Spring Filter过滤器,Spring拦截未登录用户权限限制(转)
2015-01-15 20:44
375 查看
Spring Filter过滤器,Spring拦截未登录用户权限限制
· 博客分类:
· Spring
SpringServletJSPWebWebwork
实现的功能:判断用户是否已登录,未登录用户禁止访问任何页面或action,自动跳转到登录页面。
比较好的做法是不管什么人都不能直接访问jsp页面,要访问就通过action,这样就变成了一个实实在在的权限控制了。
那么就有3种方法可以解决楼主的问题
1,直接使用filter
2,直接使用webwork的interceptor,
3,将action交给spring管理,使用spring的Aop机制
让用户可以直接访问jsp本来就违反了mvc的本意了
1 直接使用filter
web.xml配置
Xml代码
1. <filter>
1. <filter-name>SecurityServlet</filter-name>
1. <filter-class>com.*.web.servlet.SecurityServlet</filter-class>
1. </filter>
1. <filter-mapping>
1. <filter-name>SecurityServlet</filter-name>
1. <url-pattern>*.jsp</url-pattern>
1. </filter-mapping>
1. <filter-mapping>
1. <filter-name>SecurityServlet</filter-name>
1. <url-pattern>*.do</url-pattern>
1. </filter-mapping>
SecurityServlet 类
Java代码
1. package com.*.web.servlet;
1.
1. import java.io.IOException;
1. import javax.servlet.Filter;
1. import javax.servlet.FilterChain;
1. import javax.servlet.FilterConfig;
1. import javax.servlet.ServletException;
1. import javax.servlet.ServletRequest;
1. import javax.servlet.ServletResponse;
1. import javax.servlet.http.HttpServlet;
1. import javax.servlet.http.HttpServletRequest;
1. import javax.servlet.http.HttpServletResponse;
1. import javax.servlet.http.HttpSession;
1. public class SecurityServlet extends HttpServlet implements Filter {
1. private static final long serialVersionUID = 1L;
1.
1. public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2) throws IOException, ServletException {
1. HttpServletRequest request=(HttpServletRequest)arg0;
1. HttpServletResponse response =(HttpServletResponse) arg1;
1. HttpSession session = request.getSession(true);
1. String usercode = (String) request.getRemoteUser();// 登录人
1. String user_role = (String)session.getAttribute("role");//登录人角色
1. String url=request.getRequestURI();
1. if(usercode==null || "".equals(usercode) || user_role == null || "".equals(user_role)) {
1. //判断获取的路径不为空且不是访问登录页面或执行登录操作时跳转
1. if(url!=null && !url.equals("") && ( url.indexOf("Login")<0 && url.indexOf("login")<0 )) {
1. response.sendRedirect(request.getContextPath() + "/login.jsp");
1. return ;
1. }
1. }
1. arg2.doFilter(arg0, arg1);
1. return;
1. }
1. public void init(FilterConfig arg0) throws ServletException {
1. }
1.
1. }
配置中的filter-mapping,定义的是需过滤的请求类型,上面的配置即过滤所有对jsp页面和action的请求。过滤器的实现与
struts2、spring框架无关,在用户请求被相应前执行,在过滤器中,可使用response.sendRedirect("")等方法
跳转到需要的链接,如登录页面、错误页面等,不需要跳转时,arg2.doFilter(arg0,arg1);即可继续执行用户的请求。注意使用filter时避免连续两次跳转,否则会报
java.lang.IllegalStateException错误,具体配置方法网上有,除非必要,不建议使用/*(过滤所有访问)的配置方式,这样配置,图片、js文件、css文件等访问都会被过滤
2 Spring拦截
Spring配置
Xml代码
1. <bean id="springSessionInterceptor" class="com.*.web.servlet.SpringLoginInterceptor" >
1. </bean>
1. <bean id="autoPorxyFactoryBean1"
1. class="org.springframework.aop.framework.autoproxy.BeanNameAutoProxyCreator">
1. <property name="interceptorNames">
1. <list>
1. <value>springLoginInterceptor</value>
1. </list>
1. </property>
1. <property name="beanNames" >
1. <list>
1. <value>*Controller</value>
1. </list>
1. </property>
1. </bean>
SpringLoginInterceptor实现类
Java代码
1. package com.web.servlet;
1.
1. import javax.servlet.http.HttpServletRequest;
1. import javax.servlet.http.HttpServletResponse;
1. import javax.servlet.http.HttpSession;
1.
1. import org.aopalliance.intercept.MethodInterceptor;
1. import org.aopalliance.intercept.MethodInvocation;
1. import org.apache.log4j.Logger;
1. import org.apache.struts.action.ActionMapping;
1.
1. public class SpringLoginInterceptor implements MethodInterceptor {
1. private static final Logger log = Logger
1. .getLogger(SpringLoginInterceptor .class);
1.
1. @Override
1. public Object invoke(MethodInvocation invocation) throws Throwable {
1. log.info("拦截开始!");
1. Object[] args = invocation.getArguments();
1. HttpServletRequest request = null;
1. HttpServletResponse response = null;
1. ActionMapping mapping = null;
1. for (int i = 0 ; i < args.length ; i++ ) {
1. if (args[i] instanceof HttpServletRequest) request = (HttpServletRequest)args[i];
1. if (args[i] instanceof HttpServletResponse) response = (HttpServletResponse)args[i];
1. if (args[i] instanceof ActionMapping) mapping = (ActionMapping)args[i];
1. }
1. if (request != null && mapping != null) {
1. String url=request.getRequestURI();
1. HttpSession session = request.getSession(true);
1. String usercode = (String) request.getRemoteUser();// 登录人
1. String user_role = (String)session.getAttribute("user_role");//登录人角色
1.
1. if (usercode == null || usercode.equals("")) {
1. if ( url.indexOf("Login")<0 && url.indexOf("login")<0 ) {
1.
1. return mapping.findForward("loginInterceptor");
1. }
1. return invocation.proceed();
1. }
1. else {
1. return invocation.proceed();
1. }
1. }
1. else {
1. return invocation.proceed();
1. }
1. }
1. }
· 博客分类:
· Spring
SpringServletJSPWebWebwork
实现的功能:判断用户是否已登录,未登录用户禁止访问任何页面或action,自动跳转到登录页面。
比较好的做法是不管什么人都不能直接访问jsp页面,要访问就通过action,这样就变成了一个实实在在的权限控制了。
那么就有3种方法可以解决楼主的问题
1,直接使用filter
2,直接使用webwork的interceptor,
3,将action交给spring管理,使用spring的Aop机制
让用户可以直接访问jsp本来就违反了mvc的本意了
1 直接使用filter
web.xml配置
Xml代码
1. <filter>
1. <filter-name>SecurityServlet</filter-name>
1. <filter-class>com.*.web.servlet.SecurityServlet</filter-class>
1. </filter>
1. <filter-mapping>
1. <filter-name>SecurityServlet</filter-name>
1. <url-pattern>*.jsp</url-pattern>
1. </filter-mapping>
1. <filter-mapping>
1. <filter-name>SecurityServlet</filter-name>
1. <url-pattern>*.do</url-pattern>
1. </filter-mapping>
SecurityServlet 类
Java代码
1. package com.*.web.servlet;
1.
1. import java.io.IOException;
1. import javax.servlet.Filter;
1. import javax.servlet.FilterChain;
1. import javax.servlet.FilterConfig;
1. import javax.servlet.ServletException;
1. import javax.servlet.ServletRequest;
1. import javax.servlet.ServletResponse;
1. import javax.servlet.http.HttpServlet;
1. import javax.servlet.http.HttpServletRequest;
1. import javax.servlet.http.HttpServletResponse;
1. import javax.servlet.http.HttpSession;
1. public class SecurityServlet extends HttpServlet implements Filter {
1. private static final long serialVersionUID = 1L;
1.
1. public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2) throws IOException, ServletException {
1. HttpServletRequest request=(HttpServletRequest)arg0;
1. HttpServletResponse response =(HttpServletResponse) arg1;
1. HttpSession session = request.getSession(true);
1. String usercode = (String) request.getRemoteUser();// 登录人
1. String user_role = (String)session.getAttribute("role");//登录人角色
1. String url=request.getRequestURI();
1. if(usercode==null || "".equals(usercode) || user_role == null || "".equals(user_role)) {
1. //判断获取的路径不为空且不是访问登录页面或执行登录操作时跳转
1. if(url!=null && !url.equals("") && ( url.indexOf("Login")<0 && url.indexOf("login")<0 )) {
1. response.sendRedirect(request.getContextPath() + "/login.jsp");
1. return ;
1. }
1. }
1. arg2.doFilter(arg0, arg1);
1. return;
1. }
1. public void init(FilterConfig arg0) throws ServletException {
1. }
1.
1. }
配置中的filter-mapping,定义的是需过滤的请求类型,上面的配置即过滤所有对jsp页面和action的请求。过滤器的实现与
struts2、spring框架无关,在用户请求被相应前执行,在过滤器中,可使用response.sendRedirect("")等方法
跳转到需要的链接,如登录页面、错误页面等,不需要跳转时,arg2.doFilter(arg0,arg1);即可继续执行用户的请求。注意使用filter时避免连续两次跳转,否则会报
java.lang.IllegalStateException错误,具体配置方法网上有,除非必要,不建议使用/*(过滤所有访问)的配置方式,这样配置,图片、js文件、css文件等访问都会被过滤
2 Spring拦截
Spring配置
Xml代码
1. <bean id="springSessionInterceptor" class="com.*.web.servlet.SpringLoginInterceptor" >
1. </bean>
1. <bean id="autoPorxyFactoryBean1"
1. class="org.springframework.aop.framework.autoproxy.BeanNameAutoProxyCreator">
1. <property name="interceptorNames">
1. <list>
1. <value>springLoginInterceptor</value>
1. </list>
1. </property>
1. <property name="beanNames" >
1. <list>
1. <value>*Controller</value>
1. </list>
1. </property>
1. </bean>
SpringLoginInterceptor实现类
Java代码
1. package com.web.servlet;
1.
1. import javax.servlet.http.HttpServletRequest;
1. import javax.servlet.http.HttpServletResponse;
1. import javax.servlet.http.HttpSession;
1.
1. import org.aopalliance.intercept.MethodInterceptor;
1. import org.aopalliance.intercept.MethodInvocation;
1. import org.apache.log4j.Logger;
1. import org.apache.struts.action.ActionMapping;
1.
1. public class SpringLoginInterceptor implements MethodInterceptor {
1. private static final Logger log = Logger
1. .getLogger(SpringLoginInterceptor .class);
1.
1. @Override
1. public Object invoke(MethodInvocation invocation) throws Throwable {
1. log.info("拦截开始!");
1. Object[] args = invocation.getArguments();
1. HttpServletRequest request = null;
1. HttpServletResponse response = null;
1. ActionMapping mapping = null;
1. for (int i = 0 ; i < args.length ; i++ ) {
1. if (args[i] instanceof HttpServletRequest) request = (HttpServletRequest)args[i];
1. if (args[i] instanceof HttpServletResponse) response = (HttpServletResponse)args[i];
1. if (args[i] instanceof ActionMapping) mapping = (ActionMapping)args[i];
1. }
1. if (request != null && mapping != null) {
1. String url=request.getRequestURI();
1. HttpSession session = request.getSession(true);
1. String usercode = (String) request.getRemoteUser();// 登录人
1. String user_role = (String)session.getAttribute("user_role");//登录人角色
1.
1. if (usercode == null || usercode.equals("")) {
1. if ( url.indexOf("Login")<0 && url.indexOf("login")<0 ) {
1.
1. return mapping.findForward("loginInterceptor");
1. }
1. return invocation.proceed();
1. }
1. else {
1. return invocation.proceed();
1. }
1. }
1. else {
1. return invocation.proceed();
1. }
1. }
1. }
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- Spring Filter过滤器,Spring拦截未登录用户权限限制
- Spring Filter过滤器,Spring拦截未登录用户权限限制
- Spring Filter过滤器,Spring拦截未登录用户权限限制
- Spring Filter过滤器,Spring拦截未登录用户权限限制
- Spring Filter过滤器,Spring拦截未登录用户权限限制
- Spring Filter过滤器,Spring拦截未登录用户权限限制
- Spring Filter过滤器,Spring拦截未登录用户权限限制
- spring Filter过滤器,Spring拦截未登录用户权限限制
- Spring Filter过滤器,Spring拦截未登录用户权限限制
- Spring Filter过滤器,Spring拦截未登录用户权限限制(转)
- 登录用户权限限制访问指定路由(路由拦截CanActived)
- SpringMVC+Apache Shiro+JPA(hibernate)案例教学(二)基于SpringMVC+Shiro的用户登录权限验证
- 过滤器和拦截器的比较及未登录用户权限限制的实现
- 过滤器和拦截器的比较及未登录用户权限限制的实现
- 过滤器和拦截器的比较及未登录用户权限限制的实现
- 使用Spring3 实现用户登录以及权限认证
- angularjs给Model添加拦截过滤器,路由增加限制,实现用户登录状态判断
- 过滤器和拦截器的比较及未登录用户权限限制的实现
- 用户登录权限管理LDAP两种配置参考文档(spring-security和shiro)
- 过滤器和拦截器的比较及未登录用户权限限制的实现