session应用--采用filter和session实现简单用户权限控制
前面有讲到一些session的基础知识点,这里那我们就将session和filter做结合,实现一个简单地应用处理用于一般后端管理程序的权限控制!
①我们先建立一个filter的实现类SecurityServlet,简单代码如下:
import java.io.IOException; import java.util.ArrayList; import java.util.List; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import org.apache.log4j.Logger; public class SecurityServlet extends HttpServlet implements Filter { private static final long serialVersionUID = 1L; private FilterConfig filterConfig; private List<String> exclusions = new ArrayList<String>(); private static Logger logger = Logger.getLogger(SecurityServlet.class); public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest req = (HttpServletRequest) request; HttpServletResponse res = (HttpServletResponse) response; HttpSession session = req.getSession(true); Object userinfos = session.getAttribute("unionid"); String url = req.getRequestURI(); if (filter(url)) { 包含以*.js,*.gif,*.jpg,*.png,*.css,*.ico结尾的不做任何处理 chain.doFilter(request, response); } else { //否则进行权限判断,如果存在session则进入正常访问,否则进入登录页面 if (userinfos == null || "".equals(userinfos)) { res.sendRedirect("/user/toindex"); //权限不够,跳转至登录页面 } else { chain.doFilter(request, response); //权限正常,可以访问 } } } //采用xml配置方式设置不过滤的参数初始化如: // <init-param> // <param-name>exclusions</param-name> // <param-value>*.js,*.gif,*.jpg,*.png,*.css,*.ico</param-value> 包含以*.js,*.gif,*.jpg,*.png,*.css,*.ico结尾的不做任何处理 // </init-param> public void init(FilterConfig config) throws ServletException { this.filterConfig = config; String exclu = filterConfig.getInitParameter("exclusions"); logger.error(exclu); if (null != exclu) { String[] exclus = exclu.split(","); for (int i = 0; i < exclus.length; i++) { exclusions.add(exclus[i]); } } } //直接在这里设置不进行过滤的url请求 public Boolean filter(String url) { // 包含以*.js,*.gif,*.jpg,*.png,*.css,*.ico结尾的不做任何处理 if (url.indexOf(".js") != -1 || url.indexOf(".jpg") != -1 || url.indexOf(".png") != -1 || url.indexOf(".gif") != -1 || url.indexOf(".css") != -1 || url.indexOf(".ico") != -1 || url.indexOf("login") != -1 || url.indexOf("toindex") != -1|| url.indexOf("gettk") != -1) { return true; } else { return false; } } }
②登录login和session设置实现,这里我们依然用上一篇中简单session设置的方法实现:
/** * @Description: 用户oauth授权登录 * @param @param request * @param @param response * @param @param code * @param @param state * @param @return * @author dapengniao * @date 2016年1月13日 下午3:59:14 */ @RequestMapping("login") public ModelAndView UserOAuthLogin(ModelAndView view, HttpServletRequest request, HttpServletResponse response, @RequestParam(value = "code", required = false) String code, @RequestParam(value = "state", required = false) String state) { OauthCode_GetUseInfo oauth = new OauthCode_GetUseInfo(code); try { UserInfo userinfos = oauth.getUserInfo();//通过公用方法用code获取用户基本信息 request.getSession().setAttribute("unionid",userinfos.getUnionid()); //将用户unionid缓存到session request.getSession().setAttribute("petname", userinfos.getNickname()); //将昵称缓存到session view.setViewName("index"); return view; } catch (Exception e) { logger.error(e, e); return view; } }
③我们需要将我们写好的filter加入到我们的项目启动中,所以我们需要在我们的web.xml中加入配置,如下:
<filter> <filter-name>SecurityServlet</filter-name> <filter-class>com.cuiyongzhi.filter.SecurityServlet</filter-class> <init-param> <param-name>exclusions</param-name> <param-value>*.js,*.gif,*.jpg,*.png,*.css,*.ico</param-value> </init-param> </filter> <filter-mapping> <filter-name>SecurityServlet</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
到这里我们采用session和filter去实现简单的权限控制就已经实现完成了,这里给出的是代码片段,感谢翻阅,如有疑问可以留言讨论!
文章评论