JSP路劲
怎么实现Jsp限制路径直接访问,是在Servlet限制还是在Jsp页面,希望大虾能介绍下经典的和常用的方法。
[解决办法]
一般情况用户登陆后都会将用户信息存入session中,你可以使用过滤器filter过滤你要设置权限的路径,当用户直接在地址栏输入该路径时,会先进入过滤器,你可以判断session中是否存在用户信息,若没有强制跳转到登陆页面.
[解决办法]
//获取请求路径String url = request.getRequestURI();if(url.contains("你要限制的路径")){ //这里做操作}
[解决办法]
1.直接在XML里面配置filter
<filter>
<filter-name>PopedomFilter</filter-name>
<filter-class>com.wepull.hrms.filter.PopedomFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>PopedomFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
2.写Filter,即上面配置的com.wepull.hrms.filter.PopedomFilter这个类
package com.wepull.hrms.filter;
import java.io.IOException;
import java.util.List;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import com.wepull.hrms.util.UserDTO;
public class PopedomFilter implements Filter{
//此处导包是import javax.servlet.Filter
public void destroy() {
}
public void doFilter(ServletRequest req, ServletResponse resp,
FilterChain chain) throws IOException, ServletException {
//1.处理参数
HttpServletRequest request = (HttpServletRequest)req;
HttpServletResponse response = (HttpServletResponse)resp;
//2.拦截url
String path = request.getRequestURI();
System.out.println("path:"+path);
int index = path.indexOf("/");
String url = path.substring(index+1);
url = url.substring(url.indexOf("/")+1);
System.out.println("url:"+url);
if(url.contains(".jsp")||url.contains(".html")||url.contains(".htm")||url.contains(".gif")||url.contains(".jpg")
||url.contains(".css")||url.contains(".js")||url.contains("doLogin") || url.contains("")) {
chain.doFilter(request, response);
return;
}
//权限拦截:1.判断是否登录 2.看是否有权限
HttpSession session = request.getSession();
UserDTO dto = (UserDTO)session.getAttribute("USER");
if(dto==null) {//没有登录,重新返回登录页面
response.sendRedirect("/HRMS/login.html");
return;
} else {//如果登录成功
List<String> urls = dto.getUrls();
if(urls!=null && urls.size()>=1) {
//看是否拥有当前的权限(url)
System.out.println(urls.contains(url));
if(urls.contains(url)) {
chain.doFilter(request, response);//放行
return;
}else {
response.sendRedirect("/HRMS/error.jsp");
}
}
}
}
public void init(FilterConfig arg0) throws ServletException {
}
}
在URL的处理上,只要包含是页面的都不让通过,只有先进验证的servlet确认权限之后才让通过。
[解决办法]
用过滤器就好了,页面上有标签
/**
* Copyright ® 2009 YuanChung All right reserved.
*/
package com.daoyuan.common.tag;
import java.util.List;
import javax.servlet.http.HttpSession;
import javax.servlet.jsp.JspException;
import javax.servlet.jsp.tagext.TagSupport;
import com.daoyuan.common.bean.SysUserInfo;
/**
* ??测用户访问页面表单元素的权限标签
* @author gzq
*/
public class RestrictFieldTag extends TagSupport {
private String ruleCode;
/* 标签的动作类型,默认是判断是否匹配权限,匹配就执行标签里的内??
值为:false 的时候则 判断当不匹配权限的时候才执行标签里的内容
*/
private boolean match = true;
@Override
public int doStartTag() throws JspException {
HttpSession session = pageContext.getSession();
SysUserInfo user =(SysUserInfo)session.getAttribute("user");
List<String> ruleCodes = (List<String>)session.getAttribute("quanxianlist");
if(user != null&& match && ruleCodes.contains(ruleCode)){
return EVAL_BODY_INCLUDE;
}else if(user != null && !match && !ruleCodes.contains(ruleCode)){
return EVAL_BODY_INCLUDE;
}else{
return SKIP_BODY;
}
}
public String getRuleCode() {
return ruleCode;
}
public void setRuleCode(String ruleCode) {
this.ruleCode = ruleCode;
}
public boolean isMatch() {
return match;
}
public void setMatch(boolean match) {
this.match = match;
}
}
/**
* Copyright ® 2009 YuanChung All right reserved.
*/
package com.daoyuan.common.tag;
import java.io.IOException;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.servlet.jsp.JspException;
import javax.servlet.jsp.tagext.TagSupport;
import com.daoyuan.common.bean.SysUserInfo;
/**
* ??测用户访问页面的权限标签
* @author gzq
*/
public class RestrictPageTag extends TagSupport {
private String ruleCode;
@Override
public int doEndTag() throws JspException {
HttpSession session = pageContext.getSession();
SysUserInfo user =(SysUserInfo)session.getAttribute("user");
List<String> ruleCodes = (List<String>)session.getAttribute("quanxianlist");
if(user != null&& ruleCodes.contains(ruleCode)){
return EVAL_PAGE;
}else{
HttpServletRequest request = (HttpServletRequest)pageContext.getRequest();
try {
request.setCharacterEncoding("UTF-8");
pageContext.getResponse().setContentType("text/html;charset=UTF-8");
HttpServletResponse response = (HttpServletResponse)pageContext.getResponse();
String web=request.getServletPath();
response.sendRedirect("/CCMS/common/url_error.jsp");
} catch (IOException e) {
}
return SKIP_PAGE;
}
}
public String getRuleCode() {
return ruleCode;
}
public void setRuleCode(String ruleCode) {
this.ruleCode = ruleCode;
}
}
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE taglib PUBLIC "-//Sun Microsystems, Inc.//DTD JSP Tag Library 1.2//EN" "http://java.sun.com/dtd/web-jsptaglibrary_1_2.dtd">
<taglib>
<tlib-version>1.2</tlib-version>
<jsp-version>1.2</jsp-version>
<short-name>security</short-name>
<uri>http://www.yuanchung.com/tags-security</uri>
<tag>
<name>restrictField</name>
<tag-class>com.daoyuan.common.tag.RestrictFieldTag</tag-class>
<body-content>jsp</body-content>
<description><![CDATA[判断页面表单元素权限]]></description>
<attribute>
<name>ruleCode</name>
<required>true</required>
<rtexprvalue>true</rtexprvalue>
<type>java.lang.String</type>
<description><![CDATA[权限]]></description>
</attribute>
<attribute>
<name>match</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
<type>java.lang.Boolean</type>
<description><![CDATA[动作类型,判断是否要匹配当前权限:true、 false]]></description>
</attribute>
</tag>
<tag>
<name>restrictPage</name>
<tag-class>com.daoyuan.common.tag.RestrictPageTag</tag-class>
<body-content>empty</body-content>
<description><![CDATA[判断页面权限]]></description>
<attribute>
<name>ruleCode</name>
<required>true</required>
<rtexprvalue>true</rtexprvalue>
<type>java.lang.String</type>
<description><![CDATA[权限]]></description>
</attribute>
</tag>
</taglib>