1 description
We give three pages: index.jsp, user.jsp, admin.jsp.
- INDEX.JSP: Anyone can access, no restrictions;
- USER.JSP: Only logged-in users can access;
- ADMIN.JSP: Only administrators can access it.
2 Analysis
Design the User class: username, password, grade, where grade represents a user level, 1 represents a normal user, and 2 represents an administrator user.
When the user is logged in successfully, save users to the session.
Create Loginfilter, which has two types of filtering:
- If you are accessing user.jsp, see if there is a user in the session;
- If you are accessing admin.jsp, see if there is a user in the session, and the user's grade equals 2.
3 Code
<?xml version= "1.0" encoding= "UTF-8"? ><web-app version= "2.5" xmlns= "Http://java.sun.com/xml/ns/javaee" Xmlns:xsi= "Http://www.w3.org/2001/XMLSchema-instance" xsi:schemalocation= "Http://java.sun.com/xml/ns/javaee http ://java.sun.com/xml/ns/javaee/web-app_2_5.xsd "><servlet><servlet-name>loginservlet</ Servlet-name><servlet-class>com.cug.web.servlet.loginservlet</servlet-class></servlet> <servlet-mapping><servlet-name>loginservlet</servlet-name><url-pattern>/loginservlet </url-pattern></servlet-mapping><welcome-file-list> <welcome-file>index.jsp</ welcome-file></welcome-file-list><filter><filter-name>userfilter</filter-name>< filter-class>com.cug.filter.userfilter</filter-class></filter><filter-mapping>< Filter-name>userfilter</filter-name><url-pattern>/user/*</url-pattern></filter-mapping ><filter><filter-name>adminfilter</filter-name><filter-class>com.cug.filter.adminfilter</filter-class></ filter><filter-mapping><filter-name>adminfilter</filter-name><url-pattern>/admin/* </url-pattern></filter-mapping></web-app>
Package Com.cug.web.servlet;import Java.io.ioexception;import Javax.servlet.servletexception;import Javax.servlet.http.httpservlet;import Javax.servlet.http.httpservletrequest;import Javax.servlet.http.httpservletresponse;import Com.cug.domain.user;import Com.cug.web.service.userservice;public Class Loginservlet extends httpservlet{@Overrideprotected void DoPost (HttpServletRequest req, HttpServletResponse resp ) throws Servletexception, IOException {req.setcharacterencoding ("Utf-8"); Resp.setcontenttype ("text/html;charset= Utf-8 "); String username = req.getparameter ("username"); String Password = req.getparameter ("password"); User user = Userservice.login (username, password), if (user = = null) {Req.setattribute ("msg", "Username or password error"); Req.getrequestdispatcher ("/login.jsp"). Forward (req, resp);} Else{req.getsession (). SetAttribute ("user", user), Req.getrequestdispatcher ("index.jsp"). Forward (REQ,RESP);}}
Package Com.cug.web.service;import Java.util.hashmap;import Java.util.map;import Com.cug.domain.user;public class UserService {private static map<string, user> users = new hashmap<string, user> (), Static{users.put ("Zhu", New User ("Zhu", "123", 2)), Users.put ("Xiao", New User ("Xiao", "123", 1)); public static user login (string username, string password) {User user = Users.get (username), if (User = = null) return null;if ( !user.getpassword (). Equals (password)) return Null;return user;}}
Package Com.cug.filter;import Java.io.ioexception;import Javax.servlet.filter;import javax.servlet.FilterChain; Import Javax.servlet.filterconfig;import Javax.servlet.servletexception;import javax.servlet.ServletRequest; Import Javax.servlet.servletresponse;import Javax.servlet.http.httpservletrequest;import com.cug.domain.User; public class Adminfilter implements filter{@Overridepublic void Destroy () {} @Overridepublic void DoFilter ( ServletRequest req, Servletresponse resp,filterchain chain) throws IOException, Servletexception { Req.setcharacterencoding ("Utf-8"); Resp.setcontenttype ("Text/html;charset=utf-8"); HttpServletRequest request = (httpservletrequest) req; User user = (user) request.getsession (). getattribute ("user"), if (username = null) {Resp.getwriter (). Print ("Users have not logged in"); Request.getrequestdispatcher ("/login.jsp"). Forward (req, resp);} if (User.getgrade () < 2) {Resp.getwriter (). Print ("Your level is not enough"); return;} Chain.dofilter (req, resp);} @Overridepublic void init (Filterconfig arg0) throws ServletexceptIon {}}
Package Com.cug.filter;import Java.io.ioexception;import Javax.servlet.filter;import javax.servlet.FilterChain; Import Javax.servlet.filterconfig;import Javax.servlet.servletexception;import javax.servlet.ServletRequest; Import Javax.servlet.servletresponse;import Javax.servlet.http.httpservletrequest;import com.cug.domain.User; public class Userfilter implements filter{@Overridepublic void Destroy () {} @Overridepublic void DoFilter (ServletRequest Request, Servletresponse Response,filterchain chain) throws IOException, Servletexception { Request.setcharacterencoding ("Utf-8"); Response.setcontenttype ("Text/html;charset=utf-8"); HttpServletRequest httpreq = (httpservletrequest) request; User user = (user) httpreq.getsession (). getattribute ("user"), if (user = = null) {Request.getrequestdispatcher ("/ Login.jsp "). Forward (request, response);} Chain.dofilter (request, response);} @Overridepublic void init (Filterconfig filterconfig) throws servletexception {}}
Package Com.cug.domain;public class User {private string username;private string password;private int grade;public User () {super ();} Public User (string Username, string password, int grade) {super (); this.username = Username;this.password = Password;this. grade = Grade;} Public String GetUserName () {return username;} public void Setusername (String username) {this.username = username;} Public String GetPassword () {return password;} public void SetPassword (String password) {this.password = password;} public int Getgrade () {return grade;} public void Setgrade (int grade) {This.grade = grade;} @Overridepublic String toString () {return "User [username=" + Username + ", password=" + password+ ", grade=" + Grade + "] ";}}
<%@ page language= "java" import= "java.util.*" pageencoding= "UTF-8"%><%@ taglib prefix= "C" uri= "/HTTP/ Java.sun.com/jsp/jstl/core "%><%string path = Request.getcontextpath (); String basepath = request.getscheme () + "://" +request.getservername () + ":" +request.getserverport () +path+ "/";%> <! DOCTYPE HTML PUBLIC "-//w3c//dtd HTML 4.01 transitional//en" >
<%@ page language= "java" import= "java.util.*" pageencoding= "UTF-8"%><%@ taglib prefix= "C" uri= "/HTTP/ Java.sun.com/jsp/jstl/core "%><%string path = Request.getcontextpath (); String basepath = request.getscheme () + "://" +request.getservername () + ":" +request.getserverport () +path+ "/";%> <! DOCTYPE HTML PUBLIC "-//w3c//dtd HTML 4.01 transitional//en" >
<%@ page language= "java" import= "java.util.*" pageencoding= "UTF-8"%><%@ taglib prefix= "C" uri= "/HTTP/ Java.sun.com/jsp/jstl/core "%><%string path = Request.getcontextpath (); String basepath = request.getscheme () + "://" +request.getservername () + ":" +request.getserverport () +path+ "/";%> <! DOCTYPE HTML PUBLIC "-//w3c//dtd HTML 4.01 transitional//en" >
<%@ page language= "java" import= "java.util.*" pageencoding= "UTF-8"%><%@ taglib prefix= "C" uri= "/HTTP/ Java.sun.com/jsp/jstl/core "%><%string path = Request.getcontextpath (); String basepath = request.getscheme () + "://" +request.getservername () + ":" +request.getserverport () +path+ "/";%> <! DOCTYPE HTML PUBLIC "-//w3c//dtd HTML 4.01 transitional//en" >
Coarse granularity permission control of Java Web----filter