粗粒度許可權控制通過過濾器
阿新 • • 發佈:2018-11-19
粗粒度許可權控制(攔截是否登入、攔截使用者名稱admin許可權)
RBAC(Role-Based Access Control)->基於角色的許可權控制
LoginServlet
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { request.setCharacterEncoding("utf-8"); response.setContentType("text/html;charset=utf-8"); /* * 1、獲取使用者名稱 2、判斷使用者名稱是否包含admin 3、如果包含就是管理員 4、如果不包含,就是普通會員 * 5、要把登入的使用者名稱稱儲存到session中 6、轉發到index.jsp */ String username = request.getParameter("username"); if("admin".equalsIgnoreCase(username)){ request.getSession().setAttribute("admin", username); }else{ request.getSession().setAttribute("username", username); } request.getRequestDispatcher("/index.jsp").forward(request, response); }
public class AdminFilter implements Filter { public void destroy() { } public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { /* * 1.得到session 2.判斷session域中是否存在admin,如果存在放行 */ HttpServletRequest req = (HttpServletRequest) request; String name = (String) req.getSession().getAttribute("admin"); if (name != null) { chain.doFilter(request, response); } else { request.setAttribute("msg", "你不是管理員"); req.getRequestDispatcher("/login,jsp").forward(request, response); } } public void init(FilterConfig fConfig) throws ServletException { } }
public class UserFilter implements Filter { public void destroy() { } public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { /* * 1.得到session 2.判斷session域中是否存在admin,如果存在放行 * 3.判斷session域中是否存在user,如果存在放行,否則打回到login.jsp,並顯示"你不是會員或管理員" */ HttpServletRequest req = (HttpServletRequest) request; String name = (String) req.getSession().getAttribute("admin"); if (name != null) { chain.doFilter(request, response); return; } name = (String)req.getSession().getAttribute("user"); if(name != null){ chain.doFilter(request, response); } else{ request.setAttribute("msg","你不是會員或者管理員" ); req.getRequestDispatcher("/login.jsp").forward(request, response); } } public void init(FilterConfig fConfig) throws ServletException { } }
/index.jsp
<body>
<h1>歡迎遊客</h1>
<a href="<c:url value='/index.jsp'/>">遊客入口</a>
<a href="<c:url value='/user/u.jsp'/>">會員入口</a>
<a href="<c:url value='/admin/a.jsp'/>">管理員入口</a>
</body>
/login.jsp
<body>
<h1>登入</h1>
${msg }
<form action="<c:url value='/LoginServlet'/>" method="post">
使用者名稱<input type="text" name="username" >
<input type="submit" value="登入">
</form>
</body>