权限过滤代码实现
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Insert title here</title>
</head>
<body>
<form action="/Filter_1/loginServlet?method=login" method="post">
uername:<input type="text" name="userName">
<input type="submit" value="Submit" />
</form>
</body>
</html>
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Insert title here</title>
</head>
<body>
Article 111
</body>
</html>
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Insert title here</title>
</head>
<body>
Article 222
</body>
</html>
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Insert title here</title>
</head>
<body>
Article 333
</body>
</html>
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Insert title here</title>
</head>
<body>
Article 444
</body>
</html>
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Insert title here</title>
</head>
<body>
<a href="article-1.jsp">Article111 Page</a>
<br/><br/>
<a href="article-2.jsp">Article222 Page</a>
<br/><br/>
<a href="article-3.jsp">Article333 Page</a>
<br/><br/>
<a href="article-4.jsp">Article444 Page</a>
<br/><br/>
<a href="/Filter_1/loginServlet?method=logout">Logout...</a>
</body>
</html>
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Insert title here</title>
</head>
<body>
<center>
<br><br>
<form action="/Filter_1/authorityServlet?method=getAuthority" method="post">
username:<input type="text" name="userName"/>
<input type="submit" value="Submit">
</form>
<c:if test="${requestScope.user != null }">
<br><br>
${requestScope.user.userName }的权限是:
<br><br>
<form action="/Filter_1/authorityServlet?method=updateAuthority" method="post">
<input type="hidden" name="userName" value="${requestScope.user.userName }"/>
<c:forEach items="${authorities }" var="auth">
<c:set var="flag" value="false"></c:set>
<c:forEach items="${user.authorities }" var="ua">
<c:if test="${ua.url == auth.url }">
<c:set var="flag" value="true"></c:set>
</c:if>
</c:forEach>
<c:if test="${flag == true }">
<input type="checkbox" name="authority" value="${auth.url }" checked="checked" />${auth.displayName }
</c:if>
<c:if test="${flag == false }">
<input type="checkbox" name="authority" value="${auth.url }" />${auth.displayName }
</c:if>
<br><br>
</c:forEach>
<input type="submit" value="Update">
</form>
<br><br>
</c:if>
</center>
</body>
</html>
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Insert title here</title>
</head>
<body>
<h4>
没有对应的权限, 请 <a href="${pageContext.request.contextPath }/app/articles.jsp">返回</a>
</h4>
</body>
</html>
package com.xs.javaweb;
public class Authority {
private String displayName;
private String url;
@Override
public int hashCode() {
final int prime = 31;
int result = 1;
result = prime * result + ((url == null) ? 0 : url.hashCode());
return result;
}
@Override
public boolean equals(Object obj) {
if (this == obj)
return true;
if (obj == null)
return false;
if (getClass() != obj.getClass())
return false;
Authority other = (Authority) obj;
if (url == null) {
if (other.url != null)
return false;
} else if (!url.equals(other.url))
return false;
return true;
}
public String getDisplayName() {
return displayName;
}
public void setDisplayName(String displayName) {
this.displayName = displayName;
}
public String getUrl() {
return url;
}
public void setUrl(String url) {
this.url = url;
}
public Authority(String displayName, String url) {
super();
this.displayName = displayName;
this.url = url;
}
public Authority() {
super();
}
@Override
public String toString() {
return "Authority [displayName=" + displayName + ", url=" + url + "]";
}
}
package com.xs.javaweb;
import java.io.IOException;
import java.lang.reflect.Method;
import java.util.List;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@WebServlet("/authorityServlet")
public class AuthorityServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
doPost(req, resp);
}
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String methodName = request.getParameter("method");
try {
Method method = getClass().getMethod(methodName, HttpServletRequest.class, HttpServletResponse.class);
method.invoke(this, request, response);
} catch (Exception e) {
e.printStackTrace();
}
}
private UserDAO userDAO = new UserDAO();
public void getAuthority(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String userName = request.getParameter("userName");
User user = userDAO.get(userName);
request.setAttribute("user", user);
request.setAttribute("authorities", userDAO.getAuthorities());
request.getRequestDispatcher("/app/authority-manager.jsp").forward(request, response);
}
public void updateAuthority(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String userName = request.getParameter("userName");
String [] authorities = request.getParameterValues("authority");
List<Authority> authorityList = userDAO.getAuthorities(authorities);
userDAO.update(userName, authorityList);
response.sendRedirect(request.getContextPath() + "/app/authority-manager.jsp");
}
}
package com.xs.javaweb;
import java.util.List;
public class User {
@Override
public String toString() {
return "User [userName=" + userName + ", authorities=" + authorities + "]";
}
private String userName;
private List<Authority> authorities;
public String getUserName() {
return userName;
}
public void setUserName(String userName) {
this.userName = userName;
}
public List<Authority> getAuthorities() {
return authorities;
}
public void setAuthorities(List<Authority> authorities) {
this.authorities = authorities;
}
public User(String userName, List<Authority> authorities) {
super();
this.userName = userName;
this.authorities = authorities;
}
public User() {
super();
}
}
package com.xs.javaweb;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
public class UserDAO {
private static Map<String, User> users;
private static List<Authority> authorities = null;
static {
authorities = new ArrayList<>();
authorities.add(new Authority("Article-1", "/app/article-1.jsp"));
authorities.add(new Authority("Article-2", "/app/article-2.jsp"));
authorities.add(new Authority("Article-3", "/app/article-3.jsp"));
authorities.add(new Authority("Article-4", "/app/article-4.jsp"));
users = new HashMap<String, User>();
User user1 = new User("AAA", authorities.subList(0, 2));
users.put("AAA", user1);
User user2 = new User("BBB", authorities.subList(2, 4));
users.put("BBB", user2);
}
public User get(String userName) {
return users.get(userName);
}
public void update(String userName, List<Authority> authorities) {
users.get(userName).setAuthorities(authorities);
}
public List<Authority> getAuthorities() {
return authorities;
}
public List<Authority> getAuthorities(String[] urls) {
List<Authority> authorities2 = new ArrayList<>();
for (Authority authority: authorities) {
if (urls != null) {
for (String url: urls) {
if (url.equals(authority.getUrl())) {
authorities2.add(authority);
}
}
}
}
return authorities2;
}
}
package com.xs.javaweb;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public abstract class HttpFilter implements Filter {
private FilterConfig FilterConfig;
@Override
public void init(FilterConfig filterConfig) throws ServletException {
this.FilterConfig = filterConfig;
init();
}
protected void init() {
}
public FilterConfig getFilterConfig() {
return FilterConfig;
}
@Override
public void destroy() {
}
@Override
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) resp;
doFilter(request, response, chain);
}
public abstract void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
throws IOException, ServletException;
}
package com.xs.javaweb;
import java.io.IOException;
import java.util.Arrays;
import java.util.List;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@WebFilter("*.jsp")
public class AuthorityFilter extends HttpFilter {
@Override
public void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
throws IOException, ServletException {
String servletPath = request.getServletPath();
List<String> uncheckedUrls = Arrays.asList("/app/403.jsp", "/app/articles.jsp", "/app/authority-manager.jsp", "/app/login.jsp", "/app/logout.jsp");
if (uncheckedUrls.contains(servletPath)) {
chain.doFilter(request, response);
return;
}
User user = (User)request.getSession().getAttribute("user");
if (user == null) {
response.sendRedirect(request.getContextPath() + "/app/login.jsp");
return;
}
List<Authority> authorities = user.getAuthorities();
Authority authority = new Authority(null, servletPath);
if (authorities.contains(authority)) {
chain.doFilter(request, response);
return;
}
response.sendRedirect(request.getContextPath() + "/app/403.jsp");
return;
}
}
package com.xs.javaweb;
import java.io.IOException;
import java.lang.reflect.Method;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@WebServlet("/loginServlet")
public class LoginServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
private UserDAO userDAO = new UserDAO();
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doPost(request, response);
}
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String methodName = request.getParameter("method");
try {
Method method = getClass().getMethod(methodName, HttpServletRequest.class, HttpServletResponse.class);
method.invoke(this, request, response);
} catch (Exception e) {
e.printStackTrace();
}
}
public void login(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String userName = request.getParameter("userName");
User user = userDAO.get(userName);
request.getSession().setAttribute("user", user);
response.sendRedirect(request.getContextPath() + "/app/articles.jsp");
}
public void logout(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
request.getSession().invalidate();
response.sendRedirect(request.getContextPath() + "/app/login.jsp");
}
}