Jsp的filter拦截器实现用户权限分级
浏览数:36 /
时间:2015年06月09日
看了一下上学期学的项目,发现用到了jsp的filter来实现不同用户登录网站访问模块的分类,现在把代码分享出来跟大家共享一下···
package com.wws.filter;
import java.io.IOException;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import com.wws.model.ConnDB;
import com.wws.model.UsersBean;
import com.wws.model.UsersBeanBO;
public class SecurityFilter implements Filter
{
private PreparedStatement ps = null;
private ResultSet rs = null;
private Connection ct = null;
@Override
public void destroy() {
// TODO Auto-generated method stub
}
@Override
public void doFilter(ServletRequest req, ServletResponse rep,
FilterChain chain) throws IOException, ServletException {
// TODO Auto-generated method stub
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) rep;
HttpSession session = request.getSession();
if(session.getAttribute("userInfo")!=null)
{
UsersBean ub=(UsersBean)session.getAttribute("userInfo");
int role_id=ub.getRole_id();
String sql="select role_name from Role where role_id="+role_id+"";
try{
ct=new ConnDB().getConn();
ps=ct.prepareStatement(sql);
rs=ps.executeQuery();
if(rs.next()){
//取出数据库的密码
String role_name=rs.getString(1).trim();
if("admin".equals(role_name)){
response.sendRedirect("person1.jsp");
}else if("educator".equals(role_name))
{
response.sendRedirect("ShowEC");
}else if("student".equals(role_name))
{
response.sendRedirect("person3.jsp");
//int user_id=ub.getUser_id();
//request.setAttribute("user_id", user_id);
//request.getRequestDispatcher("ShowSC").forward(request, response);
}else
{
//chain.doFilter(request,response);Filter依旧放行到action地址,若不处理只是打印日志的话
response.sendRedirect("ShowCourse");
}
}else
{
//chain参数用于控制是否放行用户请求
chain.doFilter(req, rep);
}
}
catch(Exception e){
e.printStackTrace();
}finally{
this.close();
}
}else
{
response.sendRedirect("");
}
}
@Override
public void init(FilterConfig arg0) throws ServletException {
// TODO Auto-generated method stub
}
public void close() { // 关闭各种打开的资源
try {
if (rs != null) {
rs.close();
rs = null;
}
if (ps != null) {
ps.close();
ps = null;
}
if (ct != null) {
ct.close();
ct = null;
}
} catch (Exception e) {
e.printStackTrace();// 打印异常,以便修改
}
}
}
在web.xml里面的配置:
<filter> <!-- Filter的名字,相当于指定@WebFilter的filterName属性 --> <filter-name>securityFilter</filter-name> <filter-class>com.wws.filter.SecurityFilter</filter-class> </filter> <filter-mapping> <filter-name>securityFilter</filter-name> <!-- Filter负责拦截的URL,相当于指定@WebFilter的urlPatterns属性,可以用/*拦截所有请求 --> <url-pattern>/securityFilter</url-pattern> </filter-mapping>
郑重声明:本站内容如果来自互联网及其他传播媒体,其版权均属原媒体及文章作者所有。转载目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。
