我为普通用户编写了2个过滤器1,为管理员编写了1个过滤器,但您必须是管理员才能登录。以下是我的两个过滤器的来源:
public class newFilter implements Filter {
String UUIDInDB;
String UUIDInCookie;
public void init(FilterConfig filterConfig) throws ServletException {
//To change body of implemented methods use File | Settings | File Templates.
}
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) servletRequest;
HttpServletResponse res = (HttpServletResponse) servletResponse;
Cookie[] cookies = req.getCookies();
UUIDInCookie = getCookieValue(cookies,"pubweb", "noCookie");
if(UUIDInCookie.equals("noCookie")){
Cookie cookie = new Cookie("pubweb","noCookie");
cookie.setMaxAge(1);
res.addCookie(cookie);
res.sendRedirect("../Login.jsp");
return ;
}
checkDatabase();
if(UUIDInCookie.equals(UUIDInDB)){
filterChain.doFilter(servletRequest, servletResponse);
System.out.println("Is allowed thorugh");
} else if(UUIDInCookie.equals("noCookie")){
res.sendRedirect("../Login.jsp");
System.out.println("Isn't allowed thorugh");
} else {
res.sendRedirect("../Login.jsp");
System.out.println("Isn't allowed thorugh");
}
}
public void destroy() {
//To change body of implemented methods use File | Settings | File Templates.
}
public void checkDatabase(){
try {
Class.forName("com.mysql.jdbc.Driver");
} catch (ClassNotFoundException e) {
e.printStackTrace(); //To change body of catch statement use File | Settings | File Templates.
}
/*
The next lines allow you to change the username and password for the password.
*/
String username = "username";
String password = "password";
/*
The following line is the url. This can be changed to bring in to line with the database.
*/
String dbURL = "jdbc:mysql://localhost/hpsgdb?user="
+ username + "&password=" + password;
/*
This line connects to the database to the information presented earlier.
*/
java.sql.Connection myConnection = null;
try {
myConnection = DriverManager.getConnection(dbURL);
System.out.println("Connected to Database.");
} catch (SQLException e) {
e.printStackTrace(); //To change body of catch statement use File | Settings | File Templates.
}
/*
The next line creates a query on the database. The query is that you want exacuted is on the next line.
*/
Statement stat = null;
try {
stat = (Statement) myConnection.createStatement();
} catch (SQLException e) {
e.printStackTrace(); //To change body of catch statement use File | Settings | File Templates.
} catch (NullPointerException e){
e.printStackTrace();
}
try {
ResultSet rs;
rs = stat.executeQuery("SELECT * from uuid where uuid='" + UUIDInCookie + "';");
System.out.println("Executed Query.");
int count = 0;
while(rs.next())
UUIDInDB = rs.getString("uuid") ;
System.out.println(UUIDInDB);
rs.close();
myConnection.close();
} catch (SQLException e) {
e.printStackTrace(); //To change body of catch statement use File | Settings | File Templates.
} catch (NullPointerException e){
e.printStackTrace();
}
}
public static String getCookieValue(Cookie[] cookies,
String cookieName,
String defaultValue) throws IOException {
int length = cookies.length;
System.out.println(length);
try{
for(int i=0; i<length; i++) {
Cookie cookie = cookies[i];
if (cookieName.equals(cookie.getName())) {
System.out.println(cookies.length);
return(cookie.getValue());
} else {
return defaultValue;
}
} } catch (NullPointerException e){
e.printStackTrace();
HttpServletResponse res = null;
res.sendRedirect("../Login.jsp");
}
return(defaultValue);
}
}
其他过滤器:
public class adminFilter implements Filter {
String UUIDInDB;
String UUIDInCookie;
int role;
public void destroy() {
}
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws ServletException, IOException {
HttpServletRequest req = (HttpServletRequest) servletRequest;
HttpServletResponse res = (HttpServletResponse) servletResponse;
Cookie[] cookies = req.getCookies();
UUIDInCookie = getCookieValue(cookies,"pubweb", "noCookie");
// role = Integer.parseInt(getCookieValue(cookies,"pubwebRole", "2"));
if(UUIDInCookie.equals("noCookie")){
Cookie cookie = new Cookie("pubweb","noCookie");
cookie.setMaxAge(1);
res.addCookie(cookie);
res.sendRedirect("../Login.jsp");
return ;
}
checkDatabase();
if(UUIDInCookie.equals(UUIDInDB) && role == 1){
chain.doFilter(servletRequest, servletResponse);
} else if(UUIDInCookie.equals("noCookie")){
res.sendRedirect("../Login.jsp");
} else if (role == 2){
res.sendRedirect("/");
} else {
res.sendRedirect("../Login.jsp");
}
}
public void init(FilterConfig config) throws ServletException {
}
public void checkDatabase(){
try {
Class.forName("com.mysql.jdbc.Driver");
} catch (ClassNotFoundException e) {
e.printStackTrace(); //To change body of catch statement use File | Settings | File Templates.
}
/*
The next lines allow you to change the username and password for the password.
*/
String username = "username";
String password = "password";
/*
The following line is the url. This can be changed to bring in to line with the database.
*/
String dbURL = "jdbc:mysql://localhost/hpsgdb?user="
+ username + "&password=" + password;
/*
This line connects to the database to the information presented earlier.
*/
java.sql.Connection myConnection = null;
try {
myConnection = DriverManager.getConnection(dbURL);
System.out.println("Connected to Database.");
} catch (SQLException e) {
e.printStackTrace(); //To change body of catch statement use File | Settings | File Templates.
}
/*
The next line creates a query on the database. The query is that you want exacuted is on the next line.
*/
Statement stat = null;
try {
stat = (Statement) myConnection.createStatement();
} catch (SQLException e) {
e.printStackTrace(); //To change body of catch statement use File | Settings | File Templates.
} catch (NullPointerException e){
e.printStackTrace();
}
try {
ResultSet rs;
rs = stat.executeQuery("SELECT * from uuid where uuid='" + UUIDInCookie + "';");
System.out.println("Executed Query.");
int count = 0;
while(rs.next()) {
UUIDInDB = rs.getString("uuid") ;
role = rs.getInt("role");
}
System.out.println(UUIDInDB);
System.out.println("Role =" + role);
rs.close();
myConnection.close();
} catch (SQLException e) {
e.printStackTrace();
} catch (NullPointerException e){
e.printStackTrace();
}
}
public static String getCookieValue(Cookie[] cookies,
String cookieName,
String defaultValue) throws IOException {
int length = cookies.length;
System.out.println(length);
try{
for(int i=0; i<length; i++) {
Cookie cookie = cookies[i];
if (cookieName.equals(cookie.getName())) {
System.out.println(cookies.length);
return(cookie.getValue());
} else {
return defaultValue;
}
} } catch (NullPointerException e){
e.printStackTrace();
HttpServletResponse res = null;
res.sendRedirect("../Login.jsp");
}
return(defaultValue);
}
}
HEre是我的web xml文件:
<filter>
<filter-name>SecurityFilter</filter-name>
<filter-class>filters.newFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>SecurityFilter</filter-name>
<url-pattern>/add/addAuthor.jsp</url-pattern>
<url-pattern>/add/addAuthor</url-pattern>
<url-pattern>/add/addConference.jsp</url-pattern>
<url-pattern>/add/addConference</url-pattern>
<url-pattern>/add/addJournal.jsp</url-pattern>
<url-pattern>/add/addJournal</url-pattern>
<url-pattern>/add/addWorkshop.jsp</url-pattern>
<url-pattern>/add/addWorkshop</url-pattern>
<url-pattern>/add/index.jsp</url-pattern>
</filter-mapping>
<filter>
<filter-name>AdminFilter</filter-name>
<filter-class>filters.adminFilter</filter-class>
</filter>
<!-- <filter-mapping>
<filter-name>AdminFilter</filter-name>
<url-pattern>/add/addAuthor.jsp</url-pattern>
<url-pattern>/add/addAuthor</url-pattern>
<url-pattern>/add/addConference.jsp</url-pattern>
<url-pattern>/add/addConference</url-pattern>
<url-pattern>/add/addJournal.jsp</url-pattern>
<url-pattern>/add/addJournal</url-pattern>
<url-pattern>/add/addWorkshop.jsp</url-pattern>
<url-pattern>/add/addWorkshop</url-pattern>
<url-pattern>/add/index.jsp</url-pattern>
<url-pattern>/add/addConfJour.jsp</url-pattern>
<url-pattern>/add/addConfJourn</url-pattern>
<url-pattern>/add/addUser.jsp</url-pattern>
<url-pattern>/add/addUser</url-pattern>
<url-pattern>/add/addTag.jsp</url-pattern>
<url-pattern>/add/addTag</url-pattern>
<url-pattern>/add/indexAdmin.jsp</url-pattern>
</filter-mapping>-->
<filter-mapping>
<filter-name>AdminFilter</filter-name>
<url-pattern>/add/*</url-pattern>
</filter-mapping>
先谢谢 迪安
答案 0 :(得分:0)
您确定要真正实现所有自己的访问安全性吗? servlet规范支持受保护的资源,从而基本上可以执行您正在执行的操作。您可能仍希望编写一个过滤器以将用户对象弹出到会话中。
请参阅此链接http://www.informit.com/articles/article.aspx?p=24253,了解如何使用容器身份验证保护对Web资源的访问。
还要看一下你的代码,有一些东西闻起来不太好
finally块来关闭资源ServletException中并将它们丢弃NullPointerException这些不应该被捕获,通常是由 schoolboy 编码错误造成的。