java中使用Filter控制用戶登錄權(quán)限具體實(shí)例
學(xué)jsp這么長(zhǎng)時(shí)間,做的項(xiàng)目也有七八個(gè)了,可所有的項(xiàng)目都是用戶登錄就直接跳轉(zhuǎn)到其擁有權(quán)限的頁(yè)面,或者顯示可訪問(wèn)頁(yè)面的鏈接。使用這種方式來(lái)幼稚地控制訪問(wèn)權(quán)限。從來(lái)沒(méi)有想過(guò)如果我沒(méi)有登錄,直接輸入地址也可以直接訪問(wèn)用戶的頁(yè)面的。
在jsp中權(quán)限的控制是通過(guò)Filter過(guò)濾器來(lái)實(shí)現(xiàn)的,所有的開(kāi)發(fā)框架中都集成有Filter,如果不適用開(kāi)發(fā)框架則有如下實(shí)現(xiàn)方法:
LoginFilter.java
public class LoginFilter implements Filter {
private String permitUrls[] = null;
private String gotoUrl = null;
public void destroy() {
// TODO Auto-generated method stub
permitUrls = null;
gotoUrl = null;
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
// TODO Auto-generated method stub
HttpServletRequest res=(HttpServletRequest) request;
HttpServletResponse resp=(HttpServletResponse)response;
if(!isPermitUrl(request)){
if(filterCurrUrl(request)){
System.out.println("--->請(qǐng)登錄");
resp.sendRedirect(res.getContextPath()+gotoUrl);
return;
}
}
System.out.println("--->允許訪問(wèn)");
chain.doFilter(request, response);
}
public boolean filterCurrUrl(ServletRequest request){
boolean filter=false;
HttpServletRequest res=(HttpServletRequest) request;
User user =(User) res.getSession().getAttribute("user");
if(null==user)
filter=true;
return filter;
}
public boolean isPermitUrl(ServletRequest request) {
boolean isPermit = false;
String currentUrl = currentUrl(request);
if (permitUrls != null && permitUrls.length > 0) {
for (int i = 0; i < permitUrls.length; i++) {
if (permitUrls[i].equals(currentUrl)) {
isPermit = true;
break;
}
}
}
return isPermit;
}
//請(qǐng)求地址
public String currentUrl(ServletRequest request) {
HttpServletRequest res = (HttpServletRequest) request;
String task = request.getParameter("task");
String path = res.getContextPath();
String uri = res.getRequestURI();
if (task != null) {// uri格式 xx/ser
uri = uri.substring(path.length(), uri.length()) + "?" + "task="
+ task;
} else {
uri = uri.substring(path.length(), uri.length());
}
System.out.println("當(dāng)前請(qǐng)求地址:" + uri);
return uri;
}
public void init(FilterConfig filterConfig) throws ServletException {
// TODO Auto-generated method stub
String permitUrls = filterConfig.getInitParameter("permitUrls");
String gotoUrl = filterConfig.getInitParameter("gotoUrl");
this.gotoUrl = gotoUrl;
if (permitUrls != null && permitUrls.length() > 0) {
this.permitUrls = permitUrls.split(",");
}
}
}
Web.xml
<filter>
<filter-name>loginFilter</filter-name>
<filter-class>filter.LoginFilter</filter-class>
<init-param>
<param-name>ignore</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>permitUrls</param-name>
<param-value>/,/servlet/Loginservlet?task=login,/public.jsp,/login.jsp</param-value>
</init-param>
<init-param>
<param-name>gotoUrl</param-name>
<param-value>/login.jsp</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>loginFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
這短代碼主要實(shí)現(xiàn)了用戶登錄的過(guò)濾,權(quán)限過(guò)濾原理相同。只需要把判斷用戶是否登錄換成是否有權(quán)限就可以了!
相關(guān)文章
基于SpringIOC創(chuàng)建對(duì)象的四種方式總結(jié)
這篇文章主要介紹了基于SpringIOC創(chuàng)建對(duì)象的四種方式總結(jié),具有很好的參考價(jià)值,希望對(duì)大家有所幫助。如有錯(cuò)誤或未考慮完全的地方,望不吝賜教2021-06-06分頁(yè)技術(shù)原理與實(shí)現(xiàn)之Java+Oracle代碼實(shí)現(xiàn)分頁(yè)(二)
這篇文章主要介紹了分頁(yè)技術(shù)原理與實(shí)現(xiàn)的第二篇:Java+Oracle代碼實(shí)現(xiàn)分頁(yè),感興趣的小伙伴們可以參考一下2016-06-06IDEA創(chuàng)建Servlet并配置web.xml的實(shí)現(xiàn)
這篇文章主要介紹了IDEA創(chuàng)建Servlet并配置web.xml的實(shí)現(xiàn),文中通過(guò)示例代碼介紹的非常詳細(xì),對(duì)大家的學(xué)習(xí)或者工作具有一定的參考學(xué)習(xí)價(jià)值,需要的朋友們下面隨著小編來(lái)一起學(xué)習(xí)學(xué)習(xí)吧2020-10-10詳解Spring Boot 自定義PropertySourceLoader
這篇文章主要介紹了詳解Spring Boot 自定義PropertySourceLoader,小編覺(jué)得挺不錯(cuò)的,現(xiàn)在分享給大家,也給大家做個(gè)參考。一起跟隨小編過(guò)來(lái)看看吧2017-05-05java常用Lambda表達(dá)式使用場(chǎng)景源碼示例
這篇文章主要為大家介紹了java常用Lambda表達(dá)式使用場(chǎng)景源碼示例及應(yīng)用解析,有需要的朋友可以借鑒參考下,希望能夠有所幫助,祝大家多多進(jìn)步2022-03-03