资源描述
. . . . .
JAVA实现权限管理的两种方式六
第一种方式:利用filter、xml文件和用户信息表配合使用来实现权限管理。
1.过滤器filter
ackage..aaa.bbb.filter;
imort java.io.IOExcetion;
imort java.io.InutStream;
imort java.util.HashMa;
imort java.util.Iterator;
imort java.util.List;
imort java.util.Ma;
imort javax.servlet.Filter;
imort javax.servlet.FilterChain;
imort javax.servlet.FilterConfig;
imort javax.servlet.ServletContext;
imort javax.servlet.ServletExcetion;
imort javax.servlet.ServletRequest;
imort javax.servlet.ServletResonse;
imort javax.servlet.htt.HttServletRequest;
imort javax.servlet.htt.HttServletResonse;
imort org.aache mons.logging.Log;
imort org.aache mons.logging.LogFactory;
imort org.dom4j.Document;
imort org.dom4j.Element;
imort org.dom4j.io.SAXReader;
imort..aaa.bbb.domain.User;
imort..aaa.bbb.util.HttUtils;
/**
* 过滤:后台管理的模块授权。根据:配置文件xml根据当前session中用的管理员信息。
* 注:不用再访问数据库。也不需要再使用什么 bean 去判断。直接在这个类里就可以判断。
* author cuiguangqiang
*
*/
ublic class ManagerAuthFilter imlements Filter {
rotected static final Log logger = LogFactory.getLog(ManagerAuthFilter.class);
ublic static final String MAING_FILE = "/WEB-INF/managerauthmaing.xml";
rivate ServletContext context = null;
rivate Ma actions = new HashMa();
ublic void init(FilterConfig filterConfig) throws ServletExcetion {
context = filterConfig.getServletContext();
if(context==null){
logger.error("unable to init as servlet context is null");
return;
}
loadConf();
logger.info("ManagerAuthFilter configure success.");
}
rivate void loadConf() {
InutStream inutStream = context.getResourceAsStream(MAING_FILE);
if (inutStream == null) {
logger.info("unable find auth maing file " + MAING_FILE);
} else {
actions = arseConf(inutStream);
}
}
rivate Ma arseConf(InutStream inutStream) {
try {
SAXReader reader = new SAXReader();
Document document = reader.read(inutStream);
return createActionMa(document);
} catch (Excetion e) {
logger.info(e.getMessage());
e.rintStackTrace();
}
return new HashMa();
}
rivate Ma createActionMa(Document document) {
Ma ma = new HashMa();
Element root = document.getRootElement();
//处
理XML读入JAVA Object对象中。
List actionList = root.elements();
for (Iterator it = actionList.iterator(); it.hasNext();) {
Element e = (Element) it.next();
String actionName = e.attributeValue("name");
String auth_value = e.element("auth-value").getTextTrim();
ma.ut(actionName,auth_value);
logger.info(actionName + " is " + auth_value);
}
return ma;
}
ublic void doFilter(ServletRequest request, ServletResonse resonse,
FilterChain chain) throws IOExcetion, ServletExcetion {
//处理某次提交的Action是否在权限定义围
//权限共有:1:站长;2:;0:Admin ; all 代表所有人都可以。〔均需要登录〕
HttServletRequest req = (HttServletRequest) request;
HttServletResonse res = (HttServletResonse) resonse;
//〔1〕得到此次用户的提交请求
String url = req.getServletath();
//〔2〕只有在配置文件中存在的 action 才进展处理
String method = req.getarameter("method");
if(method!=null){
url = url + "?method=" + method;
}
String auth_value = (String)actions.get(url);
if(auth_value==null){
logger.info("action is not in Manager Auth xml.");
chain.doFilter(request, resonse);
return;
}
//第一必须要登录
// 取得当前用户;
User manager = (User) HttUtils.getAdminUserSession(req);
// 检查管理用户是否登录
if (manager == null) {
res.sendRedirect(req.getContextath()+"/sessionLost.do");
return;
}
//第二必须在权限定义围
if(auth_value.indexOf("all")>=0){
chain.doFilter(request, resonse);//必须返回给上一层。
return ;
}
else{
// String currUserAuth = ","+Integer.toString( manager.getLever())+",";
String currUserAuth = Integer.toString( manager.getLever());
if(auth_value.indexOf(currUserAuth)>=0){
chain.doFilter(request, resonse);//必须返回给上一层。
return ;
}
else{
res.sendRedirect(req.getContextath()+"/accessdenied.do");
return ;
}
}
}
ublic void destroy() {
logger.info("in authfilter destroy");
}
}
2.xml文件
xml只给出了局部容不过所有的容都包括了。
<?xml version="1.0" encoding="UTF-8"?>
<!--
权限共有:0:Admin 具有所有权限包括增删改用户; 1:站长 ;2:;
-->
<maing>
<!--xxxx管理模块xx列表,报名选手和历史比赛查询局部-->
<action name="/listallmatch.do"><auth-value>0,1</a
uth-value></action>
<action name="/matchManager.do"><auth-value>0,</auth-value></action>
<action name="/rewrite.do"><auth-value>0,1</auth-value></action>
<action name="/leftHome.do"><auth-value>all,</auth-value></action>
<action name="/login.do"><auth-value>all,</auth-value></action>
</maing>
3.用户表里面有一个用来保存用户级别的字段level具体用户表的信息有以下容,我用实体类来表示用户表的信息因为没有表结构了。
/** The comosite rimary key value.*/
rivate String id;
/**
* 用户编号
*/
rivate String userId;
/** The value of the simle username roerty. */
rivate String username;
/** The value of the simle assword roerty. */
rivate String assword;
/**
* 0:Admin;1:站长;2:;
*/
rivate int lever=1;
/**
* 创建用户的日期
*/
rivate Date createDate;
所有的操作都显示在页面上当该操作时才进展权限控制抛出是否该用户有没有该功能的权限。
第二种方式:利用专门的权限表来维护用户权限根据登录的用户的权限信息判断谋个功能是否显示在页面上来实现权限的控制。
1.不用数据库表了我用实体类的属性来表示。
rivate String id;
/**
* 管理员id
*/
rivate String emloyeeid;
/**
*管理功能id
*/
rivate String urlid;
/**
* 功能名称
*/
rivate String urlname;
超级管理员给每一个用户分配权限然后添加到该表中。登录用户根据自己的权限可以判断是否显示该功能。
权限控制表设计(用户+角色+权限)
大概有这几种模式:
用户+组+角色+权限
用户+组+权限
用户+角色+权限
用户+权限
两种权限管理其一是功能权限的管理而另外一种那么是资源权限的管理
A.数据库表形式
1.用户表
用户编号, 用户名, 密码, 角色编号
2.角色表
角色编号, 角色名
3.功能表(主要保存系统功能清单)
编号, 功能名称, 父编号, URL
4.角色权限对应表
编号, 角色编号, 功能编号, 权限
------------------------------------------------------------------------------------
imort java.util.Set;
ublic class UserVo {
rivate Integer id;
rivate String uname;
rivate String assword;
rivate Level level;
ublic Level getLevel() {
return level;
}
ublic void setLevel(Level level) {
t
his.level = level;
}
ublic String getUname() {
return uname;
}
ublic void setUname(String uname) {
this.uname = uname;
}
ublic String getassword() {
return assword;
}
ublic void setassword(String assword) {
this.assword = assword;
}
ublic Integer getId() {
return id;
}
ublic void setId(Integer id) {
this.id = id;
}
}
ublic class Level {
rivate Integer id;
rivate String levelName;
rivate Set<Quanxian> qx = new HashSet<Quanxian>(0);
ublic Integer getId() {
return id;
}
ublic void setId(Integer id) {
this.id = id;
}
ublic String getLevelName() {
return levelName;
}
ublic void setLevelName(String levelName) {
this.levelName = levelName;
}
ublic Set<Quanxian> getQx() {
return qx;
}
ublic void setQx(Set<Quanxian> qx) {
this.qx = qx;
}
}
ublic class Quanxian {
rivate Integer id;
rivate String quanxian;
rivate Integer fatherid;
rivate String url;
ublic Integer getFatherid() {
return fatherid;
}
ublic void setFatherid(Integer fatherid) {
this.fatherid = fatherid;
}
ublic Integer getId() {
return id;
}
ublic void setId(Integer id) {
this.id = id;
}
ublic String getQuanxian() {
return quanxian;
}
ublic void setQuanxian(String quanxian) {
this.quanxian = quanxian;
}
ublic String getUrl() {
return url;
}
ublic void setUrl(String url) {
this.url = url;
}
}
ublic class AdminLoginCheck extends HttServlet imlements Filter {
//通过 一个过滤器 Filter 进展权限控制
rivate FilterConfig filterConfig;
//Handle the assed-in FilterConfig
ublic void init(FilterConfig filterConfig) throws ServletExcetion {
this.filterConfig = filterConfig;
}
//rocess the request/resonse air
ublic void doFilter(ServletRequest request, ServletResonse resonse,
FilterChain filterChain) {//System.out.rintln(this.getClass()+": doFilter()");
HttServletRequest req = (HttServletRequest)request;
//System.out
.rintln(req.getServletath());
HttServletResonse res = (HttServletResonse)resonse;
HttSession ses = req.getSession();
Uservo uervo =ses.getAttribute("user")
try {//System.out.rintln("in Adminloginf........");
if(uervo ==null)
{
res.sendRedirect(req.getContextath());
}else{
Boolean allow= false ;
Set<Quanxian> qxs = uservo.getLevel().getQx();
For(Quanxian o:qxs){
If(o.getUrl().equals(req.getServletath())){
allow=true;
}
}
If(allow){
filterChain.doFilter(request, resonse);}
}
} catch (ServletExcetion sx) {
filterConfig.getServletContext().log(sx.getMessage());
} catch (IOExcetion iox) {
filterConfig.getServletContext().log(iox.getMessage());
}
}
//Clean u resources
ublic void destroy() {
}
}
27 / 27
展开阅读全文
浙ICP备2021020529号-1 | 浙B2-20240490 
