jsp 权限过滤器的应用

1.在数据库中建立三个表 ，分别为 用户信息表，用户权限关联表，权限表

--建立用户表

create table t_user(id int identity primary key ,username varchar(30)  not null, password varchar(30) not null);
insert into t_user (username,password) values ('admin','123456');
insert into t_user (username,password) values ('guest','123456');
insert into t_user (username,password) values ('lily','123456');
--用户权限表
create table t_permission (id int identity primary key ,linkurl varchar(120),describe varchar(100));
insert into t_permission (linkurl,describe) values ('main.jsp','主页面');
insert into t_permission (linkurl,describe) values ('message.jsp','信息面');
insert into t_permission (linkurl,describe) values ('fuck.jsp','操蛋页面');
insert into t_permission (linkurl,describe) values ('love.jsp','爱情页面');

--用户和权限关联表
create table user_permission (uid int not null,pid int not null);
alter table user_permission add constraint up_uid_user_id foreign key (uid) references t_user(id) on delete cascade on update cascade;
alter table user_permission add constraint up_pid_permission_id foreign key (pid) references t_permission(id) on delete cascade on update cascade;


insert into user_permission (uid,pid) values (1,2);
insert into user_permission (uid,pid) values (1,3);

我们在这里模拟一个用户 ，并给予指定所操作的应用 以admin 用户为例 给指定了 可以访问message.jsp 和fuck.jsp




其他页面程序不再详细的说明，都包括在附加中


下面主要关键的是过滤器
public class FilterPermission extends HttpServlet implements Filter {

/**
*
*/
private static final long serialVersionUID = 1L;
// 字符编码(初始化参数)
    protected String encoding = null;
    // FilterConfig对象
    protected FilterConfig filterConfig = null;
    // 初始化方法
 
public void destroy() {
// TODO Auto-generated method stub
this.encoding = null;
        this.filterConfig = null;

}

public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {   
HttpServletRequest servletRequest= (HttpServletRequest)request;
    HttpServletResponse servletResponse=(HttpServletResponse)response;
// TODO Auto-generated method stub
  // 判断字符编码是否有效
    if (encoding != null) {
    // 设置request字符编码
    servletRequest.setCharacterEncoding(encoding);
            // 设置response字符编码
    servletResponse.setContentType("text/html; charset="+encoding);
        }
    // 传递给下一过滤器

    try {

            chain.doFilter(request, response);

             } catch (ServletException sx) {

                 filterConfig.getServletContext().log(sx.getMessage());

             } catch (IOException iox) {

                 filterConfig.getServletContext().log(iox.getMessage());

             }

    //得到上下文访问路径
    String accessPath = servletRequest.getContextPath();
       //得到会话
    HttpSession session = servletRequest.getSession();
       //从会话中得到user对象
    User user=(User)session.getAttribute("formvalue");
//    SystemDao dao = new SystemDao();
//    String linkurl=dao.getPermission(user.getId());
    String
//得到请求的URI路径，并以截取
url=servletRequest.getRequestURI().substring(servletRequest.getRequestURI().lastIndexOf("/")+1, servletRequest.getRequestURI().length());
       //指定无需经过权限过滤的页面
      String exclude= "adminlogin,login.jsp,error.jsp,welcome.jsp";
    try {
    if(exclude.indexOf(url)==-1){
    if(user==null ){
   
    servletResponse.sendRedirect(accessPath+"/index.jsp");
   
    }else{
    SystemDao dao = new SystemDao();
               //如果user不为空 从对象中得到user 的ID 从数据中查询出所拥有的权限
        String linkurl=dao.getPermission(user.getId());
              //请求的操作，判断 权限中是否拥有 没有拥有转向于错误提示页面
        if(linkurl.indexOf(url)==-1){
                servletResponse.sendRedirect(accessPath+"/error.jsp");
           }}
    }
    } catch (Exception e) {
// TODO: handle exception
    e.printStackTrace();
}
   
   
      }





public void init(FilterConfig filterConfig) throws ServletException {
// TODO Auto-generated method stub
// 对filterConfig赋值
    this.filterConfig = filterConfig;
    // 对初始化参数赋值
        this.encoding = filterConfig.getInitParameter("encode");

}

}



web.xml 过滤器的配置

<filter>
<filter-name>FilterPermission</filter-name>
<filter-class>com.smile.util.FilterPermission</filter-class>
<init-param>
<param-name>encode</param-name>
<param-value>UTF-8</param-value>
</init-param>
</filter>


<filter-mapping>
<filter-name>FilterPermission</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>


 

评论

2 楼 _大大大雄 2013-09-05  

关于这个应用, 有些东西想要请教下您行么?

1 楼 jptiancai 2013-07-10  

博主，看了博客，收获很多，这个例子运行的时候，会报下面的错误：
在网上找了许久，也没有解决，不知道博主遇到过这种情况吗？
java.lang.IllegalStateException: Cannot forward after response has been committed
at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:349)
at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:339)
at com.smile.util.FilterPermission.doFilter(FilterPermission.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:947)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1009)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)