Filter实现权限拦截
在实现一个Javaweb项目时,有时候客户端获取某些资源需要一定的权限,这时候便可以在这些资源的路由上加过滤器,对客户端的身份进行验证;
例子:需要管理员权限才能访问系统资源(sys/sys.jsp)
-
先实现一个登录注册功能:
-
主页
<%@ page contentType="text/html;charset=UTF-8" language="java" %> <html> <head> <title>$Title$</title> </head> <body> <h1>这里是主页面</h1> <a href="login.jsp">login</a> <a href="/logout">logout</a> </body> </html>
-
登录页面
<%@ page contentType="text/html;charset=UTF-8" language="java" %> <html> <head> <title>$Title$</title> </head> <body> <form action="/login"> <input type="text" name="username"> <input type="submit" value="提交"> </form> </body> </html>
-
Login Servlet
package com.kangzhu.servlet; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; public class Login extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { String username = req.getParameter("username"); if (username.equals("admin")) { req.getSession().setAttribute("isLogin", true); req.getSession().setAttribute("username", username); req.getSession().setAttribute("isAdmin", true); resp.sendRedirect("/index.jsp"); }else { req.getSession().setAttribute("isLogin", true); req.getSession().setAttribute("username", username); resp.sendRedirect("/index.jsp"); } } @Override protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { doGet(req, resp); } }
-
Logout Servlet
package com.kangzhu.servlet; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; public class Login extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { String username = req.getParameter("username"); if (username.equals("admin")) { req.getSession().setAttribute("isLogin", true); req.getSession().setAttribute("username", username); req.getSession().setAttribute("isAdmin", true); resp.sendRedirect("/index.jsp"); }else { req.getSession().setAttribute("isLogin", true); req.getSession().setAttribute("username", username); resp.sendRedirect("/index.jsp"); } } @Override protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { doGet(req, resp); } }
-
在web.xml中进行注册
<servlet> <servlet-name>Login</servlet-name> <servlet-class>com.kangzhu.servlet.Login</servlet-class> </servlet> <servlet-mapping> <servlet-name>Login</servlet-name> <url-pattern>/login</url-pattern> </servlet-mapping> <servlet> <servlet-name>logout</servlet-name> <servlet-class>com.kangzhu.servlet.Logout</servlet-class> </servlet> <servlet-mapping> <servlet-name>logout</servlet-name> <url-pattern>/logout</url-pattern> </servlet-mapping>
-
-
通过过滤器实现权限认证
-
过滤器
package com.kangzhu.filter; import javax.servlet.*; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; public class SysFilter implements Filter { public void init(FilterConfig filterConfig) throws ServletException { } public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest; HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse; Boolean isAdmin = (Boolean) httpServletRequest.getSession().getAttribute("isAdmin"); if (isAdmin == null) { httpServletResponse.sendRedirect("/error.jsp"); } filterChain.doFilter(servletRequest, servletResponse); } public void destroy() { } }
-
在web.xml中注册过滤器
<filter> <filter-name>sysFilter</filter-name> <filter-class>com.kangzhu.filter.SysFilter</filter-class> </filter> <filter-mapping> <filter-name>sysFilter</filter-name> <url-pattern>/sys/*</url-pattern> </filter-mapping>
-
error.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %> <html> <head> <title>$Title$</title> </head> <body> <h1>请先登录管理员账户</h1> </body> </html>
-