IBMSOFT

http://forum.springside.org.cn/viewthread.php?tid=927&highlight=%E6%9D%83%E9%99%90
簡單實用一分鐘上手級權限控制

找回來自己以前的一個項目， 用的是通過filter過濾來管理權限的方法， 很簡單，但也很實用。 這個項目并不小，但這么一個類就已經可以滿足其權限管理的需要了，所以其實很多時候，權限管理大家并不必要想得那么復雜， 對于不少系統，簡單通過filter來管理就ok了, simple 也是一種美^_^ 在web.xml里加入

<!--================權限 設置================--> <filter> <filter-name>Authentication</filter-name> <filter-class>com.springside.demo.security.UrlFilter</filter-class> <init-param> <param-name>onError</param-name> <param-value>/login.jsp</param-value> </init-param> </filter> <filter-mapping> <filter-name>Authentication</filter-name> <!-- 只過濾 .jsp 結尾的url, 其余的如 .do, .html, .jpg, .css 等不作過濾--> <url-pattern>*.jsp</url-pattern> </filter-mapping>

?

UrlFilter filter類的實現

public class UrlFilter implements Filter { private FilterConfig filterConfig; private FilterChain chain; private HttpServletRequest request; private HttpServletResponse response; public void destroy() { this.filterConfig = null; } public void init(FilterConfig filterConfig) throws ServletException { this.filterConfig = filterConfig; } public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException { this.chain = chain; this.request = (HttpServletRequest) servletRequest; this.response = ((HttpServletResponse) servletResponse); String url = request.getServletPath(); if (url == null) url = ""; // 獲取session中的loginuser對象 HttpSession session = request.getSession(); LoginUser loginuser = (LoginUser) session.getAttribute("loginuser"); if (baseUrl(url, request)) { // 如果是登陸界面等無須<u><b><font color="#FF0000">權限</font></b></u>訪問的的公用界面則跳過 chain.doFilter(request, response); } else if (loginuser == null) { checkLogin(url); } else { verifyUrl(url, loginuser); } } private void checkLogin(String url) throws ServletException, IOException { // 如果session中獲取不到 loginuser 對象，要不就是session 過期了，要不就是還沒登陸。所以返回登陸界面 // 在登陸后記得把 loginuser 對象置于 session中 if (url.indexOf("/index.jsp") >= 0 && "login".equals(request.getParameter("act"))) { // 獲取request中username,password String username = request.getParameter("username"); String password = request.getParameter("password"); UserDao userDao = new UserDao(); if (userDao.authUser(username, password)) { LoginUser user = userDao.getUser(username); request.getSession().setAttribute("loginuser", user); verifyUrl(url,user); return; } } response.sendRedirect("login.jsp"); } private void verifyUrl(String url, LoginUser loginuser) throws IOException, ServletException { // 獲取 loginuser 擁有的所有資源串 Set royurl = loginuser.getResStrings(); if (royurl != null && royurl.size() > 0 && pass(royurl, url, request.getParameterMap())) { chain.doFilter(request, response); } else { response.setContentType("text/html;charset=GBK"); response .getWriter() .println( "<div style='margin: 100 auto;text-align: center;" + "font: bold 18px 宋體;color: #0066CC;vertical-align: middle'> Sorry,您沒有<u><b><font color="#FF0000">權限</font></b></u>訪問該資源!</div> "); } } /** * 判斷是否是公用界面 */ protected boolean baseUrl(String url, HttpServletRequest request) { if (url.indexOf("/login.jsp") >= 0) { return true; } return false; } /** * 判斷該用戶是否有權請求該url * * @param royurl * user擁有的授權的的url串集合 * @param url * 當前請求的url * @param reqmap * 當前request的參數 * @return 是否通過該url */ protected boolean pass(Set royurl, String url, Map reqmap) { boolean match = true; for (Iterator iter = royurl.iterator(); iter.hasNext();) { // 獲取資源 match = true; String res_string = (String) iter.next(); if (res_string.indexOf("*") > 0) { res_string = res_string.substring(0, res_string.indexOf("*")); if (url.substring(0, res_string.length()).equalsIgnoreCase( res_string)) { return true; // 增加通配符比較 } } // 分割url與參數 String[] spw = res_string.split("\\?"); // 用"\\?" 轉義后即可得到正確的結 if (!url.equalsIgnoreCase(spw[0])) { match = false; } if (match && spw.length > 1) { String[] spa = spw[1].split("\\&"); // 分拆各參數 for (int j = 0; j < spa.length; j++) { String[] spe = spa[j].split("="); // 分拆鍵與值 String key = spe[0]; String value = ""; if (spe.length > 1) { value = spe[1].trim(); } // 輪詢 String[] values = (String[]) reqmap.get(key); if (values != null) { for (int k = 0; k < values.length; k++) { if (value.equalsIgnoreCase(values[k])) { match = true; break; } match = false; } if (!match) { break; } } } } if (match) { break; } } return match; } public static void main(String[] args) { UrlFilter filter = new UrlFilter(); String url = "/baseProd/product.do"; Map reqmap = new HashMap(); // 當前請求productline參數是11,12 reqmap.put("productline", new String[] { "11", "12" }); String str; Set royurl = new HashSet(); // 和授權的的url根本不同，false royurl.add("/user.do?a=1&b=2"); System.out.println("match false:" + filter.pass(royurl, url, reqmap)); // 授權的請求參數13,14時 false royurl.add("/baseProd/product.do?productline=13&productline=14"); System.out.println("match false:" + filter.pass(royurl, url, reqmap)); // 授權的請求參數11,13時 false royurl.add("/baseProd/product.do?productline=11&productline=13"); System.out.println("match false:" + filter.pass(royurl, url, reqmap)); // 授權的請求參數11時 true royurl.add("/baseProd/product.do?productline=11"); System.out.println("match true:" + filter.pass(royurl, url, reqmap)); // 參數的不論順序 true royurl.add("/baseProd/product.do?productline=12&productline=11"); System.out.println("match true:" + filter.pass(royurl, url, reqmap)); royurl.clear(); // 支持 "*" 號作通配符 true royurl.add("/baseProd/product.do*"); System.out.println("match ture:" + filter.pass(royurl, url, reqmap)); } } LoginUser 類: