1. HttpServletWrapper 和 HttpServletResponseWrapper
1). Servlet API 中提供了一个 HttpServletRequestWrapper 类来包装原始的 request 对象,
HttpServletRequestWrapper 类实现了 HttpServletRequest 接口中的所有方法,
这些方法的内部实现都是仅仅调用了一下所包装的的 request 对象的对应方法
//包装类实现 ServletRequest 接口.
public class ServletRequestWrapper implements ServletRequest {
//被包装的那个 ServletRequest 对象
private ServletRequest request;
//构造器传入 ServletRequest 实现类对象
public ServletRequestWrapper(ServletRequest request) {
if (request == null) {
throw new IllegalArgumentException("Request cannot be null");
}
this.request = request;
}
//具体实现 ServletRequest 的方法: 调用被包装的那个成员变量的方法实现。
public Object getAttribute(String name) {
return this.request.getAttribute(name);
}
public Enumeration getAttributeNames() {
return this.request.getAttributeNames();
}
//...
}
相类似 Servlet API 也提供了一个 HttpServletResponseWrapper 类来包装原始的 response 对象
2). 作用: 用于对 HttpServletRequest 或 HttpServletResponse 的某一个方法进行修改或增强.
public class MyHttpServletRequest extends HttpServletRequestWrapper{
public MyHttpServletRequest(HttpServletRequest request) {
super(request);
}
@Override
public String getParameter(String name) {
String val = super.getParameter(name);
if(val != null && val.contains(" fuck ")){
val = val.replace("fuck", "****");
}
return val;
}
}
3). 使用: 在 Filter 中, 利用 MyHttpServletRequest 替换传入的 HttpServletRequest
HttpServletRequest req = new MyHttpServletRequest(request);
filterChain.doFilter(req, response);
此时到达目标 Servlet 或 JSP 的 HttpServletRequest 实际上是 MyHttpServletRequest
2. 使用 Filter 完成一个简单的权限模型:
1). 需求:
①. 管理权限
> 查看某人的权限
> 修改某人的权限
②. 对访问进行权限控制: 有权限则可以访问, 否则提示: 没有对应的权限, 请 返回
2). 实现:
②. 对访问进行权限控制:
> 使用 Filter 进行权限的过滤: 检验用户是否有权限, 若有, 则直接响应目标页面; 若没有重定向到 403.jsp
* 403.jsp
<h4>
没有对应的权限,
请 <a href="">返回</a>
</h4>
* 使用 Filter 如何进行过滤:
- 获取 servletPath, 类似于 /app_3/article1.jsp
- 在用户已经登录(可使用 用户是否登录 的过滤器)的情况下, 获取用户信息. session.getAttribute("user")
- 再获取用户所具有的权限的信息: List<Authority>
- 检验用户是否有请求 servletPath 的权限: 可以思考除了遍历以外, 有没有更好的实现方式
- 若有权限则: 响应
- 若没有权限: 重定向到 403.jsp
* others:
- 用户若登录, 需要把用户信息(User 对象)放入到 HttpSession 中.
- 在检验权限之前, 需要判断用户是否已经登录.
①. 管理权限:
> 封装权限信息: Authority
Authority{
//显示到页面上的权限的名字
private String displayName;
//权限对应的 URL 地址: 已权限对应着一个 URL, 例如 Article_1 -> /app_4/article1.jsp
private String url;
}
> 封装用户信息: User
User{
private String username;
private List<Autority> authorities;
}
> 创建一个 UserDao:
User get(String username);
void update(String username, List<Autority>);
> 页面
authority-manager.jsp:
* 有一个 text 文本框, 供输入 username, 提交后, 使用 checkbox 显示当前用户所有的权限的信息.
<form action="/day_40/AuthorityServlet?method=get" method="post">
Name: <input name="name" type="text"/>
<input type="submit" value="Submit"/>
</form>
* 检查 request 中是否有 user 信息, 若有, 则显示
xxx 的权限为: 对应的权限的 checkbox 打上对号. 提示, 页面上需要通过两层循环的方式来筛选出被选择的权限.
<form action="/day_40/AuthorityServlet?method=get" method="post">
Name: <input name="name" type="text"/>
<input type="submit" value="Submit"/>
</form>
AAA 的权限是:
<br><br>
<form action="/day_40/AuthorityServlet?method=update" method="post">
<!-- 使用隐藏域来保存用户的 name -->
<input name="name" type="hidden" value="AAA"/>
<input type="checkbox" name="authority" value="/app_4/article1.jsp"
checked="checked"/>Article_1
<br><br>
<input type="checkbox" name="authority" value="/app_4/article2.jsp"
checked="checked"/>Article_2
<br><br>
<input type="checkbox" name="authority" value="/app_4/article3.jsp"
checked="checked"/>Article_3
<br><br>
<input type="checkbox" name="authority" value="/app_4/article4.jsp" />Article_4
<br><br>
<input type="submit" value="Submit"/>
</form>
> Servlet
authority-manager.jsp 提交表单后 get 方法: 获取表单的请求参数: username, 再根据 username 获取 User 信息. 把 user 放入到
request 中, 转发到 authority-manager.jsp.
authority-manager.jsp 修改权限的表单提交后 update 方法: 获取请求参数: username, authory(多选); 把选项封装为 List; 调用
UserDao 的 update() 方法实现权限的修改; 重定向到 authority-manager.jsp
3.代码区
package com.atguigu.content; import java.io.IOException; import javax.servlet.FilterChain; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequestWrapper; import javax.servlet.http.HttpServletResponse; import com.atguigu.javaweb.HttpFilter; public class ContentFilter extends HttpFilter{ public void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException { //1. 获取请求 content 参数的值 String content = request.getParameter("content"); System.out.println(request); HttpServletRequest req = new MyHttpServletRequest(request); //2. 把其中 fuck, shit 等字符串替换换为 **** if(content.contains(" fuck ")){ //SerletRequest, HttpServletRequest 中并没有提供诸如 setParameter(paramName, paramValue) //类似于这样的方法. //目标: 改变 HttpServletRequest 的 getParameter(String) 方法的行为: 若该方法的返回值中 //包含 " fuck ", 则替换为 " **** " //1. 若对于一个类的方法不满意, 需要进行重写, 最常见的方式是, 继承父类, 重写方法. //若实现则需要继承 org.apache.catalina.connector.RequestFacade, 而这仅是 Tomcat //服务器的实现, 若更换服务器, 该方案将无法使用. ×. //2. 直接写一个 HttpServletRequest 接口的实现类: 无法实现 其中方法. × //3. 装饰目前的 HttpServletRequest 对象: 装饰其 getParameter 方法, 而其他方法还和其实现相同. //创建一个类, 该类实现 HttpServletRequest 接口, 把当前 doFilter 中的 request 传入到该类中, 作为 //其成员变量, 使用该成员变量去实现接口的全部方法. } //3. 转到目标页面 filterChain.doFilter(req, response); } }
package com.atguigu.content; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequestWrapper; public class MyHttpServletRequest extends HttpServletRequestWrapper{ public MyHttpServletRequest(HttpServletRequest request) { super(request); } @Override public String getParameter(String name) { String val = super.getParameter(name); if(val != null && val.contains(" fuck ")){ val = val.replace("fuck", "****"); } return val; } }
package com.atguigu.javaweb; public class Authority { //显示到页面上的权限的名字 private String displayName; //权限对应的 URL 地址: 已权限对应着一个 URL, 例如 Article-1 -> /article-1.jsp private String url; public String getDisplayName() { return displayName; } public void setDisplayName(String displayName) { this.displayName = displayName; } public String getUrl() { return url; } public void setUrl(String url) { this.url = url; } public Authority(String displayName, String url) { super(); this.displayName = displayName; this.url = url; } public Authority() { // TODO Auto-generated constructor stub } @Override public int hashCode() { final int prime = 31; int result = 1; result = prime * result + ((url == null) ? 0 : url.hashCode()); return result; } @Override public boolean equals(Object obj) { if (this == obj) return true; if (obj == null) return false; if (getClass() != obj.getClass()) return false; Authority other = (Authority) obj; if (url == null) { if (other.url != null) return false; } else if (!url.equals(other.url)) return false; return true; } }
package com.atguigu.javaweb; import java.util.List; public class User { private String username; private List<Authority> authorities; public String getUsername() { return username; } public void setUsername(String username) { this.username = username; } public List<Authority> getAuthorities() { return authorities; } public void setAuthorities(List<Authority> authorities) { this.authorities = authorities; } public User(String username, List<Authority> authorities) { super(); this.username = username; this.authorities = authorities; } public User() { // TODO Auto-generated constructor stub } }
package com.atguigu.javaweb; import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; public class UserDao { private static Map<String, User> users; private static List<Authority> authorities = null; static{ authorities = new ArrayList<>(); authorities.add(new Authority("Article-1", "/authority/article-1.jsp")); authorities.add(new Authority("Article-2", "/authority/article-2.jsp")); authorities.add(new Authority("Article-3", "/authority/article-3.jsp")); authorities.add(new Authority("Article-4", "/authority/article-4.jsp")); users = new HashMap<String, User>(); User user1 = new User("AAA", authorities.subList(0, 2)); users.put("AAA", user1); user1 = new User("BBB", authorities.subList(2, 4)); users.put("BBB", user1); } User get(String username){ return users.get(username); } void update(String username, List<Authority> authorities){ users.get(username).setAuthorities(authorities); } public List<Authority> getAuthorities() { return authorities; } public List<Authority> getAuthorities(String[] urls) { List<Authority> authorities2 = new ArrayList<>(); for(Authority authority: authorities){ if(urls != null){ for(String url: urls){ if(url.equals(authority.getUrl())){ authorities2.add(authority); } } } } return authorities2; } }
package com.atguigu.javaweb; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; /** * 自定义的 HttpFilter, 实现自 Filter 接口 * */ public abstract class HttpFilter implements Filter { /** * 用于保存 FilterConfig 对象. */ private FilterConfig filterConfig; /** * 不建议子类直接覆盖. 若直接覆盖, 将可能会导致 filterConfig 成员变量初始化失败 */ @Override public void init(FilterConfig filterConfig) throws ServletException { this.filterConfig = filterConfig; init(); } /** * 供子类继承的初始化方法. 可以通过 getFilterConfig() 获取 FilterConfig 对象. */ protected void init() {} /** * 直接返回 init(ServletConfig) 的 FilterConfig 对象 */ public FilterConfig getFilterConfig() { return filterConfig; } /** * 原生的 doFilter 方法, 在方法内部把 ServletRequest 和 ServletResponse * 转为了 HttpServletRequest 和 HttpServletResponse, 并调用了 * doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) * * 若编写 Filter 的过滤方法不建议直接继承该方法. 而建议继承 * doFilter(HttpServletRequest request, HttpServletResponse response, * FilterChain filterChain) 方法 */ @Override public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) resp; doFilter(request, response, chain); } /** * 抽象方法, 为 Http 请求定制. 必须实现的方法. * @param request * @param response * @param filterChain * @throws IOException * @throws ServletException */ public abstract void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException; /** * 空的 destroy 方法。 */ @Override public void destroy() {} }
package com.atguigu.javaweb; import java.io.IOException; import java.util.Arrays; import java.util.List; import javax.servlet.FilterChain; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class AuthorityFilter extends HttpFilter { @Override public void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException { // - 获取 servletPath, 类似于 /app_3/article1.jsp String servletPath = request.getServletPath(); //不需要被拦截的 url 列表. List<String> uncheckedUrls = Arrays.asList("/authority/403.jsp", "/authority/articles.jsp", "/authority-manager.jsp", "/login.jsp", "/authority/logout.jsp"); if(uncheckedUrls.contains(servletPath)){ filterChain.doFilter(request, response); return; } // - 在用户已经登录(可使用 用户是否登录 的过滤器)的情况下, 获取用户信息. session.getAttribute("user") User user = (User)request.getSession().getAttribute("user"); if(user == null){ response.sendRedirect(request.getContextPath() + "/authority/login.jsp"); return; } // - 再获取用户所具有的权限的信息: List<Authority> List<Authority> authorities = user.getAuthorities(); // - 检验用户是否有请求 servletPath 的权限: 可以思考除了遍历以外, 有没有更好的实现方式 Authority authority = new Authority(null, servletPath); // - 若有权限则: 响应 if (authorities.contains(authority)) { filterChain.doFilter(request, response); return; } // - 若没有权限: 重定向到 403.jsp response.sendRedirect(request.getContextPath() + "/authority/403.jsp"); return; } }
package com.atguigu.javaweb; import java.io.IOException; import java.lang.reflect.Method; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; /** * Servlet implementation class LoginServlet */ public class LoginServlet extends HttpServlet { private static final long serialVersionUID = 1L; protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { doPost(request, response); } protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String methodName = request.getParameter("method"); try { Method method = getClass().getMethod(methodName, HttpServletRequest.class, HttpServletResponse.class); method.invoke(this, request, response); } catch (Exception e) { e.printStackTrace(); } } private UserDao userDao = new UserDao(); public void login(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { //1. 获取 name String name = request.getParameter("name"); //2. 调用 UserDao 获取用户信息, 把用户信息放入到 HttpSession 中 User user = userDao.get(name); request.getSession().setAttribute("user", user); //3. 重定向到 articles.jsp response.sendRedirect(request.getContextPath() + "/articles.jsp"); } public void logout(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { //1. 获取 HttpSession //2. 使 HttpSession 失效 request.getSession().invalidate(); //3. 重定向到 /loign.jsp response.sendRedirect(request.getContextPath() + "/login.jsp"); } }
package com.atguigu.javaweb; import java.io.IOException; import java.lang.reflect.InvocationTargetException; import java.lang.reflect.Method; import java.util.ArrayList; import java.util.List; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class AuthorityServlet extends HttpServlet { private static final long serialVersionUID = 1L; public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String methodName = request.getParameter("method"); try { Method method = getClass().getMethod(methodName, HttpServletRequest.class, HttpServletResponse.class); method.invoke(this, request, response); } catch (Exception e) { e.printStackTrace(); } } private UserDao userDao = new UserDao(); //getAuthorities public void getAuthorities(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String username = request.getParameter("username"); User user = userDao.get(username); request.setAttribute("user", user); request.setAttribute("authorities", userDao.getAuthorities()); request.getRequestDispatcher("/authority-manager.jsp").forward(request, response); } public void updateAuthority(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String username = request.getParameter("username"); String [] authorities = request.getParameterValues("authority"); List<Authority> authorityList = userDao.getAuthorities(authorities); userDao.update(username, authorityList); response.sendRedirect(request.getContextPath() + "/authority-manager.jsp"); } }
<?xml version="1.0" encoding="UTF-8" ?> <%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Insert title here</title> </head> <body> <h4> 没有对应的权限, 请 <a href="${pageContext.request.contextPath }/articles.jsp">返回</a> </h4> </body> </html>
<?xml version="1.0" encoding="UTF-8" ?> <%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Insert title here</title> </head> <body> Article 111 </body> </html>
<?xml version="1.0" encoding="UTF-8" ?> <%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Insert title here</title> </head> <body> <%-- //检查用户是否登录: session 中是否有 LoginSuccessSessionKey(SESSIONKEY 所对应的参数值) 的属性 String sessionKey = application.getInitParameter("SESSIONKEY"); Object obj = session.getAttribute(sessionKey); //1. 若存在, 表示已经登录, 继续浏览 //2. 若不存在, 则表示用于未登录, 则重定向到 login.jsp 页面, 使其登录。 if(obj == null){ response.sendRedirect(request.getContextPath() + "/app_3/login.jsp"); } --%> Article 222 </body> </html>
<?xml version="1.0" encoding="UTF-8" ?> <%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Insert title here</title> </head> <body> <%-- //检查用户是否登录: session 中是否有 LoginSuccessSessionKey(SESSIONKEY 所对应的参数值) 的属性 String sessionKey = application.getInitParameter("SESSIONKEY"); Object obj = session.getAttribute(sessionKey); //1. 若存在, 表示已经登录, 继续浏览 //2. 若不存在, 则表示用于未登录, 则重定向到 login.jsp 页面, 使其登录。 if(obj == null){ response.sendRedirect(request.getContextPath() + "/app_3/login.jsp"); } --%> Article 333 </body> </html>
<?xml version="1.0" encoding="UTF-8" ?> <%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Insert title here</title> </head> <body> <%-- //检查用户是否登录: session 中是否有 LoginSuccessSessionKey(SESSIONKEY 所对应的参数值) 的属性 String sessionKey = application.getInitParameter("SESSIONKEY"); Object obj = session.getAttribute(sessionKey); //1. 若存在, 表示已经登录, 继续浏览 //2. 若不存在, 则表示用于未登录, 则重定向到 login.jsp 页面, 使其登录。 if(obj == null){ response.sendRedirect(request.getContextPath() + "/app_3/login.jsp"); } --%> Article 444 </body> </html>
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Insert title here</title> </head> <body> Bye! <br><br> <a href="login.jsp">Login</a> <% session.invalidate(); %> </body> </html>
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
<servlet>
<servlet-name>LoginServlet</servlet-name>
<servlet-class>com.atguigu.javaweb.LoginServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>LoginServlet</servlet-name>
<url-pattern>/LoginServlet</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>AuthorityServlet</servlet-name>
<servlet-class>com.atguigu.javaweb.AuthorityServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>AuthorityServlet</servlet-name>
<url-pattern>/AuthorityServlet</url-pattern>
</servlet-mapping>
<filter>
<display-name>AuthorityFilter</display-name>
<filter-name>AuthorityFilter</filter-name>
<filter-class>com.atguigu.javaweb.AuthorityFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AuthorityFilter</filter-name>
<url-pattern>/authority/*</url-pattern>
</filter-mapping>
<filter>
<display-name>ContentFilter</display-name>
<filter-name>ContentFilter</filter-name>
<filter-class>com.atguigu.content.ContentFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>ContentFilter</filter-name>
<url-pattern>/bbs.jsp</url-pattern>
</filter-mapping>
</web-app>
<?xml version="1.0" encoding="UTF-8" ?>
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Insert title here</title>
</head>
<body>
<a href="<%=request.getContextPath() %>/authority/article-1.jsp">Article111 Page</a>
<br /><br />
<a href="<%=request.getContextPath() %>/authority/article-2.jsp">Article222 Page</a>
<br /><br />
<a href="<%=request.getContextPath() %>/authority/article-3.jsp">Article333 Page</a>
<br /><br />
<a href="<%=request.getContextPath() %>/authority/article-4.jsp">Article444 Page</a>
<br /><br />
<a href="LoginServlet?method=logout">Logout...</a>
</body>
</html>
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Insert title here</title> </head> <body> <center> <br><br> <form action="AuthorityServlet?method=getAuthorities" method="post"> name: <input type="text" name="username"/> <input type="submit" value="Submit"/> </form> <c:if test="${requestScope.user != null }"> <br><br> ${requestScope.user.username } 的权限是: <br><br> <form action="AuthorityServlet?method=updateAuthority" method="post"> <input type="hidden" name="username" value="${requestScope.user.username }"/> <c:forEach items="${authorities }" var="auth"> <c:set var="flag" value="false"></c:set> <c:forEach items="${user.authorities }" var="ua"> <c:if test="${ua.url == auth.url }"> <c:set var="flag" value="true"></c:set> </c:if> </c:forEach> <c:if test="${flag == true }"> <input type="checkbox" name="authority" value="${auth.url }" checked="checked"/>${auth.displayName } </c:if> <c:if test="${flag == false }"> <input type="checkbox" name="authority" value="${auth.url }" />${auth.displayName } </c:if> <br><br> </c:forEach> <input type="submit" value="Update"/> </form> </c:if> </center> </body> </html>
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Insert title here</title> </head> <body> content: ${param.content } <br><br> method: <%= request.getMethod() %> <br><br> <%= request %> </body> </html>
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Insert title here</title> </head> <body> <form action="bbs.jsp" method="post"> content: <textarea rows="5" cols="21" name="content"></textarea> <input type="submit" value="Submit"/> </form> </body> </html>
<?xml version="1.0" encoding="UTF-8" ?> <%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Insert title here</title> </head> <body> <form action="LoginServlet?method=login" method="post"> name: <input type="text" name="name" /> <input type="submit" value="Submit" /> </form> </body> </html>