javaweb权限控制

web的权限控制笔记类代码，防止自己忘记！！！！# 权限控制1.用户登录2.保存用户信息（判断权限）3.当用户访问某个网址的时候，在过滤器内判断用户是否拥有访问当前页面的权限3-1.如果有，将请求传递到目标资源3-2.如果没有，提示错误信息## LoginServlet```javapackage controller;import java.io.IOException;import javax

Hackers luthiers

814人浏览 · 2021-12-17 16:11:48

Hackers luthiers · 2021-12-17 16:11:48 发布

web的权限控制

笔记类代码，防止自己忘记！！！！

# 权限控制

1.用户登录
2.保存用户信息（判断权限）
3.当用户访问某个网址的时候，
	在过滤器内判断用户是否拥有访问当前页面的权限
3-1.如果有，将请求传递到目标资源
3-2.如果没有，提示错误信息



## LoginServlet

```java
package controller;

import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

/**

 * 登录处理
   */
   @WebServlet("/LoginServlet")
   public class LoginServlet extends HttpServlet {
   private static final long serialVersionUID = 1L;

   /**

    * 将用户信息保存到session内
      */
      protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
      HttpSession session = request.getSession();

      // 用户名密码不为空即为合法用户
      String username = request.getParameter("username");
      String password = request.getParameter("password");
      if (username != null
      		&& password != null) {
      	session.setAttribute("username", username);
      	

      	response.getWriter().append("登录成功!");

      }
      }

}

PermissionFilter

package filter;

import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

/**

 * 用户权限校验
   */
   @WebFilter("/*")
   public class PermissionFilter implements Filter {

   // 保存用户的权限信息
   private Map<String, List<String>> permissionMap = new HashMap<>();

   // 加载用户权限
   public void init(FilterConfig fConfig) throws ServletException {
   	// admin的权限
   	List<String> adminList = new ArrayList<String>();
   	adminList.add("/Hello/LoginServlet");
   	adminList.add("/Hello/AdminServlet");
   	adminList.add("/Hello/ajax.jsp");
   	

   	// zhangsan的权限
   	List<String> zhangsanList = new ArrayList<String>();
   	zhangsanList.add("/Hello/LoginServlet");
   	zhangsanList.add("/Hello/ajax.jsp");
   	
   	permissionMap.put("admin", adminList);
   	permissionMap.put("zhangsan", zhangsanList);

   }

   // 权限鉴别
   public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
   	HttpServletRequest httpRequest = (HttpServletRequest) request;
   	response.setContentType("text/html;charset=utf-8");
   	

   	// 获取用户信息
   	HttpSession session = httpRequest.getSession();
   	String username = (String) session.getAttribute("username");
   	
   	// 获取用户请求的资源地址
   	String uri = httpRequest.getRequestURI();
   	
   	// 鉴别用户权限
   	if ("/Hello/login.jsp".equals(uri)
   			|| "/Hello/LoginServlet".equals(uri)) { // 登录直接访问
   		chain.doFilter(request, response);
   	} else {
   		List<String> list = this.permissionMap.get(username);
   		if (list != null && list.contains(uri)) {
   			chain.doFilter(request, response);
   		} else {
   			response.getWriter().append("当前用户没有访问权限！");
   		}
   	}

   }

   public void destroy() {
   	permissionMap = null;
   }

}