软讯网络 > 编程语言 > Java > 简单实用一分钟上手级权限控制
【标 题】:简单实用一分钟上手级权限控制
【关键字】:
【来 源】:http://blog.csdn.net/jameslee666/archive/2007/04/13/1564107.aspx
简单实用一分钟上手级权限控制
简单实用一分钟上手级权限控制用的是通过filter过滤来管理权限的方法, 很简单,但也很实用。 这个项目并不小,但这么一个类就已经可以满足其权限管理的需要了,所以其实很多时候,权限管理大家并不必要想得那么复杂, 对于不少系统,简单通过filter来管理就ok了, simple 也是一种美^_^ 在web.xml里加入
-
- <!--================权限 设置================-->
- <filter>
-
- <filter-name>Authentication</filter-name>
-
- <filter-class>com.springside.demo.security.UrlFilter</filter-class>
-
- <init-param>
-
- <param-name>onError</param-name>
-
- <param-value>/login.jsp</param-value>
-
- </init-param>
-
- </filter>
-
- <filter-mapping>
-
- <filter-name>Authentication</filter-name>
-
- <!-- 只过滤 .jsp 结尾的url, 其余的如 .do, .html, .jpg, .css 等不作过滤-->
-
- <url-pattern>*.jsp</url-pattern>
-
- </filter-mapping>
-
-
-
- public class UrlFilter implements Filter {
-
- private FilterConfig filterConfig;
-
-
-
- private FilterChain chain;
-
-
-
- private HttpServletRequest request;
-
-
-
- private HttpServletResponse response;
-
-
-
- public void destroy() {
-
- this.filterConfig = null;
-
- }
-
-
-
- public void init(FilterConfig filterConfig) throws ServletException {
-
- this.filterConfig = filterConfig;
-
- }
-
-
-
- public void doFilter(ServletRequest servletRequest,
-
- ServletResponse servletResponse, FilterChain chain)
-
- throws IOException, ServletException {
-
- this.chain = chain;
-
- this.request = (HttpServletRequest) servletRequest;
-
- this.response = ((HttpServletResponse) servletResponse);
-
-
-
- String url = request.getServletPath();
-
- if (url == null)
-
- url = "";
-
-
-
-
-
- HttpSession session = request.getSession();
-
- LoginUser loginuser = (LoginUser) session.getAttribute("loginuser");
-
-
-
- if (baseUrl(url, request)) {
-
-
-
- chain.doFilter(request, response);
-
- } else if (loginuser == null) {
-
- checkLogin(url);
-
- } else {
-
- verifyUrl(url, loginuser);
-
- }
-
- }
-
-
-
- private void checkLogin(String url) throws ServletException, IOException {
-
-
-
-
-
-
-
- if (url.indexOf("/index.jsp") >= 0
-
- && "login".equals(request.getParameter("act"))) {
-
-
-
- String username = request.getParameter("username");
-
- String password = request.getParameter("password");
-
- UserDao userDao = new UserDao();
-
- if (userDao.authUser(username, password)) {
-
- LoginUser user = userDao.getUser(username);
-
- request.getSession().setAttribute("loginuser", user);
-
- verifyUrl(url,user);
-
- return;
-
- }
-
- }
-
- response.sendRedirect("login.jsp");
-
- }
-
-
-
- private void verifyUrl(String url, LoginUser loginuser)
-
- throws IOException, ServletException {
-
-
-
- Set royurl = loginuser.getResStrings();
-
- if (royurl != null && royurl.size() > 0 && pass(royurl, url, request.getParameterMap())) {
-
- chain.doFilter(request, response);
-
- } else {
-
- response.setContentType("text/html;charset=GBK");
-
- response
-
- .getWriter()
-
- .println(
-
- "<div style='margin: 100 auto;text-align: center;"
-
- + "font: bold 18px 宋体;color: #0066CC;vertical-align: middle'> Sorry,您没有权限访问该资源!</div>");
-
- }
-
- }
-
-
-
-
-
-
-
-
-
- protected boolean baseUrl(String url, HttpServletRequest request) {
-
- if (url.indexOf("/login.jsp") >= 0) {
-
- return true;
-
- }
-
- return false;
-
- }
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- protected boolean pass(Set royurl, String url, Map reqmap) {
-
- boolean match = true;
-
- for (Iterator iter = royurl.iterator(); iter.hasNext();) {
-
-
-
- match = true;
-
- String res_string = (String) iter.next();
-
- if (res_string.indexOf("*") > 0) {
-
- res_string = res_string.substring(0, res_string.indexOf("*"));
-
- if (url.substring(0, res_string.length()).equalsIgnoreCase(
-
- res_string)) {
-
- return true;
-
- }
-
- }
-
-
-
- String[] spw = res_string.split("\\?");
-
- if (!url.equalsIgnoreCase(spw[0])) {
-
- match = false;
-
- }
-
- if (match && spw.length > 1) {
-
- String[] spa = spw[1].split("\\&");
-
- for (int j = 0; j < spa.length; j++) {
-
- String[] spe = spa[j].split("=");
-
- String key = spe[0];
-
- String value = "";
-
- if (spe.length > 1) {
-
- value = spe[1].trim();
-
- }
-
-
-
-
-
- String[] values = (String[]) reqmap.get(key);
-
- if (values != null) {
-
- for (int k = 0; k < values.length; k++) {
-
- if (value.equalsIgnoreCase(values[k])) {
-
- match = true;
-
- break;
-
- }
-
- match = false;
-
- }
-
- if (!match) {
-
- break;
-
- }
-
- }
-
- }
-
-
-
- }
-
-
-
- if (match) {
-
- break;
-
- }
-
- }
-
- return match;
-
- }
-
-
-
- public static void main(String[] args) {
-
- UrlFilter filter = new UrlFilter();
-
- String url = "/baseProd/product.do";
-
-
-
- Map reqmap = new HashMap();
-
-
-
- reqmap.put("productline", new String[] { "11", "12" });
-
-
-
- String str;
-
- Set royurl = new HashSet();
-
-
-
-
-
- royurl.add("/user.do?a=1&b=2");
-
- System.out.println("match false:" + filter.pass(royurl, url, reqmap));
-
-
-
- royurl.add("/baseProd/product.do?productline=13&productline=14");
-
- System.out.println("match false:" + filter.pass(royurl, url, reqmap));
-
-
-
- royurl.add("/baseProd/product.do?productline=11&productline=13");
-
- System.out.println("match false:" + filter.pass(royurl, url, reqmap));
-
-
-
-
-
- royurl.add("/baseProd/product.do?productline=11");
-
- System.out.println("match true:" + filter.pass(royurl, url, reqmap));
-
-
-
-
-
- royurl.add("/baseProd/product.do?productline=12&productline=11");
-
- System.out.println("match true:" + filter.pass(royurl, url, reqmap));
-
-
-
- royurl.clear();
-
-
-
- royurl.add("/baseProd/product.do*");
-
- System.out.println("match ture:" + filter.pass(royurl, url, reqmap));
-
-
-
- }
-
-
-
- }
-
LoginUser 类:
-
-
- public class LoginUser {
- private String name;
-
-
-
-
-
- private Set resStrings;
-
-
-
- public String getName() {
-
- return name;
-
- }
-
-
-
- public void setName(String name) {
-
- this.name = name;
-
- }
-
-
-
- public Set getResStrings() {
-
- return resStrings;
-
- }
-
-
-
- public void setResStrings(Set resStrings) {
-
- this.resStrings = resStrings;
-
- }
-
-
-
-
-
- }
【相关文章】
没有相关文章
| 网站地图 |