1.在数据库中建立三个表 ,分别为 用户信息表,用户权限关联表,权限表
--建立用户表
create table t_user(id int identity primary key ,username varchar(30) not null, password varchar(30) not null);
insert into t_user (username,password) values ('admin','123456');
insert into t_user (username,password) values ('guest','123456');
insert into t_user (username,password) values ('lily','123456');
--用户权限表
create table t_permission (id int identity primary key ,linkurl varchar(120),describe varchar(100));
insert into t_permission (linkurl,describe) values ('main.jsp','主页面');
insert into t_permission (linkurl,describe) values ('message.jsp','信息面');
insert into t_permission (linkurl,describe) values ('fuck.jsp','操蛋页面');
insert into t_permission (linkurl,describe) values ('love.jsp','爱情页面');
--用户和权限关联表
create table user_permission (uid int not null,pid int not null);
alter table user_permission add constraint up_uid_user_id foreign key (uid) references t_user(id) on delete cascade on update cascade;
alter table user_permission add constraint up_pid_permission_id foreign key (pid) references t_permission(id) on delete cascade on update cascade;
insert into user_permission (uid,pid) values (1,2);
insert into user_permission (uid,pid) values (1,3);
我们在这里模拟一个用户 ,并给予指定所操作的应用 以admin 用户为例 给指定了 可以访问message.jsp 和fuck.jsp
其他页面程序不再详细的说明,都包括在附加中
下面主要关键的是过滤器
public class FilterPermission extends HttpServlet implements Filter {
/**
*
*/
private static final long serialVersionUID = 1L;
// 字符编码(初始化参数)
protected String encoding = null;
// FilterConfig对象
protected FilterConfig filterConfig = null;
// 初始化方法
public void destroy() {
// TODO Auto-generated method stub
this.encoding = null;
this.filterConfig = null;
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest servletRequest= (HttpServletRequest)request;
HttpServletResponse servletResponse=(HttpServletResponse)response;
// TODO Auto-generated method stub
// 判断字符编码是否有效
if (encoding != null) {
// 设置request字符编码
servletRequest.setCharacterEncoding(encoding);
// 设置response字符编码
servletResponse.setContentType("text/html; charset="+encoding);
}
// 传递给下一过滤器
try {
chain.doFilter(request, response);
} catch (ServletException sx) {
filterConfig.getServletContext().log(sx.getMessage());
} catch (IOException iox) {
filterConfig.getServletContext().log(iox.getMessage());
}
//得到上下文访问路径
String accessPath = servletRequest.getContextPath();
//得到会话
HttpSession session = servletRequest.getSession();
//从会话中得到user对象
User user=(User)session.getAttribute("formvalue");
// SystemDao dao = new SystemDao();
// String linkurl=dao.getPermission(user.getId());
String
//得到请求的URI路径,并以截取
url=servletRequest.getRequestURI().substring(servletRequest.getRequestURI().lastIndexOf("/")+1, servletRequest.getRequestURI().length());
//指定无需经过权限过滤的页面
String exclude= "adminlogin,login.jsp,error.jsp,welcome.jsp";
try {
if(exclude.indexOf(url)==-1){
if(user==null ){
servletResponse.sendRedirect(accessPath+"/index.jsp");
}else{
SystemDao dao = new SystemDao();
//如果user不为空 从对象中得到user 的ID 从数据中查询出所拥有的权限
String linkurl=dao.getPermission(user.getId());
//请求的操作,判断 权限中是否拥有 没有拥有转向于错误提示页面
if(linkurl.indexOf(url)==-1){
servletResponse.sendRedirect(accessPath+"/error.jsp");
}}
}
} catch (Exception e) {
// TODO: handle exception
e.printStackTrace();
}
}
public void init(FilterConfig filterConfig) throws ServletException {
// TODO Auto-generated method stub
// 对filterConfig赋值
this.filterConfig = filterConfig;
// 对初始化参数赋值
this.encoding = filterConfig.getInitParameter("encode");
}
}
web.xml 过滤器的配置
<filter>
<filter-name>FilterPermission</filter-name>
<filter-class>com.smile.util.FilterPermission</filter-class>
<init-param>
<param-name>encode</param-name>
<param-value>UTF-8</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>FilterPermission</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>
--建立用户表
create table t_user(id int identity primary key ,username varchar(30) not null, password varchar(30) not null);
insert into t_user (username,password) values ('admin','123456');
insert into t_user (username,password) values ('guest','123456');
insert into t_user (username,password) values ('lily','123456');
--用户权限表
create table t_permission (id int identity primary key ,linkurl varchar(120),describe varchar(100));
insert into t_permission (linkurl,describe) values ('main.jsp','主页面');
insert into t_permission (linkurl,describe) values ('message.jsp','信息面');
insert into t_permission (linkurl,describe) values ('fuck.jsp','操蛋页面');
insert into t_permission (linkurl,describe) values ('love.jsp','爱情页面');
--用户和权限关联表
create table user_permission (uid int not null,pid int not null);
alter table user_permission add constraint up_uid_user_id foreign key (uid) references t_user(id) on delete cascade on update cascade;
alter table user_permission add constraint up_pid_permission_id foreign key (pid) references t_permission(id) on delete cascade on update cascade;
insert into user_permission (uid,pid) values (1,2);
insert into user_permission (uid,pid) values (1,3);
我们在这里模拟一个用户 ,并给予指定所操作的应用 以admin 用户为例 给指定了 可以访问message.jsp 和fuck.jsp
其他页面程序不再详细的说明,都包括在附加中
下面主要关键的是过滤器
public class FilterPermission extends HttpServlet implements Filter {
/**
*
*/
private static final long serialVersionUID = 1L;
// 字符编码(初始化参数)
protected String encoding = null;
// FilterConfig对象
protected FilterConfig filterConfig = null;
// 初始化方法
public void destroy() {
// TODO Auto-generated method stub
this.encoding = null;
this.filterConfig = null;
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest servletRequest= (HttpServletRequest)request;
HttpServletResponse servletResponse=(HttpServletResponse)response;
// TODO Auto-generated method stub
// 判断字符编码是否有效
if (encoding != null) {
// 设置request字符编码
servletRequest.setCharacterEncoding(encoding);
// 设置response字符编码
servletResponse.setContentType("text/html; charset="+encoding);
}
// 传递给下一过滤器
try {
chain.doFilter(request, response);
} catch (ServletException sx) {
filterConfig.getServletContext().log(sx.getMessage());
} catch (IOException iox) {
filterConfig.getServletContext().log(iox.getMessage());
}
//得到上下文访问路径
String accessPath = servletRequest.getContextPath();
//得到会话
HttpSession session = servletRequest.getSession();
//从会话中得到user对象
User user=(User)session.getAttribute("formvalue");
// SystemDao dao = new SystemDao();
// String linkurl=dao.getPermission(user.getId());
String
//得到请求的URI路径,并以截取
url=servletRequest.getRequestURI().substring(servletRequest.getRequestURI().lastIndexOf("/")+1, servletRequest.getRequestURI().length());
//指定无需经过权限过滤的页面
String exclude= "adminlogin,login.jsp,error.jsp,welcome.jsp";
try {
if(exclude.indexOf(url)==-1){
if(user==null ){
servletResponse.sendRedirect(accessPath+"/index.jsp");
}else{
SystemDao dao = new SystemDao();
//如果user不为空 从对象中得到user 的ID 从数据中查询出所拥有的权限
String linkurl=dao.getPermission(user.getId());
//请求的操作,判断 权限中是否拥有 没有拥有转向于错误提示页面
if(linkurl.indexOf(url)==-1){
servletResponse.sendRedirect(accessPath+"/error.jsp");
}}
}
} catch (Exception e) {
// TODO: handle exception
e.printStackTrace();
}
}
public void init(FilterConfig filterConfig) throws ServletException {
// TODO Auto-generated method stub
// 对filterConfig赋值
this.filterConfig = filterConfig;
// 对初始化参数赋值
this.encoding = filterConfig.getInitParameter("encode");
}
}
web.xml 过滤器的配置
<filter>
<filter-name>FilterPermission</filter-name>
<filter-class>com.smile.util.FilterPermission</filter-class>
<init-param>
<param-name>encode</param-name>
<param-value>UTF-8</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>FilterPermission</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>