粗粒度权限控制(拦截是否登录、拦截用户名admin权限)
RBAC(Role-Based Access Control)->基于角色的权限控制
LoginServlet
protected void doPost(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
request.setCharacterEncoding("utf-8");
response.setContentType("text/html;charset=utf-8");
/*
* 1、获取用户名 2、判断用户名是否包含admin 3、如果包含就是管理员 4、如果不包含,就是普通会员
* 5、要把登录的用户名称保存到session中 6、转发到index.jsp
*/
String username = request.getParameter("username");
if("admin".equalsIgnoreCase(username)){
request.getSession().setAttribute("admin", username);
}else{
request.getSession().setAttribute("username", username);
}
request.getRequestDispatcher("/index.jsp").forward(request, response);
}
public class AdminFilter implements Filter {
public void destroy() {
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
/*
* 1.得到session 2.判断session域中是否存在admin,如果存在放行
*/
HttpServletRequest req = (HttpServletRequest) request;
String name = (String) req.getSession().getAttribute("admin");
if (name != null) {
chain.doFilter(request, response);
} else {
request.setAttribute("msg", "你不是管理员");
req.getRequestDispatcher("/login,jsp").forward(request, response);
}
}
public void init(FilterConfig fConfig) throws ServletException {
}
}
public class UserFilter implements Filter {
public void destroy() {
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
/*
* 1.得到session 2.判断session域中是否存在admin,如果存在放行
* 3.判断session域中是否存在user,如果存在放行,否则打回到login.jsp,并显示"你不是会员或管理员"
*/
HttpServletRequest req = (HttpServletRequest) request;
String name = (String) req.getSession().getAttribute("admin");
if (name != null) {
chain.doFilter(request, response);
return;
}
name = (String)req.getSession().getAttribute("user");
if(name != null){
chain.doFilter(request, response);
}
else{
request.setAttribute("msg","你不是会员或者管理员" );
req.getRequestDispatcher("/login.jsp").forward(request, response);
}
}
public void init(FilterConfig fConfig) throws ServletException {
}
}
/index.jsp
<body>
<h1>欢迎游客</h1>
<a href="<c:url value='/index.jsp'/>">游客入口</a>
<a href="<c:url value='/user/u.jsp'/>">会员入口</a>
<a href="<c:url value='/admin/a.jsp'/>">管理员入口</a>
</body>
/login.jsp
<body>
<h1>登录</h1>
${msg }
<form action="<c:url value='/LoginServlet'/>" method="post">
用户名<input type="text" name="username" >
<input type="submit" value="登录">
</form>
</body>