• Filter案例


    1、有选择的被访问

      描述:首先若用户没有在页面提交注册(直接访问list.jsp),就只能被允许访问a.jsp。其他页面均不被允许访问

    在login.jsp提交信息之后,可以在b.jsp访问,


    代码如下:

    创建留个页面(login.jsp、list.jsp、a.jsp、b.jsp、c.jsp、d.jsp),这里就不写了,可以参考全部代码(在本文的最后面有链接)

    创建Logservlet去处理登入后的逻辑处理

    package com.gqx.login;
    
    import java.io.IOException;
    import java.io.PrintWriter;
    
    import javax.servlet.ServletException;
    import javax.servlet.http.HttpServlet;
    import javax.servlet.http.HttpServletRequest;
    import javax.servlet.http.HttpServletResponse;
    
    public class LogServlet extends HttpServlet {
    	public void doGet(HttpServletRequest request, HttpServletResponse response)
    			throws ServletException, IOException {
    		String name=request.getParameter("user");
    		
    		if (name!=null && name!="") {
    			request.getSession().setAttribute("user", name);
    			response.sendRedirect(request.getContextPath()+"/login/list.jsp");
    		}else {
    			response.sendRedirect(request.getContextPath()+"/login/login.jsp");
    		}
    		
    	}
    
    	
    	public void doPost(HttpServletRequest request, HttpServletResponse response)
    			throws ServletException, IOException {
    		this.doGet(request, response);
    	}
    
    }
    

    然后是最重要的Filter过滤器了,这里对权限的设置实在web.xml里面配置实现的,如下

    <!-- 用户信息放入到session中的关键字 -->
    	<context-param>
    		<param-name>userSession</param-name>
    		<param-value>USERSISSION</param-value>
    	</context-param>
    	<!-- 未登入,需重定向的页面 -->
    	<context-param>
    		<param-name>rediretPage</param-name>
    		<param-value>/login/login.jsp</param-value>
    	</context-param>
    	<!-- 不需要拦截或检查的url,可以被外界直接访问的-->
    	<context-param>
    		<param-name>uncheckedUrl</param-name>
    		<param-value>/login/a.jsp,/login/list.jsp,/login/login.jsp,/LogServlet</param-value>
    	</context-param>
    	
    	<filter>
    		<filter-name>LoginFilter</filter-name>
    		<filter-class>com.gqx.login.LoginFilter</filter-class>
    	</filter>
    	<filter-mapping>
    		<filter-name>LoginFilter</filter-name>
    		<url-pattern>/login/*</url-pattern>
    	</filter-mapping>
    

    接着是根据xml里面的配置去做有选择性的去做过滤

    package com.gqx.login;
    
    import java.io.IOException;
    import java.util.ArrayList;
    import java.util.Arrays;
    import java.util.List;
    
    import javax.jms.Session;
    import javax.servlet.Filter;
    import javax.servlet.FilterChain;
    import javax.servlet.FilterConfig;
    import javax.servlet.ServletContext;
    import javax.servlet.ServletException;
    import javax.servlet.ServletRequest;
    import javax.servlet.ServletResponse;
    import javax.servlet.http.HttpServletRequest;
    import javax.servlet.http.HttpServletResponse;
    
    public class LoginFilter implements Filter {
    	
    	private String userSession;
    	private String rediretPage;
    	private String uncheckedUrl;
    	
    	@Override
    	public void init(FilterConfig arg0) throws ServletException {
    		// TODO Auto-generated method stub
    		ServletContext servletContext=arg0.getServletContext();
    		
    		userSession=servletContext.getInitParameter("userSession");
    		rediretPage=servletContext.getInitParameter("rediretPage");
    		uncheckedUrl=servletContext.getInitParameter("uncheckedUrl");
    	}
    
    	@Override
    	public void destroy() {
    		// TODO Auto-generated method stub
    		
    	}
    
    	@Override
    	public void doFilter(ServletRequest arg0, ServletResponse arg1,
    			FilterChain arg2) throws IOException, ServletException {
    		// TODO Auto-generated method stub
    		HttpServletRequest request=(HttpServletRequest)arg0;
    		HttpServletResponse response=(HttpServletResponse)arg1;
    		
    		//1、获取来的请求的URL
    		String requestUrl=request.getRequestURL().toString();	// http://localhost:8080/FilterDemo/login/login.jsp
    		String requestUri=request.getRequestURI().toString();// /FilterDemo/login/login.jsp
    		String  servletPath=request.getServletPath();// /login/login.jsp
    
    		//2、检查1获取的servletPath是否为不需要检查的URL中的而一个
    		List<String> urls=Arrays.asList(uncheckedUrl.split(","));
    		if (urls.contains(servletPath)) {
    			arg2.doFilter(request, response);
    			return;
    		}
    		
    		//3、从session中获取userSession,判断值是否存在
    		Object user=request.getSession().getAttribute("user");
    		
    		if (user==null) {
    			response.sendRedirect(request.getContextPath()+rediretPage);
    			return;
    		}
    		
    		//4、存在,就允许访问
    		arg2.doFilter(request, response);
    	}
    
    	
    
    }
    

    根据以上的代码就可以实现那些功能了。


    (2)、管理权限的去访问

     问题描述:通过设置允许用户去访问某些页面,若设置某用户可以访问某些页面,提交之后,去登入,在列表页根据用户的权限去及时的反应。(由于没有存数据库,本地自己自己认为的加上了两个用户AAA和BBB)

     

    权限修改之后,提交,再去login.jsp去访问,输入用户,便可以去访问相对应权限的文章


    实现代码

    (1)、首先两个javaBean。User(用于管理其对应的名字和所有的权限)和Authority类(每一个权限以及他的url,通过url去访问其文章)。 

    package com.gqx.demo1;
    
    import java.util.List;
    // 封装用户信息: User
    public class User {
    	private String username;
    	private List<Authority> authorities;
    
    	public String getUsername() {
    		return username;
    	}
    
    	public void setUsername(String username) {
    		this.username = username;
    	}
    
    	public List<Authority> getAuthorities() {
    		return authorities;
    	}
    
    	public void setAuthorities(List<Authority> authorities) {
    		this.authorities = authorities;
    	}
    
    	public User(String username, List<Authority> authorities) {
    		super();
    		this.username = username;
    		this.authorities = authorities;
    	}
    
    	public User() {
    		// TODO Auto-generated constructor stub
    	}
    }
    
    package com.gqx.demo1;
    
    public class Authority {
    
    	//显示到页面上的权限的名字
    	private String displayName;
    	
    	//权限对应的 URL 地址: 已权限对应着一个 URL, 例如 Article-1 -> /article-1.jsp
    	private String url;
    
    	public String getDisplayName() {
    		return displayName;
    	}
    
    	public void setDisplayName(String displayName) {
    		this.displayName = displayName;
    	}
    
    	public String getUrl() {
    		return url;
    	}
    
    	public void setUrl(String url) {
    		this.url = url;
    	}
    
    	public Authority(String displayName, String url) {
    		super();
    		this.displayName = displayName;
    		this.url = url;
    	}
    
    	public Authority() {
    		// TODO Auto-generated constructor stub
    	}
    
    	@Override
    	public int hashCode() {
    		final int prime = 31;
    		int result = 1;
    		result = prime * result + ((url == null) ? 0 : url.hashCode());
    		return result;
    	}
    
    	@Override
    	public boolean equals(Object obj) {
    		if (this == obj)
    			return true;
    		if (obj == null)
    			return false;
    		if (getClass() != obj.getClass())
    			return false;
    		Authority other = (Authority) obj;
    		if (url == null) {
    			if (other.url != null)
    				return false;
    		} else if (!url.equals(other.url))
    			return false;
    		return true;
    	}
    	
    	
    }
    

    用户权限的管理(UserDao)

    package com.gqx.demo1;
    
    import java.util.ArrayList;
    import java.util.HashMap;
    import java.util.List;
    import java.util.Map;
    //用户的权限管理,获取和修改操作
    public class UserDao {
    	private static Map<String, User> users;    //用户所有的权限
    	private static List<Authority> authorities =null;	//权限的种类
    	
    	static{
    		//在authorities中一共有多少种权限
    		authorities=new ArrayList<Authority>();
    		authorities.add(new Authority("Article-1", "/article-1.jsp"));
    		authorities.add(new Authority("Article-2", "/article-2.jsp"));
    		authorities.add(new Authority("Article-3", "/article-3.jsp"));
    		authorities.add(new Authority("Article-4", "/article-4.jsp"));
    		
    		users=new HashMap<String, User>();
    		User user1=new User("AAA",authorities.subList(0, 2)); //sublist:左闭右关
    		users.put("AAA", user1);
    		User user2=new User("BBB",authorities.subList(2,4)); //sublist:左闭右关
    		users.put("BBB", user2);
    	}
    	
    	//获取用户的全部信息
    	User get(String username){
    		return users.get(username); 
    	}
    	//修改用户的信息
    	void update(String name,List<Authority> authorities){
    		users.get(name).setAuthorities(authorities);
    	}
    	
    	//获取所有的Authorities(一共有多少种authority)
    	public static List<Authority> getAuthorities() {
    		return authorities;
    	}
    	
    	public List<Authority> getAuthorities(String[] urls) {
    		List<Authority> authorities2 = new ArrayList<>();
    		
    		for(Authority authority: authorities){
    			if(urls != null){
    				for(String url: urls){
    					if(url.equals(authority.getUrl())){
    						authorities2.add(authority);
    					}
    				}
    			}			
    		}
    		
    		return authorities2;
    	}
    	
    	
    }

     还有两个servlet,第一个是处理用户权限的访问(显示登入者所有的权限)以及修改其对应的权限

    package com.gqx.demo1;
    
    import java.io.IOException;
    import java.io.PrintWriter;
    import java.lang.reflect.InvocationTargetException;
    import java.lang.reflect.Method;
    import java.util.ArrayList;
    import java.util.List;
    
    import javax.servlet.ServletException;
    import javax.servlet.http.HttpServlet;
    import javax.servlet.http.HttpServletRequest;
    import javax.servlet.http.HttpServletResponse;
    
    public class AuthorityServlet extends HttpServlet {
    
    	private static final long serialVersionUID = 1L;
    	
    	public void doGet(HttpServletRequest request, HttpServletResponse response)
    			throws ServletException, IOException {
    		String methodName=request.getParameter("method");
    		//为了让一个servlet响应多个请求,这里可以使用反射
    		try {
    			Method method=getClass().getMethod(methodName, HttpServletRequest.class,HttpServletResponse.class);
    			method.invoke(this, request,response); 
    		} catch (Exception e) {
    			// TODO Auto-generated catch block
    			e.printStackTrace();
    		}
    	}
    
    	public void doPost(HttpServletRequest request, HttpServletResponse response)
    			throws ServletException, IOException {
    		this.doGet(request, response);
    	}
    	
    	private UserDao userDao=new UserDao();
    	//获取用户所有的信息
    	public void getAuthorities(HttpServletRequest request, HttpServletResponse response)
    			throws ServletException, IOException {
    		String userName=request.getParameter("username");
    		User user =userDao.get(userName);
    		request.setAttribute("user", user);
    		request.setAttribute("authorities", userDao.getAuthorities());
    		request.getRequestDispatcher("/authority-manager.jsp").forward(request, response);
    	}
    							
    	public void updateAuthority(HttpServletRequest request, HttpServletResponse response)
    			throws ServletException, IOException {
    		String username = request.getParameter("username");
    	
    			String [] authorities = request.getParameterValues("authority");
    			List<Authority> authorityList = userDao.getAuthorities(authorities);
    			
    			userDao.update(username, authorityList);
    			response.sendRedirect(request.getContextPath() + "/authority-manager.jsp");
    		
    	}
    	
    }
    

    另一个是登入的servlet(主要是完成登入和注销的功能)

    package com.gqx.demo1;
    
    import java.io.IOException;
    import java.io.PrintWriter;
    import java.lang.reflect.Method;
    
    import javax.servlet.ServletException;
    import javax.servlet.http.HttpServlet;
    import javax.servlet.http.HttpServletRequest;
    import javax.servlet.http.HttpServletResponse;
    
    public class LoginServlet extends HttpServlet {
    
    	private static final long serialVersionUID = 1L;
    
    	public void doGet(HttpServletRequest request, HttpServletResponse response)
    			throws ServletException, IOException {
    		String methodName=request.getParameter("method");
    		//为了让一个servlet响应多个请求,这里可以使用反射
    		try {
    			Method method=getClass().getMethod(methodName, HttpServletRequest.class,HttpServletResponse.class);
    			method.invoke(this, request,response); 
    		} catch (Exception e) {
    			// TODO Auto-generated catch block
    			e.printStackTrace();
    		}
    	}
    
    	public void doPost(HttpServletRequest request, HttpServletResponse response)
    			throws ServletException, IOException {
    		this.doGet(request, response);
    	}
    	
    	private UserDao userDao=new UserDao();
    	public void login(HttpServletRequest request, HttpServletResponse response)
    			throws ServletException, IOException {
    		//1、获取用户的username
    		String name=request.getParameter("name");
    		//2、调用userDao获取信息,把用户信息放入到session中,
    		User user=userDao.get(name);
    		request.getSession().setAttribute("user", user);
    		//3、重定向到article.jsp
    		response.sendRedirect(request.getContextPath()+"/articles.jsp");
    	}
    	
    	public void logout(HttpServletRequest request, HttpServletResponse response)
    			throws ServletException, IOException {
    			//1. 获取 HttpSession
    		
    				//2. 使 HttpSession 失效
    				request.getSession().invalidate();
    				
    				//3. 重定向到 /loign.jsp
    				response.sendRedirect(request.getContextPath() + "/login.jsp");
    	}
    
    }
    

    最后是最重要的过滤器了,指定了哪些情况下是可以去访问哪些资源的,以及如何处理没有权限的访问。这里如果没有权限,则会统一去到一个页面(403.jsp)。

    package com.gqx.demo1;
    
    import java.io.IOException;
    import java.util.Arrays;
    import java.util.List;
    
    import javax.servlet.Filter;
    import javax.servlet.FilterChain;
    import javax.servlet.FilterConfig;
    import javax.servlet.ServletException;
    import javax.servlet.ServletRequest;
    import javax.servlet.ServletResponse;
    import javax.servlet.http.HttpServletRequest;
    import javax.servlet.http.HttpServletResponse;
    
    public class AuthorityFilter implements Filter {
    
    	@Override
    	public void destroy() {
    		// TODO Auto-generated method stub
    		
    	}
    
    	@Override
    	public void doFilter(ServletRequest arg0, ServletResponse arg1,
    			FilterChain filterChain) throws IOException, ServletException {
    		// TODO Auto-generated method stub
    		HttpServletRequest request=(HttpServletRequest)arg0;
    		HttpServletResponse response=(HttpServletResponse)arg1;
    //		- 获取 servletPath, 类似于 /app_3/article1.jsp
    		String servletPath = request.getServletPath();
    		
    		//不需要被拦截的 url 列表. 
    		List<String> uncheckedUrls = Arrays.asList("/403.jsp", "/articles.jsp", 
    				"/authority-manager.jsp", "/login.jsp", "/logout.jsp");
    		
    		if(uncheckedUrls.contains(servletPath)){
    			filterChain.doFilter(request, response);
    			return;
    		}
    		
    //		- 在用户已经登录(可使用 用户是否登录 的过滤器)的情况下, 获取用户信息. session.getAttribute("user")
    		User user = (User)request.getSession().getAttribute("user");
    		if(user == null){
    			response.sendRedirect(request.getContextPath() + "/login.jsp");
    			return;
    		}
    		
    //		- 再获取用户所具有的权限的信息: List<Authority>
    		List<Authority> authorities = user.getAuthorities();
    		
    		// - 检验用户是否有请求 servletPath 的权限: 可以思考除了遍历以外, 有没有更好的实现方式
    		Authority authority = new Authority(null, servletPath);
    		// - 若有权限则: 响应
    		if (authorities.contains(authority)) {
    			filterChain.doFilter(request, response);
    			return;
    		}
    		
    //		- 若没有权限: 重定向到 403.jsp 
    		response.sendRedirect(request.getContextPath() + "/403.jsp");
    		return;
    	
    	}
    
    	@Override
    	public void init(FilterConfig arg0) throws ServletException {
    		// TODO Auto-generated method stub
    		
    	}
    
    }
    

    其他的html代码,在文中最后部分有下载


    代码下载

  • 相关阅读:
    需求分析与系统设计(二)阅读笔记
    阅读笔记:需求分析与系统设计(一)
    css方法div固定在网页底部
    阅读笔记:软件需求十步走(三)
    剑指offer 二维数组中的查找
    剑指offer 替换空格
    剑指offer 重建二叉树
    git常用操作
    关于 IO的同步异步间要描述
    svn-代码回滚
  • 原文地址:https://www.cnblogs.com/helloworldcode/p/6107788.html
Copyright © 2020-2023  润新知