使用说明:
本项目的结构如下图所示:
过滤声明:admin用户能够访问admin目录,manager目录,norestriction目录和根目录下的所有资源,manager用户具有除了admin目录外所有资源的权限,非登陆用户可以访问norestriction目录和根目录下的所有资源。login.jsp用于用户登录,list.jsp列出课访问的Web资源,当没有权限访问某些资源时,显示403.jsp网页
代码:
login.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>登录页面</title>
</head>
<body>
<form action="Login" method="post">
<br><br>
<span style="color:red">${ message }</span> <br><br>
用户:<input id="user" name="user" type="text"/><br>
密码:<input id="pwd" name="pwd" type="password"/><br>
<input type="submit" id="submit" value="提交"/><br><br>
<h3>用户有admin和manager,密码都是123</h3>
</form>
</body>
</html>
list.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>资源列表页面</title>
</head>
<body>
<br><br>
登录用户: ${ sessionScope.user }
<br><br>
<a href="admin/index.jsp">admin页面</a><br>
<a href="manager/index.jsp">manager页面</a><br>
<a href="norestriction/index.jsp">norestriction页面</a><br><br>
<a href="login.jsp">登录</a><br>
<a href="LoginOut">登出</a><br>
</body>
</html>
403.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>403错误页面</title>
</head>
<body>
<br><br>
对不起,您没有对应权限!请<a href="list.jsp">返回</a>
</body>
</html>
index.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>admin页面</title>
</head>
<body>
<h3>欢迎${sessionScope.user }大驾光临!</h3>
</body>
</html>
Login.java
package com.servlet;
import java.io.IOException;
import java.util.Enumeration;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpSessionContext;
public class Login extends HttpServlet {
private static final long serialVersionUID = 1L;
public Login() {
super();
// TODO Auto-generated constructor stub
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
doPost(request, response);
}
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
request.setCharacterEncoding("UTF-8");
String user=request.getParameter("user");
String pwd=request.getParameter("pwd");
// 比对用户名和密码
// 这里采用硬编码,在实际应用时可改为比对数据库用户表信息
if(user==null || (!"admin".equals(user) && !"manager".equals(user))){
request.setAttribute("message", "用户名或密码错误!");
request.getRequestDispatcher("/login.jsp").forward(request, response);
return ;
}
if (pwd == null || !"123".equals(pwd)) {
request.setAttribute("message", "用户名或密码错误!");
request.getRequestDispatcher("/login.jsp").forward(request, response);
return;
}
//获取会话对象
HttpSession session=request.getSession();
// 将登录用户放到Session中
session.setAttribute("user", user);
response.sendRedirect("list.jsp");
}
}
LoginOut.java
package com.servlet;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class LoginOut extends HttpServlet {
private static final long serialVersionUID = 1L;
public LoginOut() {
super();
// TODO Auto-generated constructor stub
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
doPost(request, response);
}
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
//登出
request.getSession().invalidate();
response.sendRedirect(request.getContextPath()+"/login.jsp");
}
}
CheckRightsFilter.java
package com.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class CheckRightsFilter implements Filter {
public CheckRightsFilter() {
// TODO Auto-generated constructor stub
}
public void destroy() {
// TODO Auto-generated method stub
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
// TODO Auto-generated method stub
HttpServletRequest httprequest=(HttpServletRequest)request;
HttpServletResponse httpresponse=(HttpServletResponse)response;
//搜索各种Path
String contextPath=httprequest.getContextPath();
String servletPath=httprequest.getServletPath();
String user=(String)httprequest.getSession().getAttribute("user");
//判断admin权限
if(servletPath.startsWith("/admin")){
if(user==null || !"admin".equals(user)){
httpresponse.sendRedirect(contextPath+"/403.jsp");
return ;
}
}
//判断manager权限
if(servletPath.startsWith("/manager")){
if(user==null || (!"manager".equals(user) &&!"admin".equals(user))){
httpresponse.sendRedirect(contextPath+"/403.jsp");
return ;
}
}
chain.doFilter(request, response);
}
public void init(FilterConfig fConfig) throws ServletException {
// TODO Auto-generated method stub
}
}
截图:
(登陆和退出登录后的页面)
(admin用户登录---所有页面的权限)
(manager用户权限:可以访问除admin外所有页面)
(manager用户访问admin目录下的页面时,显示错误)