简介:
同样需要用到EL表达式,那么就需要导入对应的jar包;
参考:https://www.cnblogs.com/0099-ymsml/p/16143473.html
使用session记录请求访问的信息,然后再通过过滤器中判断是否放行,不放行则打回登录页面;
首先需要创建的文件有:
AdminFilter:
package demoFilter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpFilter;
import javax.servlet.http.HttpServletRequest;
public class AdminFilter implements Filter {
public void destroy() {
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
/**
* 得到session
* 判断session域中是否存在admin,存在则放行
* 如果没有则返回登录页面。
*/
// 向下转型
HttpServletRequest req = (HttpServletRequest) request;
String admin = (String) req.getSession().getAttribute("admin");
System.out.println("AdminFilter:" + admin);
if (admin != null) {
chain.doFilter(request, response);
System.out.println("AdminFilter:admin通过");
}else {
req.setAttribute("msg", "必须要管理员才能进入!!!");
req.getRequestDispatcher("/login.jsp").forward(request, response);
}
}
public void init(FilterConfig fConfig) throws ServletException {
}
}
UserFilter:
package demoFilter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
public class UserFilter implements Filter {
public void destroy() {
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
/**
* 得到session 判断session域中是否存在admin,存在则放行 判断session域中是否存在username,存在则放行
* 如果没有则返回登录页面。
*/
// 向下转型
HttpServletRequest req = (HttpServletRequest) request;
String admin = (String) req.getSession().getAttribute("admin");
System.out.println("AdminFilter:" + admin);
if (admin != null) {
chain.doFilter(request, response);
System.out.println("UserFilter:admin通过");
return;
}
String user = (String) req.getSession().getAttribute("user");
System.out.println("UserFilter:" + user);
if (user != null) {
chain.doFilter(request, response);
System.out.println("UserFilter:user通过");
return;
} else {
req.setAttribute("msg", "你只是游客,无法进入该页面!!");
req.getRequestDispatcher("/login.jsp").forward(request, response);
}
}
public void init(FilterConfig fConfig) throws ServletException {
}
}
LoginServlet:
package demoServlet;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@WebServlet("/LoginServlet")
public class LoginServlet extends HttpServlet {
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
req.setCharacterEncoding("utf-8");
resp.setContentType("text/html;charset:utf-8");
/**
* 获取用户名
* 判断用户名是否是cdml
* 是:则是管理员
* 跳转到管理员页面
* 不是:则是普通用户
* 把登录的用户名称保存到session中
* 然后转发到index.jsp
*/
req.getSession().removeAttribute("admin");
req.getSession().removeAttribute("user");
String username = req.getParameter("username");
System.out.println("username:" + username);
if("cdml".equals(username)) { // 管理员账号
System.out.println("设置管理员session");
req.getSession().setAttribute("admin", username);
req.getRequestDispatcher("/admin/admin.jsp").forward(req, resp);
}else if("cd".equals(username)) { // 普通用户账号
System.out.println("设置普通用户session");
req.getSession().setAttribute("user", username);
req.getRequestDispatcher("/user/user.jsp").forward(req, resp);
}
else { // 游客
req.getSession().setAttribute("username", username);
req.getRequestDispatcher("/index.jsp").forward(req, resp);
}
}
}
admin.jsp:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<%@taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>ADMIN</title>
</head>
<body>
<h1>管理员页面</h1>
<a href="<c:url value='/index.jsp'/>">toIndex</a><br/>
<a href="<c:url value='/user/user.jsp'/>">toUser</a><br/>
<a href="<c:url value='/admin/admin.jsp'/>">toAdmin</a><br/>
</body>
</html>
user.jsp:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<%@taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>USER</title>
</head>
<body>
<h1>普通用户页面</h1>
<a href="<c:url value='/index.jsp'/>">toIndex</a><br/>
<a href="<c:url value='/user/user.jsp'/>">toUser</a><br/>
<a href="<c:url value='/admin/admin.jsp'/>">toAdmin</a><br/>
</body>
</html>
index.jsp:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<%@taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>index</title>
</head>
<body>
<h1>游客页面</h1>
<a href="<c:url value='/index.jsp'/>">toIndex</a><br/>
<a href="<c:url value='/user/user.jsp'/>">toUser</a><br/>
<a href="<c:url value='/admin/admin.jsp'/>">toAdmin</a><br/>
</body>
</html>
login.jsp:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<%@taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>login</title>
</head>
<body>
<h1 align="center">登录</h1>
${ msg }
<form action="<c:url value='/LoginServlet'/>" method="post" align="center">
用户名:<input type="text" name="username"/><br/>
<input type="submit" value="登录"/>
</form>
</body>
</html>
web.xml的配置:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd" id="WebApp_ID" version="4.0">
<display-name>day041401</display-name>
<filter>
<filter-name>UserFilter</filter-name>
<filter-class>demoFilter.UserFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>UserFilter</filter-name>
<url-pattern>/user/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>AdminFilter</filter-name>
<filter-class>demoFilter.AdminFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AdminFilter</filter-name>
<url-pattern>/admin/*</url-pattern>
</filter-mapping>
</web-app>
启动服务器 -- 浏览器访问index.jsp:
然后点击toUser -- 权限不够需要登录:
然后是可以输入用户名cd(普通用户的用户名,在LoginServlet中设置的):
这样就可以进入普通用户的页面;
然后点击toAdmin -- 权限不够需要登录:
现在可以输入cdml(管理员用户的用户名,在LoginServlet中设置的):
进入管理员用户页面,此时的权限最大,可以进入任意页面。
查看控制台输出:
null表示没有设置对应的session信息。
AdminFilter:null -- 管理员账号为空
