Jsp的filter拦截器实现用户权限分级
看了一下上学期学的项目,发现用到了jsp的filter来实现不同用户登录网站访问模块的分类,现在把代码分享出来跟大家共享一下···
package com.wws.filter; import java.io.IOException; import java.sql.Connection; import java.sql.PreparedStatement; import java.sql.ResultSet; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import com.wws.model.ConnDB; import com.wws.model.UsersBean; import com.wws.model.UsersBeanBO; public class SecurityFilter implements Filter { private PreparedStatement ps = null; private ResultSet rs = null; private Connection ct = null; @Override public void destroy() { // TODO Auto-generated method stub } @Override public void doFilter(ServletRequest req, ServletResponse rep, FilterChain chain) throws IOException, ServletException { // TODO Auto-generated method stub HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) rep; HttpSession session = request.getSession(); if(session.getAttribute("userInfo")!=null) { UsersBean ub=(UsersBean)session.getAttribute("userInfo"); int role_id=ub.getRole_id(); String sql="select role_name from Role where role_id="+role_id+""; try{ ct=new ConnDB().getConn(); ps=ct.prepareStatement(sql); rs=ps.executeQuery(); if(rs.next()){ //取出数据库的密码 String role_name=rs.getString(1).trim(); if("admin".equals(role_name)){ response.sendRedirect("person1.jsp"); }else if("educator".equals(role_name)) { response.sendRedirect("ShowEC"); }else if("student".equals(role_name)) { response.sendRedirect("person3.jsp"); //int user_id=ub.getUser_id(); //request.setAttribute("user_id", user_id); //request.getRequestDispatcher("ShowSC").forward(request, response); }else { //chain.doFilter(request,response);Filter依旧放行到action地址,若不处理只是打印日志的话 response.sendRedirect("ShowCourse"); } }else { //chain参数用于控制是否放行用户请求 chain.doFilter(req, rep); } } catch(Exception e){ e.printStackTrace(); }finally{ this.close(); } }else { response.sendRedirect(""); } } @Override public void init(FilterConfig arg0) throws ServletException { // TODO Auto-generated method stub } public void close() { // 关闭各种打开的资源 try { if (rs != null) { rs.close(); rs = null; } if (ps != null) { ps.close(); ps = null; } if (ct != null) { ct.close(); ct = null; } } catch (Exception e) { e.printStackTrace();// 打印异常,以便修改 } } }在web.xml里面的配置:
<filter> <!-- Filter的名字,相当于指定@WebFilter的filterName属性 --> <filter-name>securityFilter</filter-name> <filter-class>com.wws.filter.SecurityFilter</filter-class> </filter> <filter-mapping> <filter-name>securityFilter</filter-name> <!-- Filter负责拦截的URL,相当于指定@WebFilter的urlPatterns属性,可以用/*拦截所有请求 --> <url-pattern>/securityFilter</url-pattern> </filter-mapping>
郑重声明:本站内容如果来自互联网及其他传播媒体,其版权均属原媒体及文章作者所有。转载目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。