快捷導(dǎo)航

java中使用Filter控制用戶登錄權(quán)限具體實(shí)例

更新時(shí)間：2013年06月19日 11:13:00 作者：

java中使用Filter控制用戶登錄權(quán)限具體實(shí)例，需要的朋友可以參考一下

學(xué)jsp這么長(zhǎng)時(shí)間，做的項(xiàng)目也有七八個(gè)了，可所有的項(xiàng)目都是用戶登錄就直接跳轉(zhuǎn)到其擁有權(quán)限的頁(yè)面，或者顯示可訪問(wèn)頁(yè)面的鏈接。使用這種方式來(lái)幼稚地控制訪問(wèn)權(quán)限。從來(lái)沒(méi)有想過(guò)如果我沒(méi)有登錄，直接輸入地址也可以直接訪問(wèn)用戶的頁(yè)面的。

在jsp中權(quán)限的控制是通過(guò)Filter過(guò)濾器來(lái)實(shí)現(xiàn)的，所有的開(kāi)發(fā)框架中都集成有Filter，如果不適用開(kāi)發(fā)框架則有如下實(shí)現(xiàn)方法：

LoginFilter.java

復(fù)制代碼代碼如下:

public class LoginFilter implements Filter {

private String permitUrls[] = null;

private String gotoUrl = null;

public void destroy() {

// TODO Auto-generated method stub

permitUrls = null;

gotoUrl = null;

}

public void doFilter(ServletRequest request, ServletResponse response,

FilterChain chain) throws IOException, ServletException {

// TODO Auto-generated method stub

HttpServletRequest res=(HttpServletRequest) request;

HttpServletResponse resp=(HttpServletResponse)response;

if(!isPermitUrl(request)){

if(filterCurrUrl(request)){

System.out.println("--->請(qǐng)登錄");

resp.sendRedirect(res.getContextPath()+gotoUrl);

return;

}

System.out.println("--->允許訪問(wèn)");

chain.doFilter(request, response);

}

public boolean filterCurrUrl(ServletRequest request){

boolean filter=false;

HttpServletRequest res=(HttpServletRequest) request;

User user =(User) res.getSession().getAttribute("user");

if(null==user)

filter=true;

return filter;

}

public boolean isPermitUrl(ServletRequest request) {

boolean isPermit = false;

String currentUrl = currentUrl(request);

if (permitUrls != null && permitUrls.length > 0) {

for (int i = 0; i < permitUrls.length; i++) {

if (permitUrls[i].equals(currentUrl)) {

isPermit = true;

break;

}

return isPermit;

}

//請(qǐng)求地址

public String currentUrl(ServletRequest request) {

HttpServletRequest res = (HttpServletRequest) request;

String task = request.getParameter("task");

String path = res.getContextPath();

String uri = res.getRequestURI();

if (task != null) {// uri格式 xx/ser

uri = uri.substring(path.length(), uri.length()) + "?" + "task="

+ task;

} else {

uri = uri.substring(path.length(), uri.length());

}

System.out.println("當(dāng)前請(qǐng)求地址:" + uri);

return uri;

}

public void init(FilterConfig filterConfig) throws ServletException {

// TODO Auto-generated method stub

String permitUrls = filterConfig.getInitParameter("permitUrls");

String gotoUrl = filterConfig.getInitParameter("gotoUrl");

this.gotoUrl = gotoUrl;

if (permitUrls != null && permitUrls.length() > 0) {

this.permitUrls = permitUrls.split(",");

}

Web.xml

復(fù)制代碼代碼如下:

<filter-name>loginFilter</filter-name>

<filter-class>filter.LoginFilter</filter-class>

<init-param>

<param-name>ignore</param-name>

<param-value>false</param-value>

</init-param>

<init-param>

<param-name>permitUrls</param-name>

<param-value>/,/servlet/Loginservlet?task=login,/public.jsp,/login.jsp</param-value>

</init-param>

<init-param>

<param-name>gotoUrl</param-name>

<param-value>/login.jsp</param-value>

</init-param>

</filter>

<filter-mapping>

<filter-name>loginFilter</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

這短代碼主要實(shí)現(xiàn)了用戶登錄的過(guò)濾，權(quán)限過(guò)濾原理相同。只需要把判斷用戶是否登錄換成是否有權(quán)限就可以了！

您可能感興趣的文章:

欧美bbbwbbbw肥妇,免费乱码人妻系列日韩,一级黄片

軟件下載

源碼下載

軟件編程

網(wǎng)絡(luò)編程

在線工具

數(shù)據(jù)庫(kù)

CMS

常用工具

java中使用Filter控制用戶登錄權(quán)限具體實(shí)例

相關(guān)文章

最新評(píng)論

大家感興趣的內(nèi)容

最近更新的內(nèi)容

常用在線小工具