首页 > 编程 > Java > 正文

java中使用Filter控制用户登录权限具体实例

2019-11-26 16:03:24
字体:
来源:转载
供稿:网友

学jsp这么长时间,做的项目也有七八个了,可所有的项目都是用户登录就直接跳转到其拥有权限的页面,或者显示可访问页面的链接。使用这种方式来幼稚地控制访问权限。从来没有想过如果我没有登录,直接输入地址也可以直接访问用户的页面的。

在jsp中权限的控制是通过Filter过滤器来实现的,所有的开发框架中都集成有Filter,如果不适用开发框架则有如下实现方法:

LoginFilter.java

复制代码 代码如下:

public class LoginFilter implements Filter { 

    private String permitUrls[] = null; 

    private String gotoUrl = null; 

    public void destroy() { 

        // TODO Auto-generated method stub 

        permitUrls = null; 

        gotoUrl = null; 

    } 

    public void doFilter(ServletRequest request, ServletResponse response, 

            FilterChain chain) throws IOException, ServletException { 

        // TODO Auto-generated method stub 

        HttpServletRequest res=(HttpServletRequest) request; 

        HttpServletResponse resp=(HttpServletResponse)response; 

        if(!isPermitUrl(request)){ 

            if(filterCurrUrl(request)){ 

                System.out.println("--->请登录"); 

                resp.sendRedirect(res.getContextPath()+gotoUrl); 

                return; 

            } 

        } 

        System.out.println("--->允许访问"); 

        chain.doFilter(request, response); 

    } 

    public boolean filterCurrUrl(ServletRequest request){ 

        boolean filter=false; 

        HttpServletRequest res=(HttpServletRequest) request; 

        User user =(User) res.getSession().getAttribute("user"); 

        if(null==user) 

            filter=true; 

        return filter; 

    }       

    public boolean isPermitUrl(ServletRequest request) { 

        boolean isPermit = false; 

        String currentUrl = currentUrl(request); 

        if (permitUrls != null && permitUrls.length > 0) { 

            for (int i = 0; i < permitUrls.length; i++) { 

                if (permitUrls[i].equals(currentUrl)) { 

                    isPermit = true; 

                    break; 

                } 

            } 

        } 

        return isPermit; 

    }        

    //请求地址 

    public String currentUrl(ServletRequest request) {   

        HttpServletRequest res = (HttpServletRequest) request; 

        String task = request.getParameter("task"); 

        String path = res.getContextPath(); 

        String uri = res.getRequestURI(); 

        if (task != null) {// uri格式 xx/ser 

            uri = uri.substring(path.length(), uri.length()) + "?" + "task="

                    + task; 

        } else { 

            uri = uri.substring(path.length(), uri.length()); 

        } 

        System.out.println("当前请求地址:" + uri); 

        return uri; 

    } 

    public void init(FilterConfig filterConfig) throws ServletException { 

        // TODO Auto-generated method stub 

        String permitUrls = filterConfig.getInitParameter("permitUrls"); 

        String gotoUrl = filterConfig.getInitParameter("gotoUrl"); 

  

        this.gotoUrl = gotoUrl; 

  

        if (permitUrls != null && permitUrls.length() > 0) { 

            this.permitUrls = permitUrls.split(","); 

        } 

    } 

}


Web.xml

复制代码 代码如下:

<filter> 

    <filter-name>loginFilter</filter-name> 

    <filter-class>filter.LoginFilter</filter-class> 

  

    <init-param> 

        <param-name>ignore</param-name> 

        <param-value>false</param-value> 

    </init-param> 

    <init-param> 

        <param-name>permitUrls</param-name> 

        <param-value>/,/servlet/Loginservlet?task=login,/public.jsp,/login.jsp</param-value> 

    </init-param> 

    <init-param> 

        <param-name>gotoUrl</param-name> 

        <param-value>/login.jsp</param-value> 

    </init-param> 

</filter> 

<filter-mapping> 

    <filter-name>loginFilter</filter-name> 

    <url-pattern>/*</url-pattern> 

</filter-mapping>

这短代码主要实现了用户登录的过滤,权限过滤原理相同。只需要把判断用户是否登录换成是否有权限就可以了!

发表评论 共有条评论
用户名: 密码:
验证码: 匿名发表