See https://jadyer.github.io/2013/09/30/springmvc-shiro/for full edition
This article simply describes a relatively simple entry level permission filter
in fact, better reference implementations have two products: Apache's Shiro (formerly Jsecurity) and Springsecurity
here are the Web.xml in Web engineering
<?xml version= "1.0" encoding= "UTF-8"?> <web-app version= "2.5" xmlns= "Http://java.sun.com/xml/ns/javaee" Xmlns:xsi= "Http://www.w3.org/2001/XMLSchema-instance" xsi:schemalocation= "Http://java.sun.com/xml/ns/javaee http ://java.sun.com/xml/ns/javaee/web-app_2_5.xsd "> <filter> <filter-name>authenticationfilter</ Filter-name> <filter-class>com.jadyer.Filter.AuthenticationFilter</filter-class> <init-param > <param-name>url</param-name> <param-value>/admin/login.jsp</param-value> </init-p aram> </filter> <filter-mapping> <filter-name>AuthenticationFilter</filter-name> < url-pattern>/admin/secure/*</url-pattern> </filter-mapping> <error-page> <ERROR-CODE&G t;404</error-code> <location>/WEB-INF/404.html</location> </error-page> <error-pag E> <error-code>500</error-code>;location>/web-inf/500.html</location> </error-page> <error-page> <exception-type> Javax.servle.servletexception</exception-type> <location>/WEB-INF/error.html</location> </e
Rror-page> <error-page> <exception-type>java.lang.NullPointerException</exception-type> <location>/WEB-INF/error.html</location> </error-page> </web-app>
The following is a filter for permission validation Authenticationfilter.java
Package com.jadyer.Filter;
Import java.io.IOException;
Import Javax.servlet.Filter;
Import Javax.servlet.FilterChain;
Import Javax.servlet.FilterConfig;
Import javax.servlet.ServletException;
Import Javax.servlet.ServletRequest;
Import Javax.servlet.ServletResponse;
Import Javax.servlet.http.HttpServletRequest;
Import Javax.servlet.http.HttpServletResponse; /** * Permission Validation/public class Authenticationfilter implements Filter {private String URL = "/";//on behalf of the root public void des Troy () {}/** * Gets the value of the parameter URL set in Web.xml * @see that reads the <param-name>url</param-name>/public void in the Web.xml
Init (filterconfig config) throws servletexception {url = config.getinitparameter ("url"); public void Dofilter (ServletRequest request, servletresponse response, Filterchain chain) throws IOException, Servlete
Xception {//The forced type conversions of both lines are essential httpservletrequest req = (httpservletrequest) request;
HttpServletResponse res = (httpservletresponse) response; If it is a normal user or the administrator session has expired, turnTo the specified page and returns without executing the next filter chain if (null = Req.getsession (). getattribute ("Guesbook.admin.username")) {Res.sendredirect (req.ge
Tcontextpath () + URL);
else {chain.dofilter (request, response); }
}
}