JAVA实现权限管理的两种方式六.doc

1、 . . . . . JAVA实现权限管理的两种方式六 第一种方式：利用filter、xml文件和用户信息表配合使用来实现权限管理。1.过滤器filterackage.aaa.bbb.filter;imort java.io.IOExcetion;imort java.io.InutStream;imort java.util.HashMa;imort java.util.Iterator;imort java.util.List;imort java.util.Ma;imort javax.servlet.Filter;imort javax.servlet.FilterChain;imor

2、t javax.servlet.FilterConfig;imort javax.servlet.ServletContext;imort javax.servlet.ServletExcetion;imort javax.servlet.ServletRequest;imort javax.servlet.ServletResonse;imort javax.servlet.htt.HttServletRequest;imort javax.servlet.htt.HttServletResonse;imort org.aache mons.logging.Log;imort org.aac

3、he mons.logging.LogFactory;imort org.dom4j.Document;imort org.dom4j.Element;imort org.dom4j.io.SAXReader;imort.aaa.bbb.domain.User;imort.aaa.bbb.util.HttUtils;/* 过滤：后台管理的模块授权。根据：配置文件xml根据当前session中用的管理员信息。* 注：不用再访问数据库。也不需要再使用什么 bean 去判断。直接在这个类里就可以判断。* author cuiguangqiang*/ublic class ManagerAuthFil

4、ter imlements Filter rotected static final Log logger = LogFactory.getLog(ManagerAuthFilter.class);ublic static final String MAING_FILE = "/WEB-INF/managerauthmaing.xml"rivate ServletContext context = null;rivate Ma actions = new HashMa();ublic void init(FilterConfig filterConfig) throws S

5、ervletExcetion context = filterConfig.getServletContext();if(context=null)logger.error("unable to init as servlet context is null");return;loadConf();logger.info("ManagerAuthFilter configure success.");rivate void loadConf() InutStream inutStream = context.getResourceAsStream(MAI

6、NG_FILE);if (inutStream = null) logger.info("unable find auth maing file " + MAING_FILE); else actions = arseConf(inutStream);rivate Ma arseConf(InutStream inutStream) try SAXReader reader = new SAXReader();Document document = reader.read(inutStream);return createActionMa(document); catch

7、(Excetion e) logger.info(e.getMessage();e.rintStackTrace();return new HashMa();rivate Ma createActionMa(Document document) Ma ma = new HashMa();Element root = document.getRootElement();/处 理XML读入JAVA Object对象中。List actionList = root.elements();for (Iterator it = actionList.iterator(); it.hasNext();)

8、Element e = (Element) it.next();String actionName = e.attributeValue("name");String auth_value = e.element("auth-value").getTextTrim();ma.ut(actionName,auth_value);logger.info(actionName + " is " + auth_value);return ma;ublic void doFilter(ServletRequest request, Servle

9、tResonse resonse,FilterChain chain) throws IOExcetion, ServletExcetion /处理某次提交的Action是否在权限定义围/权限共有：1:站长；2:；0:Admin ; all 代表所有人都可以。均需要登录HttServletRequest req = (HttServletRequest) request;HttServletResonse res = (HttServletResonse) resonse;/得到此次用户的提交请求String url = req.getServletath();/只有在配置文件中存在的 act

10、ion 才进展处理String method = req.getarameter("method");if(method!=null)url = url + "?method=" + method;String auth_value = (String)actions.get(url);if(auth_value=null)logger.info("action is not in Manager Auth xml.");chain.doFilter(request, resonse);return;/第一必须要登录/ 取得当前用户；

11、User manager = (User) HttUtils.getAdminUserSession(req);/ 检查管理用户是否登录if (manager = null) res.sendRedirect(req.getContextath()+"/sessionLost.do");return;/第二必须在权限定义围if(auth_value.indexOf("all")>=0)chain.doFilter(request, resonse);/必须返回给上一层。return ;else/ String currUserAuth = &quo

12、t;,"+Integer.toString( manager.getLever()+","String currUserAuth = Integer.toString( manager.getLever();if(auth_value.indexOf(currUserAuth)>=0)chain.doFilter(request, resonse);/必须返回给上一层。return ;elseres.sendRedirect(req.getContextath()+"/accessdenied.do");return ;ublic voi

13、d destroy() logger.info("in authfilter destroy");2.xml文件xml只给出了局部容不过所有的容都包括了。<?xml version="1.0" encoding="UTF-8"?><!-权限共有：0:Admin 具有所有权限包括增删改用户; 1:站长 ;2:;-><maing><!-xxxx管理模块xx列表,报名选手和历史比赛查询局部-><action name="/listallmatch.do"><

14、;auth-value>0,1</a uth-value></action><action name="/matchManager.do"><auth-value>0,</auth-value></action><action name="/rewrite.do"><auth-value>0,1</auth-value></action><action name="/leftHome.do"><

15、;auth-value>all,</auth-value></action><action name="/login.do"><auth-value>all,</auth-value></action></maing>3.用户表里面有一个用来保存用户级别的字段level具体用户表的信息有以下容,我用实体类来表示用户表的信息因为没有表结构了。/* The comosite rimary key value.*/rivate String id;/* 用户编号*/rivate String

16、 userId;/* The value of the simle username roerty. */rivate String username;/* The value of the simle assword roerty. */rivate String assword;/* 0:Admin;1:站长;2:;*/rivate int lever=1;/* 创建用户的日期*/rivate Date createDate;所有的操作都显示在页面上当该操作时才进展权限控制抛出是否该用户有没有该功能的权限。第二种方式：利用专门的权限表来维护用户权限根据登录的用户的权限信息判断谋个功能是否显

17、示在页面上来实现权限的控制。1.不用数据库表了我用实体类的属性来表示。rivate String id;/* 管理员id*/rivate String emloyeeid;/*管理功能id*/rivate String urlid;/* 功能名称*/rivate String urlname;超级管理员给每一个用户分配权限然后添加到该表中。登录用户根据自己的权限可以判断是否显示该功能。权限控制表设计(用户+角色+权限) 大概有这几种模式： 用户+组+角色+权限 用户+组+权限 用户+角色+权限 用户+权限两种权限管理其一是功能权限的管理而另外一种那么是资源权限的管理A.数据库表形式1.用户表用

18、户编号, 用户名, 密码, 角色编号2.角色表角色编号, 角色名3.功能表(主要保存系统功能清单)编号, 功能名称, 父编号, URL4.角色权限对应表编号, 角色编号, 功能编号, 权限-imort java.util.Set; ublic class UserVo rivate Integer id; rivate String uname; rivate String assword; rivate Level level; ublic Level getLevel() return level; ublic void setLevel(Level level) t his.level

19、= level; ublic String getUname() return uname; ublic void setUname(String uname) this.uname = uname; ublic String getassword() return assword; ublic void setassword(String assword) this.assword = assword; ublic Integer getId() return id; ublic void setId(Integer id) this.id = id; ublic class Level r

20、ivate Integer id; rivate String levelName; rivate Set<Quanxian> qx = new HashSet<Quanxian>(0); ublic Integer getId() return id; ublic void setId(Integer id) this.id = id; ublic String getLevelName() return levelName; ublic void setLevelName(String levelName) this.levelName = levelName; u

21、blic Set<Quanxian> getQx() return qx; ublic void setQx(Set<Quanxian> qx) this.qx = qx; ublic class Quanxian rivate Integer id; rivate String quanxian; rivate Integer fatherid; rivate String url; ublic Integer getFatherid() return fatherid; ublic void setFatherid(Integer fatherid) this.fa

22、therid = fatherid; ublic Integer getId() return id; ublic void setId(Integer id) this.id = id; ublic String getQuanxian() return quanxian; ublic void setQuanxian(String quanxian) this.quanxian = quanxian; ublic String getUrl() return url; ublic void setUrl(String url) this.url = url; ublic class Adm

23、inLoginCheck extends HttServlet imlements Filter /通过 一个过滤器 Filter 进展权限控制 rivate FilterConfig filterConfig; /Handle the assed-in FilterConfig ublic void init(FilterConfig filterConfig) throws ServletExcetion this.filterConfig = filterConfig; /rocess the request/resonse air ublic void doFilter(Servlet

24、Request request, ServletResonse resonse, FilterChain filterChain) /System.out.rintln(this.getClass()+": doFilter()"); HttServletRequest req = (HttServletRequest)request; /System.out .rintln(req.getServletath(); HttServletResonse res = (HttServletResonse)resonse; HttSession ses = req.getSes

25、sion(); Uservo uervo =ses.getAttribute("user") try /System.out.rintln("in Adminloginf."); if(uervo =null) res.sendRedirect(req.getContextath(); else Boolean allow= false ; Set<Quanxian> qxs = uservo.getLevel().getQx(); For(Quanxian o:qxs) If(o.getUrl().equals(req.getServletath() allow=true; If(allow) filterChain.doFilter(request, resonse); catch (ServletExcetion sx) filterConfig.getServletContext().log(sx.getMessage(); catch (IOExcetion iox) filterConfig.getServletContext().log(iox.getMessage(); /Clean u resources ublic void destroy() 27 / 27