对session的验证,如果没有相对应的处理就抛出一个LoginException异常
本例添加URI与权限role角色检查,这个配置文件存放在properties配置文件中
创建过滤器的实现类PriorityFilter.java,在该类中创建一个Properties对象,使它可以保存在流中或从流中加载,作用是保存所有的权限,并在初始化方法中获取这个权限文件的位置和配置,在doFilter()中设置访问的路径与后缀的参数,组成新的URI
public class PriorityFilter implements Filter {
private Properties pts=new Properties();
@Override
public void destroy() {
pts=null;
}
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest request=(HttpServletRequest) req;
//获取访问的路径
String requestURI=request.getRequestURI().replace(request.getContextPath()+"/","");
//获取action的参数
String action=req.getParameter("action");
action=action==null?"":action;
//组成新的URI
String uri=requestURI+"?action="+action;
//在session中获取用户权限
String
role=(String)request.getSession(true).getAttribute("role");
role=role==null?"guest":role;
boolean authentificated=false;
//审核用户是否有权限登录访问
for(Object obj:pts.keySet()){
String key=((String)obj);
//使用正则表达式验证,需要将?替换,通过通配符*处理
if(uri.matches(key.replace("?", "\\?").replaceAll(".", "\\.").replace("*", ".*"))){
//如果role角色匹配
if(role.equals(pts.get(key))){
authentificated=true;
break;
}
}
}
if (!authentificated) {
throw new RuntimeException(new LoginException(
"您无权访问该页面。请以合适的身份登录后查看。"));
}
//下一个过滤器或者Servlet
chain.doFilter(req, res);
}
@Override
public void init(FilterConfig config) throws ServletException {
//从初始化参数中获取权限配置文件的位置
String file=config.getInitParameter("file");
String realPath=config.getServletContext().getRealPath(file);
try{
pts.load(new FileInputStream(realPath));
}catch(Exception e){
config.getServletContext().log("读取权限文件错误",e);
}
}
}
创建ExceptionFilter.java文件
public class ExceptionFilter implements Filter {
public void destroy() {
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
try {
chain.doFilter(request, response);
} catch (Exception e) {
Throwable rootCause = e;
while (rootCause.getCause() != null) {
rootCause = rootCause.getCause();
}
String message = rootCause.getMessage();
message = message == null ? "Òì³££º" + rootCause.getClass().getName()
: message;
request.setAttribute("message", message);
request.setAttribute("e", e);
if (rootCause instanceof LoginException) {
request.getRequestDispatcher("/loginException.jsp").forward(
request, response);
}else {
request.getRequestDispatcher("/error.jsp").forward(request,
response);
}
}
}
public void init(FilterConfig arg0) throws ServletException {
}
}
创建LoginException.java文件
public class LoginException extends Exception {
private static final long serialVersionUID = -3040955562136599570L;
public LoginException(String msg) {
super(msg);
}
}
loginException.jsp文件
<%@ page language="java" contentType="text/html; charset=UTF-8" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>权限验证Filter</title>
<style type="text/css">
body, td, div, input {
font-size: 20px;
}
.error {
padding: 3px;
border: 1px solid #FF0000;
background: url(images/error.gif) 8px 5px no-repeat lightblue;
padding-left: 50px;
}
</style>
</head>
<body>
<div class="error" align="center">
${ message }
</div>
<form action="" method="post" >
<table align="center">
<tr>
<td>账号</td>
<td><input type="text" name="account" /></td>
</tr>
<tr>
<td>密码</td>
<td><input type="password" name="password" /></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" value=" 登录 " /></td>
</tr>
</table>
</form>
</body>
</html>
output.jsp文件
<%@ page language="java" contentType="text/html; charset=UTF-8" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>${ pageContext.request.requestURI }</title>
</head>
<body>
<div align="center" style="font-size: x-large">用户在浏览的是: ${ pageContext.request.requestURI }?${ pageContext.request.queryString }.</div>
</body>
</html>
error.jsp文件
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<base href="<%=basePath%>">
<title>My JSP 'error.jsp' starting page</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->
</head>
<body>
异常错误页面提示!!!
</body>
</html>
创建priority.properties配置文件,如果只有key-value属性值,其中key键为访问的地址,value为控制访问的权限名称
# Privilege Settings
admin.do?action\=* = administrators
login.do?action\=* = administrators
method.do?action\=add = system
method.do?action\=delete = system
method.do?action\=save = system
method.do?action\=view = guest
method.do?action\=list = gue
web.xml文件配置
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<display-name>filter</display-name>
<servlet>
<servlet-name>dispatcherServlet</servlet-name>
<jsp-file>/output.jsp</jsp-file>
</servlet>
<servlet-mapping>
<servlet-name>dispatcherServlet</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
<filter>
<filter-name>exceptionFilter</filter-name>
<filter-class>
com.cn.zj.Filter.ExceptionFilter
</filter-class>
</filter>
<filter>
<filter-name>priorityFilter</filter-name>
<filter-class>
com.cn.zj.Filter.PriorityFilter
</filter-class>
<init-param>
<param-name>file</param-name>
<param-value>/WEB-INF/priority.properties</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>exceptionFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>priorityFilter</filter-name>
<url-pattern>*.do</url-pattern>
</filter-mapping>