java中應用Filter掌握用戶登錄權限詳細實例。本站提示廣大學習愛好者:(java中應用Filter掌握用戶登錄權限詳細實例)文章只能為提供參考,不一定能成為您想要的結果。以下是java中應用Filter掌握用戶登錄權限詳細實例正文
學jsp這麼長時光,做的項目也有七八個了,可一切的項目都是用戶登錄就直接跳轉到其具有權限的頁面,或許顯示可拜訪頁面的鏈接。應用這類方法來老練地掌握拜訪權限。歷來沒有想過假如我沒有登錄,直接輸出地址也能夠直接拜訪用戶的頁面的。
在jsp中權限的掌握是經由過程Filter過濾器來完成的,一切的開辟框架中都集成有Filter,假如不實用開辟框架則有以下完成辦法:
LoginFilter.java
public class LoginFilter implements Filter {
private String permitUrls[] = null;
private String gotoUrl = null;
public void destroy() {
// TODO Auto-generated method stub
permitUrls = null;
gotoUrl = null;
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
// TODO Auto-generated method stub
HttpServletRequest res=(HttpServletRequest) request;
HttpServletResponse resp=(HttpServletResponse)response;
if(!isPermitUrl(request)){
if(filterCurrUrl(request)){
System.out.println("--->請登錄");
resp.sendRedirect(res.getContextPath()+gotoUrl);
return;
}
}
System.out.println("--->許可拜訪");
chain.doFilter(request, response);
}
public boolean filterCurrUrl(ServletRequest request){
boolean filter=false;
HttpServletRequest res=(HttpServletRequest) request;
User user =(User) res.getSession().getAttribute("user");
if(null==user)
filter=true;
return filter;
}
public boolean isPermitUrl(ServletRequest request) {
boolean isPermit = false;
String currentUrl = currentUrl(request);
if (permitUrls != null && permitUrls.length > 0) {
for (int i = 0; i < permitUrls.length; i++) {
if (permitUrls[i].equals(currentUrl)) {
isPermit = true;
break;
}
}
}
return isPermit;
}
//要求地址
public String currentUrl(ServletRequest request) {
HttpServletRequest res = (HttpServletRequest) request;
String task = request.getParameter("task");
String path = res.getContextPath();
String uri = res.getRequestURI();
if (task != null) {// uri格局 xx/ser
uri = uri.substring(path.length(), uri.length()) + "?" + "task="
+ task;
} else {
uri = uri.substring(path.length(), uri.length());
}
System.out.println("以後要求地址:" + uri);
return uri;
}
public void init(FilterConfig filterConfig) throws ServletException {
// TODO Auto-generated method stub
String permitUrls = filterConfig.getInitParameter("permitUrls");
String gotoUrl = filterConfig.getInitParameter("gotoUrl");
this.gotoUrl = gotoUrl;
if (permitUrls != null && permitUrls.length() > 0) {
this.permitUrls = permitUrls.split(",");
}
}
}
Web.xml
<filter>
<filter-name>loginFilter</filter-name>
<filter-class>filter.LoginFilter</filter-class>
<init-param>
<param-name>ignore</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>permitUrls</param-name>
<param-value>/,/servlet/Loginservlet?task=login,/public.jsp,/login.jsp</param-value>
</init-param>
<init-param>
<param-name>gotoUrl</param-name>
<param-value>/login.jsp</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>loginFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
這短代碼重要完成了用戶登錄的過濾,權限過濾道理雷同。只須要把斷定用戶能否登錄換成能否有權限便可以了!