最近在写用户权限管理模块,在表结构上由于是内部运营使用的系统,用户权限管理的复杂度没那么高,所以简单的采用了用户表,角色表,权限表三张表以及关联表,至于资源表看是否需要再增加.组表等暂不考虑使用.前言
这篇小记并不是要叙述我编写用户管理模块的整个过程.而是要记录我用到的4个过滤器用来实现用户权限管理功能.
1.LoginStateFilter.java
public class LoginStateFilter implements Filter {
private String userSessionKey;
private String redirectPage;
private String unCheckURL;
@Override
public void destroy() {
// TODO Auto-generated method stub
}
/**
* 检验用户是否登录filter
*/
@Override
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain)
throws IOException, ServletException {
//获取请求的servletPaht
HttpServletRequest request = (HttpServletRequest)req;
HttpServletResponse response = (HttpServletResponse)resp;
String servletPath = request.getServletPath();
String requestMedthod = request.getMethod();
//检查该url是否为不需要检查的url
List<String> list = Arrays.asList(unCheckURL.split(","));
if(null!=list && list.contains(servletPath)) {
chain.doFilter(request, response);
return;
}
//查询是否登录,未登录则跳转登录页面
UserLoginInfoModel loginUser = (UserLoginInfoModel) request.getSession().getAttribute(userSessionKey);
if(null==loginUser) {
if("POST".equals(requestMedthod)) {//post请求时发送未登录信息
response.setStatus(302);//临时定向响应码
response.setHeader("Location", request.getContextPath() + redirectPage);//代表转向的地址
//response.sendRedirect(request.getContextPath() + redirectPage);
}
else {//其他请求跳转
response.sendRedirect(request.getContextPath() + redirectPage);
}
return;
}
chain.doFilter(request, response);
}
@Override
public void init(FilterConfig cfg) throws ServletException {
ServletContext context = cfg.getServletContext();
userSessionKey = context.getInitParameter("userSessionKey");
redirectPage = context.getInitParameter("redirectPage");
unCheckURL = context.getInitParameter("unCheckURL");
}
}
说明:这个是用来控制用户登录状态的,用户在请求资源前(静态资源如css,js,gif等除外)首先通过该过滤器检验其是否登录,若未登录则转到登录页面(系统页面都需要登录后才能访问).