当前位置：首页 > 资讯 > 技术文档

java中使用Filter控制用户登录权限具体实例

时间：2020-02-02 21:50 编辑：来源：阅读：
扫一扫，手机访问

摘要：java中使用Filter控制用户登录权限具体实例

学jsp这么长时间，做的项目也有七八个了，可所有的项目都是用户登录就直接跳转到其拥有权限的页面，或者显示可访问页面的链接。使用这种方式来幼稚地控制访问权限。从来没有想过如果我没有登录，直接输入地址也可以直接访问用户的页面的。在jsp中权限的控制是通过Filter过滤器来实现的，所有的开发框架中都集成有Filter，如果不适用开发框架则有如下实现方法： LoginFilter.java

[u]复制代码[/u] 代码如下:

public class LoginFilter implements Filter {  
    private String permitUrls[] = null;  

    private String gotoUrl = null;  

    public void destroy() {  

        // TODO Auto-generated method stub  

        permitUrls = null;  

        gotoUrl = null;  

    }  

    public void doFilter(ServletRequest request, ServletResponse response,  

            FilterChain chain) throws IOException, ServletException {  

        // TODO Auto-generated method stub  

        HttpServletRequest res=(HttpServletRequest) request;  

        HttpServletResponse resp=(HttpServletResponse)response;  

        if(!isPermitUrl(request)){  

            if(filterCurrUrl(request)){  

                System.out.println("--->请登录");  

                resp.sendRedirect(res.getContextPath()+gotoUrl);  

                return;  

            }  

        }  

        System.out.println("--->允许访问");  

        chain.doFilter(request, response);  

    }  

    public boolean filterCurrUrl(ServletRequest request){  

        boolean filter=false;  

        HttpServletRequest res=(HttpServletRequest) request;  

        User user =(User) res.getSession().getAttribute("user");  

        if(null==user)  

            filter=true;  

        return filter; 

    }        

    public boolean isPermitUrl(ServletRequest request) {  

        boolean isPermit = false;  

        String currentUrl = currentUrl(request);  

        if (permitUrls != null && permitUrls.length > 0) {  

            for (int i = 0; i < permitUrls.length; i++) {  

                if (permitUrls[i].equals(currentUrl)) {  

                    isPermit = true;  

                    break;  

                }  

            }  

        }  

        return isPermit;  

    }         

    //请求地址  

    public String currentUrl(ServletRequest request) {    

        HttpServletRequest res = (HttpServletRequest) request;  

        String task = request.getParameter("task");  

        String path = res.getContextPath();  

        String uri = res.getRequestURI();  

        if (task != null) {// uri格式 xx/ser  

            uri = uri.substring(path.length(), uri.length()) + "?" + "task=" 

                    + task;  

        } else {  

            uri = uri.substring(path.length(), uri.length());  

        }  

        System.out.println("当前请求地址:" + uri);  

        return uri;  

    }  

    public void init(FilterConfig filterConfig) throws ServletException {  

        // TODO Auto-generated method stub  

        String permitUrls = filterConfig.getInitParameter("permitUrls");  

        String gotoUrl = filterConfig.getInitParameter("gotoUrl");  

        this.gotoUrl = gotoUrl;  

        if (permitUrls != null && permitUrls.length() > 0) {  

            this.permitUrls = permitUrls.split(",");  

        }  

    }  

}

Web.xml

[u]复制代码[/u] 代码如下:

<filter>  
    <filter-name>loginFilter</filter-name>  

    <filter-class>filter.LoginFilter</filter-class>  

    <init-param>  

        <param-name>ignore</param-name>  

        <param-value>false</param-value>  

    </init-param>  

    <init-param>  

        <param-name>permitUrls</param-name>  

        <param-value>/,/servlet/Loginservlet?task=login,/public.jsp,/login.jsp</param-value>  

    </init-param>  

    <init-param>  

        <param-name>gotoUrl</param-name>  

        <param-value>/login.jsp</param-value>  

    </init-param>  

</filter>  

<filter-mapping>  

    <filter-name>loginFilter</filter-name>  

    <url-pattern>/*</url-pattern>  

</filter-mapping>

这短代码主要实现了用户登录的过滤，权限过滤原理相同。只需要把判断用户是否登录换成是否有权限就可以了！

全部评论(0)

上一篇：java模拟post请求登录猫扑示例分享
下一篇：java中servlet实现登录验证的方法

资讯排行榜
更多>>