jsp实现权限拦截获取权限文件power.properties,servlet权限控制,判断是否拥有相应的权限,控制访问的页面简单实例,web.xml拦截器配置访问权限:
Filter_Power.java权限拦截器:
package com.cn.filter;
import java.io.*;
import java.util.Properties;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import com.cn.exception.AccountException;
public class Filter_Power implements Filter {
//声明properties对象,用于保存所有的权限
private Properties properties = new Properties();
public void init(FilterConfig config) throws ServletException {
//使用config对象的getInitParameter方法,从初始化参数获取文件位置
String file = config.getInitParameter(“file”);
//文件实际位置
String realPath = config.getServletContext().getRealPath(file);
try {
//加载所有的权限配置
properties.load(new FileInputStream(realPath));
} catch (Exception e) {
// 加载失败时,输出失败信息
config.getServletContext().log(“读取权限控制文件失败。”, e);
}
}
public void doFilter(ServletRequest srt, ServletResponse srs,
FilterChain chain) throws IOException, ServletException {
//把ServletRequest对象强转成HttpServletRequest对象
HttpServletRequest request = (HttpServletRequest) srt;
//获得访问的相对路径
String requestURI = request.getRequestURI().replace(
request.getContextPath() + “/”, “”);
//获取 地址栏中的action 参数,
String action = srt.getParameter(“action”);
action = action==null ? “” : action;
// 把获取的requestURI和action,拼接成 URI。例如:log.do?action=list
String uri = requestURI + “?action=” + action;
//从session中获取用户权限角色。
String role = (String) request.getSession(true).getAttribute(“role”);
//默认权限为guest
role = role == null ? “guest” : role;
boolean authentificated = false;
//检查该用户是否有权限访问该URI
for (Object obj : properties.keySet()) {
String key = ((String) obj);
// 使用正则表达式验证 需要将 ? . 替换一下,并将通配符 * 处理一下
if (uri.matches(key.replace(“?”, “\\?”).replace(“.”, “\\.”).replace(“*”, “.*”))) {
// 判断如果权限role 匹配
if (role.equals(properties.get(key))) {
// 验证通过,记录到authentificated中
authentificated = true;
break;
}
}
}
//如果没通过验证
if (!authentificated) {
throw new RuntimeException(new AccountException(
“您无权访问该页面。请以合适的身份登陆后查看。”));
}
//通过了验证,执行doFilter,执行下一个Filter或者Servlet
chain.doFilter(srt, srs);
}
public void destroy() {
// 注销pp
properties = null;
}
}
power.properties文件,记录相应的权限:
# Privilege Settings
admin.do?action\=* = administrator
log.do?action\=* = administrator
list.do?action\=add = member
list.do?action\=delete = member
list.do?action\=save = member
list.do?action\=view = guest
list.do?action\=list = guest
filter_power.jsp文件:
<%@ page language=”java” pageEncoding=”utf-8″%>
<!DOCTYPE HTML PUBLIC “-//W3C//DTD HTML 4.01 Transitional//EN”>
<html>
<head>
<title>My JSP ‘filter_power.jsp’ starting page</title>
</head>
<body>
成功访问!
<br>
<%=request.getRequestURI() %>
</body>
</html>
web.xml配置文件:
<?xml version=”1.0″ encoding=”UTF-8″?>
<web-app version=”2.5″
xmlns=”http://java.sun.com/xml/ns/javaee”
xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance”
xsi:schemaLocation=”http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd”>
<filter>
<filter-name>Filter_Power</filter-name>
<filter-class>
com.cn.filter.Filter_Power
</filter-class>
<init-param>
<param-name>file</param-name>
<param-value>/power.properties</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>Filter_Power</filter-name>
<url-pattern>*.do</url-pattern>
</filter-mapping>
</web-app>