技术中最激动人心的技术,WEB开发人员通过Filter技术,对web服务器管理的所有web资源:例如Jsp, Servlet, ...

随机推荐

  1. range([start], stop[, step]):产生一个序列,默认从0开始

    range([start], stop[, step]):产生一个序列,默认从0开始 >>> l = range(10) >>> l [0, 1, 2, 3, 4, ...

  2. 关于最大流的EdmondsKarp算法详解

    最近大三学生让我去讲课,我就恶补了最大流算法,笔者认为最重要的是让学弟学妹们入门,知道算法怎么来的?为什么是这样?理解的话提出自己的改进,然后再看看Dinic.SAP和ISAP算法….. 一.概念引入 ...

  3. win7 不能启动 memcached 总是反回failde to start service

    原地址: http://zhidao.baidu.com/link?url=Ul9hJxFckU9IHWRy0pcxT11f2c0-p2uXkXhLria73mLNxYuV7IiaKYRtIl6vED ...

  4. 用 JMH 检测 Lambdas 序列化性能

    本文将介绍如何进行 Java Lambdas 序列化性能检测.Lambdas 的重要性以及 Lambdas 在分布式系统中的应用. Lambdas 表达式是 Java 8 中万众期待的新特性,其若干用 ...

  5. JAVA HASHMAP 如何用

    HASHMAP最好与实例联系起来..它主要存的是键与值的关系. 举个例子如你现在有一个学生类import java.util.HashMap;public class Student {String ...

  6. USB Type-C,接口上的大统一?

    这款 24-pin 连接器的机械设计反应了设计人员从 Micro-B 连接器上获得的历史教训,它无需确定插入的正反方向并可实现 10000 次的插拔.使用者再也不需要担心“哪头上,哪头下”,因为 US ...

  7. SQL Server中时间段查询

    /****** Script for SelectTopNRows command from SSMS ******/ select * from dbo.VehicleData20100901 wh ...

  8. Spring 3.x企业应用开发实战(14)----事务

    Spring虽然提供了灵活方便的事务管理功能,但这些功能都是基于底层数据库本身的事务处理机制工作的.要深入了解Spring的事务管理和配置,有必要先对数据库事务的基础知识进行学习. 何为数据库事务 “ ...

  9. 【HDOJ】1508 Alphacode

    简单DP.考虑10.20(出现0只能唯一组合).01(不成立). /* 1508 */ #include <iostream> #include <string> #inclu ...

  10. 3 Financial Services Social Media Success Storie

    As financial services firms step-up their use of social media, we’ve been looking for some early suc ...