RBAC --> 基於角色的許可權控制 tb_user tb_role tb_userrole tb_menu(增、刪、改、查) tb_rolemenu 1 說明 給出三個頁面:index.jsp、user.jsp、admin.jsp。 index.jsp:誰都可以訪問,沒有限制; user.jsp: ...
RBAC --> 基於角色的許可權控制
- tb_user
- tb_role
- tb_userrole
- tb_menu(增、刪、改、查)
- tb_rolemenu
- index.jsp:誰都可以訪問,沒有限制;
- user.jsp:只有登錄用戶才能訪問;
- admin.jsp:只有管理員才能訪問。
- 如果訪問的是user.jsp,查看session中是否存在user;
- 如果訪問的是admin.jsp,查看session中是否存在user,並且user的grade等於2。
3 代碼
index.jsp
1 <%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> 2 <%@ page contentType="text/html;charset=UTF-8" language="java" %> 3 <html> 4 <head> 5 <title>$Title$</title> 6 </head> 7 <body> 8 <h1>主頁</h1> 9 <h3>${user.username }</h3> 10 <hr/> 11 <a href="<c:url value='/login.jsp'/>">登錄</a><br/> 12 <a href="<c:url value='/users/users.jsp'/>">用戶頁面</a><br/> 13 <a href="<c:url value='/admin/admin.jsp'/>">管理員頁面</a> 14 </body> 15 </html>
login.jsp
1 <%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> 2 <%@ page contentType="text/html;charset=UTF-8" language="java" %> 3 <html> 4 <head> 5 <title>Title</title> 6 </head> 7 <body> 8 <h1>登錄</h1> 9 <p style="font-weight: 900; color: red">${msg }</p> 10 <form action="<c:url value='/LoginServlet'/>" method="post"> 11 用戶名:<input type="text" name="username"/><br/> 12 密 碼:<input type="password" name="password"/><br/> 13 <input type="submit" value="登錄"/> 14 </form> 15 </form> 16 </body> 17 </html>
users.jsp
1 <%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> 2 <%-- 3 Created by IntelliJ IDEA. 4 web.user.User: Mac 5 Date: 13/09/2017 6 Time: 1:22 PM 7 To change this template use File | Settings | File Templates. 8 --%> 9 <%@ page contentType="text/html;charset=UTF-8" language="java" %> 10 <html> 11 <head> 12 <title>Title</title> 13 </head> 14 <body> 15 <h1>用戶頁面</h1> 16 <h3>${user.username }</h3> 17 <hr/> 18 </body> 19 </html>
admin.jsp
1 <%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> 2 <%@ page contentType="text/html;charset=UTF-8" language="java" %> 3 <html> 4 <head> 5 <title>Title</title> 6 </head> 7 <body> 8 <h1>管理員頁面</h1> 9 <h3>${user.username }</h3> 10 <hr/> 11 </body> 12 </html>
User.java
1 public class User {
2 private String username;
3 private String password;
4 private int grade;
5
6 public User(String username, String password, int grade) {
7 this.username = username;
8 this.password = password;
9 this.grade = grade;
10 }
11
12 public int getGrade() {
13 return grade;
14 }
15
16 public void setGrade(int grade) {
17 this.grade = grade;
18 }
19
20 public String getUsername() {
21 return username;
22 }
23
24 public void setUsername(String username) {
25 this.username = username;
26 }
27
28 public String getPassword() {
29 return password;
30 }
31
32 public void setPassword(String password) {
33 this.password = password;
34 }
35
36 @Override
37 public String toString() {
38 return "web.user.User{" +
39 "username='" + username + '\'' +
40 ", password='" + password + '\'' +
41 '}';
42 }
43 }
LoginServlet.java
1 package web.servlet;
2
3 import web.service.UserService;
4 import web.user.User;
5 import javax.servlet.ServletException;
6 import javax.servlet.annotation.WebServlet;
7 import javax.servlet.http.HttpServlet;
8 import javax.servlet.http.HttpServletRequest;
9 import javax.servlet.http.HttpServletResponse;
10 import java.io.IOException;
11
12 @WebServlet(name = "LoginServlet",urlPatterns = "/LoginServlet")
13 public class LoginServlet extends HttpServlet {
14
15 public void doPost(HttpServletRequest request, HttpServletResponse response)
16 throws ServletException, IOException {
17 request.setCharacterEncoding("utf-8");
18 response.setContentType("text/html;charset=utf-8");
19
20 String username = request.getParameter("username");
21 String password = request.getParameter("password");
22 UserService userService = new UserService();
23 User user = userService.login(username, password);
24 if(user == null ) {
25 request.setAttribute("msg", "用戶名或密碼錯誤");
26 request.getRequestDispatcher("/login.jsp").forward(request, response);
27 } else {
28 request.getSession().setAttribute("user", user);
29 request.getRequestDispatcher("/index.jsp").forward(request, response);
30 }
31 }
32 }
UserServlet.java
1 package web.servlet;
2
3 import web.user.User;
4
5 import javax.servlet.ServletException;
6 import javax.servlet.annotation.WebServlet;
7 import javax.servlet.http.HttpServlet;
8 import javax.servlet.http.HttpServletRequest;
9 import javax.servlet.http.HttpServletResponse;
10 import java.io.IOException;
11 import java.util.HashMap;
12 import java.util.Map;
13
14 @WebServlet(name = "UserServlet",urlPatterns = "/UserServlet")
15 public class UserServlet extends HttpServlet {
16 private static Map<String,User> users = new HashMap<String, User>();
17 static {
18 users.put("zhangSan", new User("zhangSan", "123", 1));
19 users.put("liSi", new User("liSi", "123", 2));
20 }
21
22 public User login (String username, String password) {
23 User user = users.get(username);
24 if(user == null) return null;
25 return user.getPassword().equals(password) ? user : null;
26 }
27 }
UserService.java
1 package web.service;
2
3 import web.user.User;
4 import java.util.HashMap;
5 import java.util.Map;
6
7 public class UserService {
8 private static Map<String,User> users = new HashMap<String, User>();
9 static {
10 users.put("zhangSan", new User("zhangSan", "123", 1));
11 users.put("liSi", new User("liSi", "123", 2));
12 }
13
14 public User login (String username, String password) {
15 User user = users.get(username);
16 if(user == null) return null;
17 return user.getPassword().equals(password) ? user : null;
18 }
19 }
AdminFilter.java
1 package web.filter;
2
3 import web.user.User;
4
5 import javax.servlet.*;
6 import javax.servlet.annotation.WebFilter;
7 import javax.servlet.http.HttpServletRequest;
8 import java.io.IOException;
9
10 @WebFilter(filterName = "AdminFilter",urlPatterns = "/admin/*")
11 public class AdminFilter implements Filter {
12 public void destroy() {}
13 public void init(FilterConfig fConfig) throws ServletException {}
14
15 public void doFilter(ServletRequest request, ServletResponse response,
16 FilterChain chain) throws IOException, ServletException {
17 response.setContentType("text/html;charset=utf-8");
18 HttpServletRequest req = (HttpServletRequest) request;
19 User user = (User) req.getSession().getAttribute("user");
20 if(user == null) {
21 response.getWriter().print("您還沒有登錄!");
22 return;
23 }
24 if(user.getGrade() < 2) {
25 response.getWriter().print("您的等級不夠!");
26 return;
27 }
28 chain.doFilter(request, response);
29 }
30
31 }
UserFilter.java
1 package web.filter;
2
3 import web.user.User;
4
5 import javax.servlet.*;
6 import javax.servlet.annotation.WebFilter;
7 import javax.servlet.http.HttpServletRequest;
8 import java.io.IOException;
9
10 @WebFilter(filterName = "UseFilter",urlPatterns = "/users/*")
11 public class UseFilter implements Filter {
12 public void destroy() {
13 }
14 public void doFilter(ServletRequest request, ServletResponse response,
15 FilterChain chain) throws IOException, ServletException {
16 response.setContentType("text/html;charset=utf-8");
17 HttpServletRequest req = (HttpServletRequest) request;
18 User user = (User) req.getSession().getAttribute("user");
19 if(user == null) {
20 response.getWriter().print("您還沒有登錄");
21 return;
22 }
23 chain.doFilter(request, response);
24 }
25
26 public void init(FilterConfig config) throws ServletException {
27
28 }
29 }