javaweb设计中filter粗粒度权限控制代码示例

<?xml version="1.0" encoding="UTF-8"?> <web-app version="2.5"  xmlns="http://java.sun.com/xml/ns/javaee"  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  xsi:schemaLocation="http://java.sun.com/xml/ns/javaee  http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"> <servlet>  <servlet-name>LoginServlet</servlet-name>  <servlet-class>com.cug.web.servlet.LoginServlet</servlet-class> </servlet> <servlet-mapping>  <servlet-name>LoginServlet</servlet-name>  <url-pattern>/LoginServlet</url-pattern> </servlet-mapping> <welcome-file-list>  <welcome-file>index.jsp</welcome-file> </welcome-file-list> <filter>  <filter-name>UserFilter</filter-name>  <filter-class>com.cug.filter.UserFilter</filter-class> </filter> <filter-mapping>  <filter-name>UserFilter</filter-name>  <url-pattern>/user/*</url-pattern> </filter-mapping> <filter>  <filter-name>AdminFilter</filter-name>  <filter-class>com.cug.filter.AdminFilter</filter-class> </filter> <filter-mapping>  <filter-name>AdminFilter</filter-name>  <url-pattern>/admin/*</url-pattern> </filter-mapping> </web-app> 

package com.cug.web.servlet;import java.io.IOException;import javax.servlet.ServletException;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import com.cug.domain.User;import com.cug.web.service.UserService;public class LoginServlet extends HttpServlet{	@Override 	 protected void doPost(HttpServletRequest req, HttpServletResponse resp) 	   throws ServletException, IOException {		req.setCharacterEncoding("utf-8");		resp.setContentType("text/html;charset=utf-8");		String username = req.getParameter("username");		String password = req.getParameter("password");		User user = UserService.login(username, password);		if(user == null){			req.setAttribute("msg", "用户名或者密码错误");			req.getRequestDispatcher("/login.jsp").forward(req, resp);		} else{			req.getSession().setAttribute("user", user);			req.getRequestDispatcher("index.jsp").forward(req,resp);		}	}}

package com.cug.web.service;import java.util.HashMap;import java.util.Map;import com.cug.domain.User;public class UserService {	private static Map<String, User> users = new HashMap<String, User>();	static{		users.put("zhu", new User("zhu", "123", 2));		users.put("xiao", new User("xiao", "123", 1));	}	public static User login(String username, String password){		User user = users.get(username);		if(user == null) 		   return null;		if(!user.getPassword().equals(password)) 		   return null;		return user;	}}

package com.cug.filter;import java.io.IOException;import javax.servlet.Filter;import javax.servlet.FilterChain;import javax.servlet.FilterConfig;import javax.servlet.ServletException;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import javax.servlet.http.HttpServletRequest;import com.cug.domain.User;public class AdminFilter implements Filter{	@Override 	 public void destroy() {	}	@Override 	 public void doFilter(ServletRequest req, ServletResponse resp, 	   FilterChain chain) throws IOException, ServletException {		req.setCharacterEncoding("utf-8");		resp.setContentType("text/html;charset=utf-8");		HttpServletRequest request = (HttpServletRequest)req;		User user = (User)request.getSession().getAttribute("user");		if(user == null){			resp.getWriter().print("用户还没有登陆");			request.getRequestDispatcher("/login.jsp").forward(req, resp);		}		if(user.getGrade() < 2){			resp.getWriter().print("您的等级不够");			return;		}		chain.doFilter(req, resp);	}	@Override 	 public void init(FilterConfig arg0) throws ServletException {	}}

package com.cug.filter;import java.io.IOException;import javax.servlet.Filter;import javax.servlet.FilterChain;import javax.servlet.FilterConfig;import javax.servlet.ServletException;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import javax.servlet.http.HttpServletRequest;import com.cug.domain.User;public class UserFilter implements Filter{	@Override 	 public void destroy() {	}	@Override 	 public void doFilter(ServletRequest request, ServletResponse response, 	   FilterChain chain) throws IOException, ServletException {		request.setCharacterEncoding("utf-8");		response.setContentType("text/html;charset=utf-8");		HttpServletRequest httpReq = (HttpServletRequest)request;		User user = (User)httpReq.getSession().getAttribute("user");		if(user == null){			request.getRequestDispatcher("/login.jsp").forward(request, response);		}		chain.doFilter(request, response);	}	@Override 	 public void init(FilterConfig filterConfig) throws ServletException {	}}

package com.cug.domain;public class User {	private String username;	private String password;	private int grade;	public User() {		super();	}	public User(String username, String password, int grade) {		super();		this.username = username;		this.password = password;		this.grade = grade;	}	public String getUsername() {		return username;	}	public void setUsername(String username) {		this.username = username;	}	public String getPassword() {		return password;	}	public void setPassword(String password) {		this.password = password;	}	public int getGrade() {		return grade;	}	public void setGrade(int grade) {		this.grade = grade;	}	@Override 	 public String toString() {		return "User [username=" + username + ", password=" + password 		    + ", grade=" + grade + "]";	}}

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%> <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> <% String path = request.getContextPath(); String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/"; %> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html>  <head>  <base href="<%=basePath%>" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" >  <title>My JSP 'admin.jsp' starting page</title>  <meta http-equiv="pragma" content="no-cache">  <meta http-equiv="cache-control" content="no-cache">  <meta http-equiv="expires" content="0">   <meta http-equiv="keywords" content="keyword1,keyword2,keyword3">  <meta http-equiv="description" content="This is my page">  <!--  <link rel="stylesheet" type="text/css" href="styles.css" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" >  -->  </head>  <body>  <h1>admin.jsp</h1>  <h3>${user.username }</h3>  <a href="<c:url value='/index.jsp'/>" rel="external nofollow" rel="external nofollow" rel="external nofollow" >首页</a><br/>  <a href="<c:url value='/user/user.jsp'/>" rel="external nofollow" rel="external nofollow" rel="external nofollow" >用户页</a><br/>  <a href="<c:url value='/admin/admin.jsp'/>" rel="external nofollow" rel="external nofollow" rel="external nofollow" >系统管理员</a><br/>  </body> </html> 

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%> <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> <% String path = request.getContextPath(); String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/"; %> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html>  <head>  <base href="<%=basePath%>" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" >  <title>My JSP 'user.jsp' starting page</title>  <meta http-equiv="pragma" content="no-cache">  <meta http-equiv="cache-control" content="no-cache">  <meta http-equiv="expires" content="0">   <meta http-equiv="keywords" content="keyword1,keyword2,keyword3">  <meta http-equiv="description" content="This is my page">  <!--  <link rel="stylesheet" type="text/css" href="styles.css" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" >  -->  </head>  <body>  <h1>user.jsp</h1>  <h3>${user.username }</h3>  <a href="<c:url value='/index.jsp'/>" rel="external nofollow" rel="external nofollow" rel="external nofollow" >首页</a><br>  <a href="<c:url value='/user/user.jsp'/>" rel="external nofollow" rel="external nofollow" rel="external nofollow" >用户登陆界面</a><br>  <a href="<c:url value='/admin/admin.jsp'/>" rel="external nofollow" rel="external nofollow" rel="external nofollow" >管理员登陆界面</a><br>  </body> </html> 

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%> <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> <% String path = request.getContextPath(); String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/"; %> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html>  <head>  <base href="<%=basePath%>" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" >  <title>My JSP 'login.jsp' starting page</title>  <meta http-equiv="pragma" content="no-cache">  <meta http-equiv="cache-control" content="no-cache">  <meta http-equiv="expires" content="0">   <meta http-equiv="keywords" content="keyword1,keyword2,keyword3">  <meta http-equiv="description" content="This is my page">  <!--  <link rel="stylesheet" type="text/css" href="styles.css" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" >  -->  </head>  <body>  ${msg }  <form action="<c:url value='/LoginServlet'/>" method="post">   用户名：<input type="text" name="username"/><br/>   密码：<input type="password" name="password"/><br/>   <input type="submit" value="登陆"/>  </form>  </body> </html> 

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%> <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> <% String path = request.getContextPath(); String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/"; %> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html>  <head>  <base href="<%=basePath%>" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" >  <title>My JSP 'index.jsp' starting page</title>  <meta http-equiv="pragma" content="no-cache">  <meta http-equiv="cache-control" content="no-cache">  <meta http-equiv="expires" content="0">   <meta http-equiv="keywords" content="keyword1,keyword2,keyword3">  <meta http-equiv="description" content="This is my page">  <!--  <link rel="stylesheet" type="text/css" href="styles.css" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" >  -->  </head>  <body>  <h1>index.jsp</h1>  <h3>${user.username }</h3>  <a href="<c:url value='/index.jsp'/>" rel="external nofollow" rel="external nofollow" rel="external nofollow" >首页</a><br>  <a href="<c:url value='/user/user.jsp'/>" rel="external nofollow" rel="external nofollow" rel="external nofollow" >用户登陆界面</a><br>  <a href="<c:url value='/admin/admin.jsp'/>" rel="external nofollow" rel="external nofollow" rel="external nofollow" >管理员登陆界面</a><br>  </body> </html>