URL匹配权限控制(粗粒度权限控制)
创建JavaBean用于封装用户信息(包含权限信息):
public class User {
private String username;
private String password;
private String role;
public String getRole() {
return role;
}
public void setRole(String role) {
this.role = role;
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
}
登录页面:login.jsp:
主页面:
创建Web应用程序的主页面,用于用户功能的显示。
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>My JSP 'index.jsp' starting page</title>
</head>
<body>
<c:if test="${empty user }">
<h1>您还未登录,请去<a href="login.jsp">登录</a></h1>
</c:if>
<c:if test="${not empty user }">
<h1>欢迎您,${user.username }</h1>
<h1><a href="user/userlist.jsp">用户操作功能列表</a></h1>
<h1><a href="admin/adminlist.jsp">管理员操作功能列表</a></h1>
</c:if>
</body>
</html>
创建用户可以访问的功能列表页面。
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>My JSP 'userlist.jsp' starting page</title>
</head>
<body>
<h1>这里是用户操作的功能列表!</h1>
</body>
</html>
创建管理员可以访问的功能列表页面:
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>My JSP 'adminlist.jsp' starting page</title>
</head>
<body>
<h1>这里是管理员操作的功能列表!</h1>
</body>
</html>
创建一个过滤器用于完成权限控制功能:
public class AuthoFilter implements Filter {
private FilterConfig config;
private Map<String, String> map = new HashMap<String, String>();
public void init(FilterConfig filterConfig) throws ServletException {
this.config = filterConfig;
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
Enumeration names = config.getInitParameterNames();
while (names.hasMoreElements()) {
String name = (String) names.nextElement();
String value = config.getInitParameter(name);
map.put(value, name);
}
HttpServletRequest req = (HttpServletRequest) request;
String path = req.getRequestURI().substring(req.getContextPath().length());
for (String needPath : map.keySet()) {
if (path.startsWith(needPath)) {
String needRole = map.get(needPath);
User user = (User) req.getSession().getAttribute("user");
if (user == null) {
req.getRequestDispatcher("login.jsp").forward(request, response);
return;
}else {
String role = user.getRole();
if (needRole.equals(role)) {
chain.doFilter(request, response);
return;
}else {
throw new RuntimeException("权限不足,无法访问!");
}
}
}
}
chain.doFilter(request, response);
}
public void destroy() {}
}
配置Web工程的web.xml文件:
<filter>
<filter-name>AuthoFilter</filter-name>
<filter-class>app.java.demo3.AuthoFilter</filter-class>
<init-param>
<param-name>user</param-name>
<param-value>/user</param-value>
</init-param>
<init-param>
<param-name>admin</param-name>
<param-value>/admin</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>AuthoFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>