Learning Notes (ix) Filter to complete a simple permission model Httpservletwrapper and Httpservletresponsewrapper

2. Httpservletwrapper and Httpservletresponsewrapper

1). A Httpservletrequestwrapper class is provided in the Servlet API to wrap the original request object.
The Httpservletrequestwrapper class implements all the methods in the HttpServletRequest interface,
The internal implementation of these methods is simply a call to the corresponding method of the wrapped Request object

The wrapper class implements the ServletRequest interface.
public class Servletrequestwrapper implements ServletRequest {

The ServletRequest object that was packaged.
private ServletRequest request;

Constructor incoming ServletRequest implementation class object
Public Servletrequestwrapper (ServletRequest request) {
if (request = = null) {
throw new IllegalArgumentException ("Request cannot be null");
}
This.request = Request;
}

The method to implement ServletRequest: The method of calling the wrapped member variable is implemented.
Public Object getattribute (String name) {
return This.request.getAttribute (name);
}

Public enumeration Getattributenames () {
return This.request.getAttributeNames ();
}

//...
}

Similar to the Servlet API, a Httpservletresponsewrapper class is also provided to wrap the original response object

2). Function: Used to modify or enhance a method of httpservletrequest or HttpServletResponse.

public class Myhttpservletrequest extends httpservletrequestwrapper{

Public myhttpservletrequest (HttpServletRequest request) {
Super (Request);
}

@Override
public string GetParameter (string name) {
String val = super.getparameter (name);
if (val! = null && val.contains ("fuck")) {
val = val.replace ("Fuck", "* * *");
}
return Val;
}
}

3). Use: In Filter, replace incoming httpservletrequest with myhttpservletrequest

HttpServletRequest req = new Myhttpservletrequest (request);
Filterchain.dofilter (req, response);

The httpservletrequest that arrives at the target Servlet or JSP is actually myhttpservletrequest

1. Use Filter to complete a simple permission model:

1). Requirements:

①. Managing Permissions
> View someone's Permissions
> Modify someone's Permissions

②. Access control: Permission to access, otherwise prompt: No corresponding permissions, please return

2). Implementation:

②. Permission Control for access:

> Filtering of permissions Using filter: Verify whether the user has permission, if any, directly respond to the target page; If not redirected to 403.jsp

* 403.jsp

does not have a corresponding permission,
Please <a href= "" > Return </a>

* How to filter using filter:

-Get Servletpath, similar to/app_3/article1.jsp
-Obtain user information if the user is already logged in (a filter that allows users to log on or not). Session.getattribute ("User")
-Get information about the permissions that the user has: list<authority>
-Verify that the user has permission to request Servletpath: There is no better way to think than to traverse
-If you have permission: response
-If no permissions: Redirect to 403.jsp

* Others:
-User information (user object) needs to be put into the HttpSession if users log in.
-Before checking permissions, you need to determine if the user is logged in.

①. Administrative rights:

> Package Permissions Information: Authority

authority{
The name of the permission to display on the page
Private String DisplayName;

URL address for permissions: The permission corresponds to a URL, for example article_1-/app_4/article1.jsp
Private String URL;
}

> Package User information: Users

user{
Private String username;
Private list<autority> authorities;

//...
}

> Create a Userdao:

User get (String username);
void Update (String username, list<autority>);

> Page

AUTHORITY-MANAGER.JSP:

* There is a text textbox for input username, after submission, use the checkbox to display information about all permissions for the current user.

<form action= "/day_40/authorityservlet?method=get" method= "POST" >
Name: <input name= "name" type= "text"/>
<input type= "Submit" value= "Submit"/>
</form>


* Check if there is user information in the request and if so, show
The permission of XXX is: the checkbox of the corresponding permission is marked with a checkmark. Tip, you need to filter out the selected permissions on the page in a two-tier loop.

<form action= "/day_40/authorityservlet?method=get" method= "POST" >

Name: <input name= "name" type= "text"/>
<input type= "Submit" value= "Submit"/>

</form>

<br><br>

The AAA's permissions are:

<br><br>

<form action= "/day_40/authorityservlet?method=update" method= "POST" >

<!--use hidden fields to save a user's name--
<input name= "name" type= "hidden" value= "AAA"/>

<input type= "checkbox" name= "authority" value= "/app_4/article1.jsp"
Checked= "Checked"/>article_1
<br><br>

<input type= "checkbox" name= "authority" value= "/app_4/article2.jsp"
Checked= "Checked"/>article_2
<br><br>

<input type= "checkbox" name= "authority" value= "/app_4/article3.jsp"
Checked= "Checked"/>article_3
<br><br>

<input type= "checkbox" name= "authority" value= "/app_4/article4.jsp"/>article_4
<br><br>

<input type= "Submit" value= "Submit"/>

</form>

> Servlet

Authority-manager.jsp the Get method after submitting the form: Gets the request parameter of the form: username, and then obtains the User information according to username. Put the user into
Request, forward to authority-manager.jsp.

authority-manager.jsp Modify the permissions of the form after submission of the Update method: Get Request Parameters: Username, authory (multiple selection); Encapsulates the option as a List; Call
Userdao Update () method to implement the permission modification; Redirect to Authority-manager.jsp

Learning Notes (ix) Filter to complete a simple permission model Httpservletwrapper and Httpservletresponsewrapper