实现过滤器权限控制

skic/WebRoot/WEB-INF/web.xml

@@ -1,8 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" id="WebApp_ID" version="3.1">
   <display-name>Scorpion king Information consulting company</display-name>
-  
-  
   <servlet>
     <servlet-name>CheckLoginServlet</servlet-name>
     <servlet-class>com.skic.servlet.CheckLoginServlet</servlet-class>
@@ -11,23 +9,37 @@
     <servlet-name>CheckLoginServlet</servlet-name>
     <url-pattern>/CheckLoginServlet</url-pattern>
   </servlet-mapping>
-  
+  <servlet>
-   <servlet>
     <servlet-name>CheckRegisterServlet</servlet-name>
     <servlet-class>com.skic.servlet.CheckRegisterServlet</servlet-class>
   </servlet>
+  <servlet>
+    <servlet-name>LogoutServlet</servlet-name>
+    <servlet-class>com.skic.servlet.LogoutServlet</servlet-class>
+  </servlet>
   <servlet-mapping>
     <servlet-name>CheckRegisterServlet</servlet-name>
     <url-pattern>/CheckRegisterServlet</url-pattern>
   </servlet-mapping>
-  
+  <servlet-mapping>
-  <filter>
+    <servlet-name>LogoutServlet</servlet-name>
-  	<filter-name>vipPermissionFilter</filter-name>
+    <url-pattern>/LogoutServlet</url-pattern>
-  	<filter-class>com.skic.filter.AdminPermissionFilter</filter-class>
+  </servlet-mapping>  
+ <filter>
+    <filter-name>CheckLoginFilter</filter-name>
+    <filter-class>com.skic.filter.CheckLoginFilter</filter-class>
   </filter>
   <filter-mapping>
-  	<filter-name>vipPermissionFilter</filter-name>
+    <filter-name>CheckLoginFilter</filter-name>
-  	<url-pattern>/adminPage/*</url-pattern>
+    <url-pattern>/page/*</url-pattern>
+  </filter-mapping>
+  <filter>
+    <filter-name>vipPermissionFilter</filter-name>
+    <filter-class>com.skic.filter.AdminPermissionFilter</filter-class>
+  </filter>
+  <filter-mapping>
+    <filter-name>vipPermissionFilter</filter-name>
+    <url-pattern>/page/adminPage/*</url-pattern>
   </filter-mapping>
  
  

skic/WebRoot/login.jsp

@@ -40,6 +40,12 @@ String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.
 	<![endif]-->
 </head>
 <body class="blue lighten-2">
+<%
+	if (request.getAttribute("msg") != null) {
+			out.println(
+					"<script language=javascript>alert('"+request.getAttribute("msg")+"')</script>");
+		}
+ %>
 	<div id="login-page" class="row">
 	    <div class="col s12 z-depth-6 card-panel">
 	      <form class="login-form" action="<%=request.getContextPath()%>/CheckLoginServlet" method="post" name="loginSkic">

skic/WebRoot/page/adminPage/adminJsp.jsp

@@ -24,5 +24,6 @@ String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.
   
   <body>
     This is admin JSP page. <br>
+    <a href="<%=request.getRequestURI() %>"><%=request.getRequestURI() %></a>
   </body>
 </html>

skic/WebRoot/page/homepage.jsp

@@ -24,6 +24,14 @@
 </head>
 
 <body>
+<%
+	if (request.getAttribute("msg") != null) {
+			out.println(
+					"<script language=javascript>alert('"+request.getAttribute("msg")+"')</script>");
+		}
+ %>
 欢迎访问主页
+<a href="<%=request.getContextPath()%>/page/adminPage/adminJsp.jsp">admin页面</a>
+<a href="<%=request.getContextPath()%>/LogoutServlet">登出</a>
 </body>
 </html>

skic/WebRoot/page/messagePage/messageShow.jsp

@@ -37,7 +37,12 @@
 	</div>
 	您提交的信息为
 	<br> 用户名：<%=request.getParameter("userName")%><br>
-	密码：<%=request.getParameter("passWord1")%><br>
+	密码：<%=request.getParameter("passWord")%><br>
-	<a href="<%=request.getAttribute("RedirctURL")%>"><%=request.getAttribute("Redirct")%></a>
+	您是<%
+		out.print(session.getAttribute("adminflag")+" ");
+		out.print(session.getAttribute("vipflag")+" ");
+		out.print(session.getAttribute("rootflag")+" ");
+	%><br>
+	<a href="<%=request.getContextPath()%>/<%=request.getAttribute("RedirctURL")%>"><%=request.getAttribute("Redirct")%></a>
   </body>
 </html>

skic/src/com/skic/filter/AdminPermissionFilter.java

@@ -36,21 +36,23 @@ public class AdminPermissionFilter implements Filter {
 		HttpServletResponse resp = (HttpServletResponse)response;
 		String servletPathString = req.getServletPath();
 		HttpSession session = req.getSession();
-		String flag = (String) session.getAttribute("adminflag");
+		String flag = session.getAttribute("login_status").toString();
+		String adminflag = session.getAttribute("adminflag").toString();
+		String rootflag = session.getAttribute("rootflag").toString();
 		if (servletPathString!= null
 				&&(servletPathString.equals("/login.jsp"))||
-				(servletPathString.equals("/homepage.jsp"))||
+				(servletPathString.equals("/page/homepage.jsp"))||
 				(servletPathString.equalsIgnoreCase("/CheckLoginServlet"))
 				) 
 		{
 			chain.doFilter(request, response);
 		}else {
-			if (flag!= null && flag.equals("admin")) {
+			if (flag.equals("1") && rootflag.equals("超级管理员")||adminflag.equals("管理员")) {
 				chain.doFilter(request, response);
-			}else if (flag!=null&&flag.equals("error")) {
+			}else if (flag.equals("1")&&adminflag.equals("")) {
 				req.setAttribute("msg", "你不是管理员！");
 				req.setAttribute("return_uri", servletPathString);
-				RequestDispatcher rd = req.getRequestDispatcher("/homepage.jsp");
+				RequestDispatcher rd = req.getRequestDispatcher("/page/homepage.jsp");
 				rd.forward(req, resp);
 			}else {
 				req.setAttribute("msg", "您尚未登录");

skic/src/com/skic/filter/CheckLoginFilter.java

@@ -0,0 +1,55 @@
+package com.skic.filter;
+
+import java.io.IOException;
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.RequestDispatcher;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+public class CheckLoginFilter implements Filter {
+
+    /**
+     * Default constructor. 
+     */
+    public CheckLoginFilter() {
+
+    }
+
+	/**
+	 * @see Filter#destroy()
+	 */
+	public void destroy() {
+
+	}
+
+	/**
+	 * @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
+	 */
+	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
+		HttpServletRequest req = (HttpServletRequest)request;
+		HttpServletResponse resp = (HttpServletResponse)response;
+		HttpSession session = req.getSession();
+		if (session.getAttribute("login_status")!=null) {
+			chain.doFilter(request, response);
+		}else{
+			req.setAttribute("msg", "您尚未登录");
+			RequestDispatcher rd = req.getRequestDispatcher("/login.jsp");
+			rd.forward(req, resp);
+		}
+		
+	}
+
+	/**
+	 * @see Filter#init(FilterConfig)
+	 */
+	public void init(FilterConfig fConfig) throws ServletException {
+
+	}
+
+}

skic/src/com/skic/service/CheckLoginService.java

@@ -1,6 +1,8 @@
 package com.skic.service;
 
 import java.sql.*;
+import java.util.HashMap;
+import java.util.Map;
 
 import com.skic.DAO.UserDAO;
 import com.skic.DAO.impl.UserDAOimpl;
@@ -10,18 +12,23 @@ import com.skic.util.ConnectionFactory;
 public class CheckLoginService {
 	private UserDAO userdao = new UserDAOimpl();
 
-	public boolean CheckUser(UserDTO USERDTO) {
+	public Map<String, Integer> CheckUser(UserDTO USERDTO) {
 		Connection conn = null;
-
+		Map<String ,Integer> flagTypeMap = new HashMap<String ,Integer>();
 		try {
 			conn = ConnectionFactory.getInstance().makeConnection();
 			conn.setAutoCommit(false);
 			ResultSet resultSet1 = userdao.select(conn, USERDTO);//调用数据库查询
 			conn.commit();
 			if (resultSet1.next()) {//查询账号是否存在
-				return true;
+				flagTypeMap.put("login_status",1);//1表示登录成功
+				flagTypeMap.put("vipflag",resultSet1.getInt("col_vipFlag"));
+				flagTypeMap.put("adminflag",resultSet1.getInt("col_adminFlag"));
+				flagTypeMap.put("rootflag",resultSet1.getInt("col_rootFlag"));
 			}else {
+				flagTypeMap.put("login_status",0);
 			}
+			System.out.println("login_status"+flagTypeMap.get("login_status")+"adminflag = "+flagTypeMap.get("adminflag")+"vipflag = "+flagTypeMap.get("vipflag")+"rootflag = "+flagTypeMap.get("rootflag"));
 		} catch (SQLException e) {
 			System.out.println("获取查询结果失败");
 			e.printStackTrace();
@@ -43,6 +50,6 @@ public class CheckLoginService {
 			}
 		}
 
-		return false;
+		return flagTypeMap;
 	}
 }

skic/src/com/skic/servlet/CheckLoginServlet.java

@@ -1,6 +1,7 @@
 package com.skic.servlet;
 
 import java.io.IOException;
+import java.util.Map;
 
 import javax.servlet.RequestDispatcher;
 import javax.servlet.ServletException;
@@ -34,21 +35,37 @@ public class CheckLoginServlet extends HttpServlet {
 		request.setCharacterEncoding("utf-8");
 		String userName = request.getParameter("userName");
 		String passWord = request.getParameter("passWord");
+		String adminflag = "";
+		String vipflag = "";
+		String rootflag = "";
 		RequestDispatcher rd = null;
 		String forwardString = null;
 		if (userName==null||passWord==null) {
 			request.setAttribute("msg", "用户名或密码为空");
-			rd = request.getRequestDispatcher("/messagePage/error.jsp");
+			rd = request.getRequestDispatcher("/page/messagePage/error.jsp");
 			rd.forward(request, response);
 		}else {
 			UserDTO user = new UserDTO();
 			user.setUserName(userName);
 			user.setPassword(passWord);
-			boolean bool = cks.CheckUser(user);
+			Map<String, Integer> rsMap = cks.CheckUser(user);
-			System.out.println(bool);
+			request.getSession().setAttribute("login_status", rsMap.get("login_status"));//存储登录状态
-			if (bool) {
+			if (rsMap.get("login_status")==1) {
 				request.setAttribute("msg", "登录成功");
-				request.setAttribute("RedirctURL", "homepage.jsp");
+				if (rsMap.get("adminflag")==1) {
+					adminflag = "管理员";
+				}
+				if (rsMap.get("vipflag")==1) {
+					vipflag = "VIP用户";
+				}
+				if (rsMap.get("rootflag")==1) {
+					rootflag = "超级管理员";
+				}
+				request.getSession().setAttribute("adminflag", adminflag);			
+				request.getSession().setAttribute("vipflag", vipflag);
+				request.getSession().setAttribute("rootflag", rootflag);
+				System.out.println("adminflag="+adminflag+"  vipflag="+" rootflag=");
+				request.setAttribute("RedirctURL", "/page/homepage.jsp");
 				request.setAttribute("Redirct", "前往主页");
 				//forwardString = "/messagePage/messageShow.jsp";
 			}else {
@@ -56,7 +73,7 @@ public class CheckLoginServlet extends HttpServlet {
 				request.setAttribute("RedirctURL", "register.jsp");
 				request.setAttribute("Redirct", "返回登录");
 			}
-			forwardString = "/messagePage/messageShow.jsp";
+			forwardString = "/page/messagePage/messageShow.jsp";
 			rd = request.getRequestDispatcher(forwardString);
 			rd.forward(request, response);
 		}

skic/src/com/skic/servlet/CheckRegisterServlet.java

@@ -41,7 +41,7 @@ public class CheckRegisterServlet extends HttpServlet {
 		String forwardString = null;
 		if (userName==null||passWord==null) {
 			request.setAttribute("msg", "用户名或密码为空");
-			rd = request.getRequestDispatcher("/messagePage/error.jsp");
+			rd = request.getRequestDispatcher("/page/messagePage/error.jsp");
 			rd.forward(request, response);
 		}else {
 			UserDTO user = new UserDTO();
@@ -62,7 +62,7 @@ public class CheckRegisterServlet extends HttpServlet {
 				request.setAttribute("RedirctURL", "register.jsp");
 				request.setAttribute("Redirct", "重新注册");
 			}
-			forwardString = "/messagePage/messageShow.jsp";
+			forwardString = "/page/messagePage/messageShow.jsp";
 			rd = request.getRequestDispatcher(forwardString);
 			rd.forward(request, response);
 		}

skic/src/com/skic/servlet/LogoutServlet.java

@@ -0,0 +1,65 @@
+package com.skic.servlet;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+public class LogoutServlet extends HttpServlet {
+
+	/**
+		 * Constructor of the object.
+		 */
+	public LogoutServlet() {
+		super();
+	}
+
+	/**
+		 * Destruction of the servlet. <br>
+		 */
+	public void destroy() {
+		super.destroy(); 
+	}
+
+	/**
+		 * The doGet method of the servlet. <br>
+		 *
+		 * This method is called when a form has its tag value method equals to get.
+		 * 
+		 * @param request the request send by the client to the server
+		 * @param response the response send by the server to the client
+		 * @throws ServletException if an error occurred
+		 * @throws IOException if an error occurred
+		 */
+	public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+		doPost(request, response);
+	}
+
+	/**
+		 * The doPost method of the servlet. <br>
+		 *
+		 * This method is called when a form has its tag value method equals to post.
+		 * 
+		 * @param request the request send by the client to the server
+		 * @param response the response send by the server to the client
+		 * @throws ServletException if an error occurred
+		 * @throws IOException if an error occurred
+		 */
+	public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+		request.getSession().invalidate();
+		response.sendRedirect(request.getContextPath()+"/index.jsp");
+	}
+
+	/**
+		 * Initialization of the servlet. <br>
+		 *
+		 * @throws ServletException if an error occurs
+		 */
+	public void init() throws ServletException {
+		
+	}
+
+}