标签:
一、使用过滤器实现登录验证、权限认证
1.创建5张表
/*使用过滤器实现权限过滤功能*/ /**创建数据库*/ DROP DATABASE day20; CREATE DATABASE day20; USE DAY20; /*用户表*/ DROP TABLE IF EXISTS USER; CREATE TABLE USER( userid VARCHAR(32) , username VARCHAR(32), userpassword VARCHAR(32), CONSTRAINT pk_userid PRIMARY KEY (userid) ); /*角色表*/ CREATE TABLE role( roleid VARCHAR(32), rolename VARCHAR(32), roledes VARCHAR(120),/*角色分配的菜单????*/ CONSTRAINT pk_roleid PRIMARY KEY(roleid) ); /*创建菜单表*/ CREATE TABLE menu( menuid VARCHAR(32), menuname VARCHAR(32), menuurl VARCHAR(32), CONSTRAINT pk_menuid PRIMARY KEY (menuid) ); /*开始创建中间表*/ /*创建userrole中间表*/ CREATE TABLE userrole( userid VARCHAR(32), roleid VARCHAR(32), CONSTRAINT pk_userrole PRIMARY KEY(userid,roleid), CONSTRAINT fk_userid FOREIGN KEY(userid) REFERENCES USER(userid), CONSTRAINT fk_roleid FOREIGN KEY(roleid) REFERENCES role(roleid) ); /*创建rolemenu中间表*/ CREATE TABLE rolemenu( menuid VARCHAR(32), roleid VARCHAR(32), CONSTRAINT rm_pk PRIMARY KEY(menuid,roleid), CONSTRAINT rm_fk1 FOREIGN KEY(menuid) REFERENCES menu(menuid), CONSTRAINT rm_fk2 FOREIGN KEY(roleid) REFERENCES role(roleid) ) INSERT INTO USER VALUES(‘U001‘,‘Jack‘,‘1234‘); INSERT INTO USER VALUES(‘U002‘,‘张三‘,‘4321‘); INSERT INTO USER VALUES(‘U003‘,‘Tom‘,‘1111‘); INSERT INTO role VALUES(‘R001‘,‘管理员‘,‘‘); INSERT INTO role VALUES(‘R002‘,‘教师‘,‘‘); INSERT INTO userrole VALUES(‘U001‘,‘R001‘); INSERT INTO userrole VALUES(‘U002‘,‘R002‘); INSERT INTO menu VALUES(‘M001‘,‘系统管理‘,‘/sys.jsp‘); INSERT INTO menu VALUES(‘M002‘,‘用户管理‘,‘/user.jsp‘); INSERT INTO menu VALUES(‘M003‘,‘角色管理‘,‘/role.jsp‘); INSERT INTO rolemenu VALUES(‘M001‘,‘R001‘); INSERT INTO rolemenu VALUES(‘M002‘,‘R001‘); INSERT INTO rolemenu VALUES(‘M003‘,‘R001‘); INSERT INTO rolemenu VALUES(‘M003‘,‘R002‘);
ER图:
2.sql查询准备
(1)查找所有用户对应的角色信息
SELECT u.username,r.rolename FROM USER u INNER JOIN userrole ur ON u.userid=ur.userid INNER JOIN role r ON r.roleid=ur.roleid;
(2)查找所有角色对应的管理菜单
SELECT r.rolename,m.menuname FROM role r INNER JOIN rolemenu rm ON r.roleid=rm.roleid INNER JOIN menu m ON rm.menuid=m.menuid;
(3)查找所有用户对应的管理菜单
SELECT u.username,m.menuname FROM USER u INNER JOIN userrole ur ON u.userid=ur.userid INNER JOIN role r ON ur.roleid=r.roleid INNER JOIN rolemenu rm ON r.roleid=rm.roleid INNER JOIN menu m ON rm.menuid=m.menuid;
3.注意:在使用过滤器进行权限认证的时候最重要的是sql的写法,即最重要的是数据库查询部分
4.过滤器
(1)登陆验证过滤器:首先验证是否已经登陆,如果没有登录的话,首先需要登陆,在web.xml文件中配置的时候要放在所有认证过滤器的前面。
示例代码:
import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class LoginFilter implements Filter { public void init(FilterConfig filterConfig) throws ServletException { // TODO Auto-generated method stub } public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest req = (HttpServletRequest) request; if(req.getSession().getAttribute("user")==null){ System.err.println("用户还没有登录"); HttpServletResponse resp = (HttpServletResponse) response; resp.sendRedirect(req.getContextPath()+"/index.jsp?error=2"); }else{ chain.doFilter(req, response); } } public void destroy() { // TODO Auto-generated method stub } }
(2)权限认证过滤器:如果用户已经登陆(登陆验证过滤器负责),而且想要访问权限不够的资源,比如教师想要进行系统管理,因为教师没有系统管理的权限,所以系统应当拦截该请求并警醒错误提示。
示例代码:
package cn.itcast.filter; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import org.apache.commons.dbutils.QueryRunner; import org.apache.commons.dbutils.handlers.ScalarHandler; import cn.itcast.domain.User; import cn.itcast.utils.DataSourceUtils; public class AuthFilter implements Filter { public void init(FilterConfig filterConfig) throws ServletException { // TODO Auto-generated method stub } public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { //获取uri HttpServletRequest req = (HttpServletRequest) request; String uri = req.getRequestURI();//Http://localhost:8080/day20/jsps/role.jsp->day20/jsps/role.jsp uri = uri.replace(req.getContextPath(), ""); //组成sql String sql = "SELECT COUNT(1)"+ " FROM menus m INNER JOIN rolemenu rm ON m.id=rm.mid"+ " INNER JOIN roles r ON r.id=rm.rid"+ " INNER JOIN roleuser ru ON r.id=ru.rid"+ " WHERE ru.uid=? AND url=?"; //取到用户的id User user = (User) req.getSession().getAttribute("user"); try{ QueryRunner run = new QueryRunner(DataSourceUtils.getDatasSource()); Object o = run.query(sql,new ScalarHandler(),user.getId(),uri); int size = Integer.parseInt(o.toString()); if(size==0){ System.err.println("你没有权限...."); }else{ chain.doFilter(req, response); } }catch(Exception e){ } } public void destroy() { // TODO Auto-generated method stub } }
二、观察者模式和监听器
1.监听器存在三个对象
(1)监听者:XxxxListener
一般是一个接口
(2)被监听者
任意对象都能成为被监听者
(3)监听到的事件:XxxxEvent
永远是一个具体类,用来放监听到的数据,永远都会有一个方法getSource,该方法返回被监听的对象
2.观察者模式
(1)java Web中的所有监听器使用的都是观察者模式
(2)观察者模式模拟
【Java EE 学习第20 天】【使用过滤器实现登陆验证、权限认证】【观察者模式和监听器(使用监听器实现统计在线IP、登录IP 、踢人功能)】
标签:
原文地址:http://www.cnblogs.com/kuangdaoyizhimei/p/4590633.html
