因为项目比较长,需要一步步进行实现,所以分解成一个一个需求。
一:需求一
1.需求一
可以看某人的权限,同时,可以对这个用户进行权限的修改。
2.程序实现
3.程序目录
4.User.java
1 packagecom.web;2
3 importjava.util.List;4
5 public classUser {6 privateString userName;7 private Listauthorities;8 public voidUser(){9
10 }11 public User(String userName, Listauthorities) {12 this.userName =userName;13 this.authorities =authorities;14 }15 publicString getUserName() {16 returnuserName;17 }18 public voidsetUserName(String userName) {19 this.userName =userName;20 }21 public ListgetAuthorities() {22 returnauthorities;23 }24 public void setAuthorities(Listauthorities) {25 this.authorities =authorities;26 }27
28 }
5.Authority.java
1 packagecom.web;2
3 public classAuthority {4 privateString displayName;5 privateString url;6 public voidAuthority() {7
8 }9 publicAuthority(String displayName, String url) {10 this.displayName =displayName;11 this.url =url;12 }13 publicString getDisplayName() {14 returndisplayName;15 }16 public voidsetDisplayName(String displayName) {17 this.displayName =displayName;18 }19 publicString getUrl() {20 returnurl;21 }22 public voidsetUrl(String url) {23 this.url =url;24 }25
26 }
6.UserDao.java
1 packagecom.dao;2
3 importjava.util.ArrayList;4 importjava.util.HashMap;5 importjava.util.List;6 importjava.util.Map;7
8 importcom.web.Authority;9 importcom.web.User;10
11 public classUserDao {12 //初始化
13 private static Mapusers;14 private static List authorities=null;15 static{16 users=new HashMap();17 authorities=new ArrayList<>();18
19 authorities.add(new Authority("Article-1", "/article-1.jsp"));20 authorities.add(new Authority("Article-2", "/article-2.jsp"));21 authorities.add(new Authority("Article-3", "/article-3.jsp"));22 authorities.add(new Authority("Article-4", "/article-4.jsp"));23
24 User user1=new User("AAA", authorities.subList(0, 2));25 users.put("AAA", user1);26
27 User user2=new User("BBB", authorities.subList(2, 4));28 users.put("BBB", user2);29 }30
31 /**
32 * 得到用戶User(String,List)33 *@paramuserName34 *@return
35 */
36 publicUser get(String userName) {37 returnusers.get(userName);38 }39
40 /**
41 * 进行更新用户权限42 * 方法是得到用户,然后对这个用户进行赋权限43 *@paramuserName44 *@paramauthorities45 */
46 public void update(String userName,Listauthorities) {47 users.get(userName).setAuthorities(authorities);48 }49
50 /**
51 * 获取权限,这个是所有的权限52 */
53 public ListgetAuthorities(){54 returnauthorities;55 }56
57 /**
58 *59 *@paramauthorities260 *@return
61 */
62 public ListgetAuthorities(String[] urls) {63 List authorities2=new ArrayList();64 for(Authority authority:authorities) {65 if(urls!=null) {66 for(String url : urls) {67 if(url.equals(authority.getUrl())) {68 authorities2.add(authority);69 }70 }71 }72 }73
74
75 returnauthorities2;76 }77
78 }
7.AuthorityServlet.java
1 packagecom.web;2
3 importjava.io.IOException;4 importjava.lang.reflect.InvocationTargetException;5 importjava.lang.reflect.Method;6 importjava.util.ArrayList;7 importjava.util.List;8
9 importjavax.servlet.ServletException;10 importjavax.servlet.annotation.WebServlet;11 importjavax.servlet.http.HttpServlet;12 importjavax.servlet.http.HttpServletRequest;13 importjavax.servlet.http.HttpServletResponse;14
15 importcom.dao.UserDao;16 public class AuthorityServlet extendsHttpServlet {17 private static final long serialVersionUID = 1L;18
19 public void doPost(HttpServletRequest request, HttpServletResponse response) throwsServletException, IOException {20 String methodName=request.getParameter("method");21 try{22 Method method=getClass().getMethod(methodName, HttpServletRequest.class,HttpServletResponse.class);23 method.invoke(this, request,response);24 } catch(Exception e) {25 e.printStackTrace();26 }27 }28
29 private UserDao userDao=newUserDao();30
31 public void getAuthorities(HttpServletRequest request, HttpServletResponse response) throwsException{32 String userName=request.getParameter("userName");33 User user=userDao.get(userName);34 request.setAttribute("user", user);35 request.setAttribute("authorities", userDao.getAuthorities());36 request.getRequestDispatcher("/authority-manager.jsp").forward(request, response);37 }38 public void updateAuthorities(HttpServletRequest request, HttpServletResponse response) throwsIOException {39 String userName=request.getParameter("userName");40 String[] authorities=request.getParameterValues("authoritiy");41 List authoritiesList=userDao.getAuthorities(authorities);42 userDao.update(userName, authoritiesList);43 response.sendRedirect(request.getContextPath()+"/authority-manager.jsp");44 }45
46 }
8.authority-manager.jsp
1
2 pageEncoding="utf-8"%>
3
4
5
6
7
8
Insert title here9
10
11
12
13
14 name:
15
16
17
18
19
20
21 ${requestScope.user.userName}的权限是:22
23
24
25
26
27
28
29
30
31
32
33 ${auth.displayName}
34
35
36 ${auth.displayName}
37
38
39
40
41
42
43
44
45
9.效果
二:需求二
1.需求二
对访问权限的控制
使用Filter进行权限的过滤,检验用户是否有权限,有,则直接响应目标页面,若没有则重定向到403.jsp
2.程序目录(添加主要修改的程序)
3.Authority.java
1 packagecom.web;2
3 public classAuthority {4 privateString displayName;5 privateString url;6 public voidAuthority() {7
8 }9 publicAuthority(String displayName, String url) {10 this.displayName =displayName;11 this.url =url;12 }13 publicString getDisplayName() {14 returndisplayName;15 }16 public voidsetDisplayName(String displayName) {17 this.displayName =displayName;18 }19 publicString getUrl() {20 returnurl;21 }22 public voidsetUrl(String url) {23 this.url =url;24 }25 //用于判断两个权限是否相等
26 @Override27 public inthashCode() {28 final int prime = 31;29 int result = 1;30 result = prime * result + ((url == null) ? 0: url.hashCode());31 returnresult;32 }33 @Override34 public booleanequals(Object obj) {35 if (this ==obj)36 return true;37 if (obj == null)38 return false;39 if (getClass() !=obj.getClass())40 return false;41 Authority other =(Authority) obj;42 if (url == null) {43 if (other.url != null)44 return false;45 } else if (!url.equals(other.url))46 return false;47 return true;48 }49
50 }
4.AuthorityFilter.java
1 packagecom.web;2
3 importjava.io.IOException;4 importjava.util.Arrays;5 importjava.util.List;6
7 importjavax.servlet.Filter;8 importjavax.servlet.FilterChain;9 importjavax.servlet.FilterConfig;10 importjavax.servlet.ServletException;11 importjavax.servlet.ServletRequest;12 importjavax.servlet.ServletResponse;13 importjavax.servlet.annotation.WebFilter;14 importjavax.servlet.http.HttpServletRequest;15 importjavax.servlet.http.HttpServletResponse;16
17 /**
18 * Servlet Filter implementation class AuthorityFilter19 */
20 @WebFilter("*.jsp")21 public class AuthorityFilter extendsHttpFilter {22
23 @Override24 public voiddoFilter(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)25 throwsIOException, ServletException {26 String servletPath=request.getServletPath();27 List uncheckedUrls=Arrays.asList("/403.jsp","/article.jsp",28 "/authority-manager.jsp","/login.jsp","/logout.jsp");29 if(uncheckedUrls.contains(servletPath)) {30 filterChain.doFilter(request, response);31 return;32 }33 User user=(User) request.getSession().getAttribute("user");34 System.out.println("============="+user.getUserName());35 if(user==null) {36 response.sendRedirect(request.getContextPath()+"/login.jsp");37 return;38 }39 List authorities=user.getAuthorities();40 Authority authority=new Authority(null, servletPath);41 if(authorities.contains(authority)) {42 filterChain.doFilter(request, response);43 return;44 }45 response.sendRedirect(request.getContextPath()+"/403.jsp");46 }47
48
49 }
5.HttpFilter.java
1 packagecom.web;2
3 importjava.io.IOException;4
5 importjavax.servlet.Filter;6 importjavax.servlet.FilterChain;7 importjavax.servlet.FilterConfig;8 importjavax.servlet.ServletException;9 importjavax.servlet.ServletRequest;10 importjavax.servlet.ServletResponse;11 importjavax.servlet.http.HttpServletRequest;12 importjavax.servlet.http.HttpServletResponse;13
14 /**
15 * 自定义的 HttpFilter, 实现自 Filter 接口16 *17 */
18 public abstract class HttpFilter implementsFilter {19
20 /**
21 * 用于保存 FilterConfig 对象.22 */
23 privateFilterConfig filterConfig;24
25 /**
26 * 不建议子类直接覆盖. 若直接覆盖, 将可能会导致 filterConfig 成员变量初始化失败27 */
28 @Override29 public void init(FilterConfig filterConfig) throwsServletException {30 this.filterConfig =filterConfig;31 init();32 }33
34 /**
35 * 供子类继承的初始化方法. 可以通过 getFilterConfig() 获取 FilterConfig 对象.36 */
37 protected voidinit() {}38
39 /**
40 * 直接返回 init(ServletConfig) 的 FilterConfig 对象41 */
42 publicFilterConfig getFilterConfig() {43 returnfilterConfig;44 }45
46 /**
47 * 原生的 doFilter 方法, 在方法内部把 ServletRequest 和 ServletResponse48 * 转为了 HttpServletRequest 和 HttpServletResponse, 并调用了49 * doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)50 *51 * 若编写 Filter 的过滤方法不建议直接继承该方法. 而建议继承52 * doFilter(HttpServletRequest request, HttpServletResponse response,53 * FilterChain filterChain) 方法54 */
55 @Override56 public voiddoFilter(ServletRequest req, ServletResponse resp,57 FilterChain chain) throwsIOException, ServletException {58 HttpServletRequest request =(HttpServletRequest) req;59 HttpServletResponse response =(HttpServletResponse) resp;60
61 doFilter(request, response, chain);62 }63
64 /**
65 * 抽象方法, 为 Http 请求定制. 必须实现的方法.66 *@paramrequest67 *@paramresponse68 *@paramfilterChain69 *@throwsIOException70 *@throwsServletException71 */
72 public abstract voiddoFilter(HttpServletRequest request, HttpServletResponse response,73 FilterChain filterChain) throwsIOException, ServletException;74
75 /**
76 * 空的 destroy 方法。77 */
78 @Override79 public voiddestroy() {}80
81 }
6.LoginServlet.java
1 packagecom.web;2
3 importjava.io.IOException;4 importjava.lang.reflect.Method;5
6 importjavax.servlet.ServletException;7 importjavax.servlet.annotation.WebServlet;8 importjavax.servlet.http.HttpServlet;9 importjavax.servlet.http.HttpServletRequest;10 importjavax.servlet.http.HttpServletResponse;11
12 importcom.dao.UserDao;13
14 /**
15 * Servlet implementation class LoginServlet16 */
17 @WebServlet("/loginServlet")18 public class LoginServlet extendsHttpServlet {19 private static final long serialVersionUID = 1L;20
21 protected voiddoGet(HttpServletRequest request, HttpServletResponse response)22 throwsServletException, IOException {23 doPost(request,response);24 }25
26 protected voiddoPost(HttpServletRequest request, HttpServletResponse response)27 throwsServletException, IOException {28 String methodName=request.getParameter("method");29 try{30 Method method=getClass().getMethod(methodName, HttpServletRequest.class,HttpServletResponse.class);31 method.invoke(this, request,response);32 } catch(Exception e) {33 e.printStackTrace();34 }35 }36
37 UserDao userDao=newUserDao();38
39 public void login(HttpServletRequest request, HttpServletResponse response) throwsException {40 String name=request.getParameter("name");41 User user=userDao.get(name);42 request.getSession().setAttribute("user", user);43 //重定向到article.jsp
44 response.sendRedirect(request.getContextPath()+"/article.jsp");45 }46 public void logout(HttpServletRequest request, HttpServletResponse response) throwsException {47 request.getSession().invalidate();48 response.sendRedirect(request.getContextPath()+"/login.jsp");49 }50
51 }
7.403.jsp
1
2 pageEncoding="utf-8"%>
3
4
5
6
7
Insert title here8
9
10
没有权限
11 返回
12
13
8.article-1.jsp
1
2 pageEncoding="ISO-8859-1"%>
3
4
5
6
7
Insert title here8
9
10
1
11
12
9.article.jsp
1
2 pageEncoding="ISO-8859-1"%>
3
4
5
6
7
Insert title here8
9
10
11 Article1 page
12 Article2 page
13 Article3 page
14 Article4 page
15 Logout
16
17
18
10.login.jsp\
1
2 pageEncoding="ISO-8859-1"%>
3
4
5
6
7
Insert title here8
9
10
11 name:
12
13
14
15