首頁(yè) 猿問(wèn) 一般給用戶是怎么設(shè)置權(quán)限的。

一般給用戶是怎么設(shè)置權(quán)限的。

Java WebApp JQuery

想要飛的更高 2015-04-10 21:39:39

在jsp中，在管理員頁(yè)面，勾選一些項(xiàng)目，然后在普通用戶訪問(wèn)時(shí)，只能查到管理員勾選的頁(yè)面。原來(lái)一個(gè)學(xué)長(zhǎng)做的是只有篩選功能的，能從這些項(xiàng)目中選出某些特定的項(xiàng)，比如：圖書(shū)館。而我想要的是，要我沒(méi)選圖書(shū)館，別人就搜不到圖書(shū)館。這該怎么實(shí)現(xiàn)。是可以再用戶頁(yè)面隱藏這些項(xiàng)嗎？

查看完整描述

3 回答

碼農(nóng)的希望

TA貢獻(xiàn)10條經(jīng)驗(yàn) 獲得超2個(gè)贊

回復(fù) 想要飛的更高：RBAC ? 基于角色的權(quán)限控制
??tb_user
??tb_role
??tb_userrole
??tb_menu(增、刪、改、查)
??tb_rolemenu
1　說(shuō)明
我們給出三個(gè)頁(yè)面：index.jsp、user.jsp、admin.jsp。
??index.jsp：誰(shuí)都可以訪問(wèn)，沒(méi)有限制；
??user.jsp：只有登錄用戶才能訪問(wèn)；
??admin.jsp：只有管理員才能訪問(wèn)。

2　分析
設(shè)計(jì)User類(lèi)：username、password、grade，其中g(shù)rade表示用戶等級(jí)，1表示普通用戶，2表示管理員用戶。
當(dāng)用戶登錄成功后，把user保存到session中。
創(chuàng)建LoginFilter，它有兩種過(guò)濾方式：
??如果訪問(wèn)的是user.jsp，查看session中是否存在user；
??如果訪問(wèn)的是admin.jsp，查看session中是否存在user，并且user的grade等于2。

3　代碼
User.java
public class User {
?private String username;
?private String password;
?private int grade;
…
}

為了方便，這里就不使用數(shù)據(jù)庫(kù)了，所以我們需要在UserService中創(chuàng)建一個(gè)Map，用來(lái)保存所有用戶。Map中的key中用戶名，value為User對(duì)象。
UserService.java
public class UserService {
?private static Map<String,User> users = new HashMap<String,User>();
?static {
??users.put("zhangSan", new User("zhangSan", "123", 1));
??users.put("liSi", new User("liSi", "123", 2));
?}
?
?public User login(String username, String password) {
??User user = users.get(username);
??if(user == null) return null;
??return user.getPassword().equals(password) ? user : null;
?}
}

login.jsp
? <body>
? <h1>登錄</h1>
? ?<p style="font-weight: 900; color: red">${msg }</p>
??? <form action="<c:url value='/LoginServlet'/>" method="post">
??? ?用戶名：<input type="text" name="username"/><br/>
??? ?密　碼：<input type="password" name="password"/><br/>
??? ?<input type="submit" value="登錄"/>
??? </form>
? </body>

index.jsp
? <body>
??? <h1>主頁(yè)</h1>
??? <h3>${user.username }</h3>
??? <hr/>
??? <a href="<c:url value='/login.jsp'/>">登錄</a><br/>
??? <a href="<c:url value='/user/user.jsp'/>">用戶頁(yè)面</a><br/>
??? <a href="<c:url value='/admin/admin.jsp'/>">管理員頁(yè)面</a>
? </body>

/user/user.jsp
<body>
<h1>用戶頁(yè)面</h1>
<h3>${user.username }</h3>
<hr/>
</body>

/admin/admin.jsp
<body>
? <h1>管理員頁(yè)面</h1>
? <h3>${user.username }</h3>
? <hr/>
</body>

LoginServlet
public class LoginServlet extends HttpServlet {
?public void doPost(HttpServletRequest request, HttpServletResponse response)
???throws ServletException, IOException {
??request.setCharacterEncoding("utf-8");
??response.setContentType("text/html;charset=utf-8");
??
??String username = request.getParameter("username");
??String password = request.getParameter("password");
??UserService userService = new UserService();
??User user = userService.login(username, password);
??if(user == null) {
???request.setAttribute("msg", "用戶名或密碼錯(cuò)誤");
???request.getRequestDispatcher("/login.jsp").forward(request, response);
??} else {
???request.getSession().setAttribute("user", user);
???request.getRequestDispatcher("/index.jsp").forward(request, response);
??}
?}
}

LoginUserFilter.java
? <filter>
??? <display-name>LoginUserFilter</display-name>
??? <filter-name>LoginUserFilter</filter-name>
??? <filter-class>cn.itcast.filter.LoginUserFilter</filter-class>
? </filter>
? <filter-mapping>
??? <filter-name>LoginUserFilter</filter-name>
??? <url-pattern>/user/*</url-pattern>
? </filter-mapping>
public class LoginUserFilter implements Filter {
?public void destroy() {}
?public void init(FilterConfig fConfig) throws ServletException {}

?public void doFilter(ServletRequest request, ServletResponse response,
???FilterChain chain) throws IOException, ServletException {
??response.setContentType("text/html;charset=utf-8");
??HttpServletRequest req = (HttpServletRequest) request;
??User user = (User) req.getSession().getAttribute("user");
??if(user == null) {
???response.getWriter().print("您還沒(méi)有登錄");
???return;
??}
??chain.doFilter(request, response);
?}
}

LoginAdminFilter.java
? <filter>
??? <display-name>LoginAdminFilter</display-name>
??? <filter-name>LoginAdminFilter</filter-name>
??? <filter-class>cn.itcast.filter.LoginAdminFilter</filter-class>
? </filter>
? <filter-mapping>
??? <filter-name>LoginAdminFilter</filter-name>
??? <url-pattern>/admin/*</url-pattern>
? </filter-mapping>
public class LoginAdminFilter implements Filter {
?public void destroy() {}
?public void init(FilterConfig fConfig) throws ServletException {}

?public void doFilter(ServletRequest request, ServletResponse response,
???FilterChain chain) throws IOException, ServletException {
??response.setContentType("text/html;charset=utf-8");
??HttpServletRequest req = (HttpServletRequest) request;
??User user = (User) req.getSession().getAttribute("user");
??if(user == null) {
???response.getWriter().print("您還沒(méi)有登錄!");
???return;
??}
??if(user.getGrade() < 2) {
???response.getWriter().print("您的等級(jí)不夠！");
???return;
??}
??chain.doFilter(request, response);
?}
}