web的权限控制
笔记类代码,防止自己忘记!!!!
# 权限控制
1.用户登录
2.保存用户信息(判断权限)
3.当用户访问某个网址的时候,
在过滤器内判断用户是否拥有访问当前页面的权限
3-1.如果有,将请求传递到目标资源
3-2.如果没有,提示错误信息
## LoginServlet
```java
package controller;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
/**
* 登录处理
*/
@WebServlet("/LoginServlet")
public class LoginServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
/**
* 将用户信息保存到session内
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
HttpSession session = request.getSession();
// 用户名密码不为空即为合法用户
String username = request.getParameter("username");
String password = request.getParameter("password");
if (username != null
&& password != null) {
session.setAttribute("username", username);
response.getWriter().append("登录成功!");
}
}
}
PermissionFilter
package filter;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
/**
* 用户权限校验
*/
@WebFilter("/*")
public class PermissionFilter implements Filter {
// 保存用户的权限信息
private Map<String, List<String>> permissionMap = new HashMap<>();
// 加载用户权限
public void init(FilterConfig fConfig) throws ServletException {
// admin的权限
List<String> adminList = new ArrayList<String>();
adminList.add("/Hello/LoginServlet");
adminList.add("/Hello/AdminServlet");
adminList.add("/Hello/ajax.jsp");
// zhangsan的权限
List<String> zhangsanList = new ArrayList<String>();
zhangsanList.add("/Hello/LoginServlet");
zhangsanList.add("/Hello/ajax.jsp");
permissionMap.put("admin", adminList);
permissionMap.put("zhangsan", zhangsanList);
}
// 权限鉴别
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
response.setContentType("text/html;charset=utf-8");
// 获取用户信息
HttpSession session = httpRequest.getSession();
String username = (String) session.getAttribute("username");
// 获取用户请求的资源地址
String uri = httpRequest.getRequestURI();
// 鉴别用户权限
if ("/Hello/login.jsp".equals(uri)
|| "/Hello/LoginServlet".equals(uri)) { // 登录直接访问
chain.doFilter(request, response);
} else {
List<String> list = this.permissionMap.get(username);
if (list != null && list.contains(uri)) {
chain.doFilter(request, response);
} else {
response.getWriter().append("当前用户没有访问权限!");
}
}
}
public void destroy() {
permissionMap = null;
}
}