Jsp的filter拦截器实现用户权限分级

看了一下上学期学的项目,发现用到了jsp的filter来实现不同用户登录网站访问模块的分类,现在把代码分享出来跟大家共享一下···

package com.wws.filter;

import java.io.IOException;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import com.wws.model.ConnDB;
import com.wws.model.UsersBean;
import com.wws.model.UsersBeanBO;

public class SecurityFilter implements Filter
{
	private PreparedStatement ps = null;
	private ResultSet rs = null;
	private Connection ct = null;
	@Override
	public void destroy() {
		// TODO Auto-generated method stub
		
	}

	@Override
	public void doFilter(ServletRequest req, ServletResponse rep,
			FilterChain chain) throws IOException, ServletException {
		// TODO Auto-generated method stub
		HttpServletRequest request = (HttpServletRequest) req;
		HttpServletResponse response = (HttpServletResponse) rep;
		HttpSession session = request.getSession();
		
		if(session.getAttribute("userInfo")!=null)
		{
			UsersBean ub=(UsersBean)session.getAttribute("userInfo");
			int role_id=ub.getRole_id();
			String sql="select role_name from Role where role_id="+role_id+"";
			try{
				ct=new ConnDB().getConn();
				ps=ct.prepareStatement(sql);
				rs=ps.executeQuery();
				if(rs.next()){
					//取出数据库的密码
					String role_name=rs.getString(1).trim();
					if("admin".equals(role_name)){
						response.sendRedirect("person1.jsp");
					}else if("educator".equals(role_name))
					{
						response.sendRedirect("ShowEC");
					}else if("student".equals(role_name))
					{
						response.sendRedirect("person3.jsp");
						//int user_id=ub.getUser_id();
						//request.setAttribute("user_id", user_id);
						//request.getRequestDispatcher("ShowSC").forward(request, response);
					}else
					{
						//chain.doFilter(request,response);Filter依旧放行到action地址,若不处理只是打印日志的话
						response.sendRedirect("ShowCourse");
					}
					
				
				}else
				{
					//chain参数用于控制是否放行用户请求
					chain.doFilter(req, rep); 
				}
			}
			catch(Exception e){
				e.printStackTrace();
			}finally{
				this.close();
			}
		}else
		{
			response.sendRedirect("");
		}
	}

	@Override
	public void init(FilterConfig arg0) throws ServletException {
		// TODO Auto-generated method stub
		
	}
	
	public void close() { // 关闭各种打开的资源
		try {
			if (rs != null) {
				rs.close();
				rs = null;
			}
			if (ps != null) {
				ps.close();
				ps = null;
			}
			if (ct != null) {
				ct.close();
				ct = null;
			}
		} catch (Exception e) {
			e.printStackTrace();// 打印异常,以便修改
		}
	}
	
}
在web.xml里面的配置:

 <filter>
  <!-- Filter的名字,相当于指定@WebFilter的filterName属性 -->
  	<filter-name>securityFilter</filter-name>
  	<filter-class>com.wws.filter.SecurityFilter</filter-class>
  </filter>
  <filter-mapping>
  	<filter-name>securityFilter</filter-name>
  	<!-- Filter负责拦截的URL,相当于指定@WebFilter的urlPatterns属性,可以用/*拦截所有请求 -->
  	<url-pattern>/securityFilter</url-pattern>
  </filter-mapping>


郑重声明:本站内容如果来自互联网及其他传播媒体,其版权均属原媒体及文章作者所有。转载目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。