JAVA实现权限管理的两种方式六.docx

JAVA实现权限管理的两种方式六 第一种方式：利用filter、xml文件和用户信息表配合使用来实现权限管理。1.过滤器filterackage .aaa.bbb.filter;imort java.io.IOExcetion;imort java.io.InutStream;imort java.util.HashMa;imort java.util.Iterator;imort java.util.List;imort java.util.Ma;imort javax.servlet.Filter;imort javax.servlet.FilterChain;imort javax.servlet.FilterConfig;imort javax.servlet.ServletContext;imort javax.servlet.ServletExcetion;imort javax.servlet.ServletRequest;imort javax.servlet.ServletResonse;imort javax.servlet.htt.HttServletRequest;imort javax.servlet.htt.HttServletResonse;imort mons.logging.Log;imort mons.logging.LogFactory;imort org.dom4j.Document;imort org.dom4j.Element;imort org.dom4j.io.SAXReader;imort .aaa.bbb.domain.User;imort .aaa.bbb.util.HttUtils;/* 过滤：后台管理的模块授权。根据：配置文件xml根据当前session中用的管理员信息。* 注：不用再访问数据库。也不需要再使用什么 bean 去判断。直接在这个类里就可以判断。* author cuiguangqiang*/ublic class ManagerAuthFilter imlements Filter rotected static final Log logger = LogFactory.getLog(ManagerAuthFilter.class);ublic static final String MAING_FILE = "/WEB-INF/managerauthmaing.xml"rivate ServletContext context = null;rivate Ma actions = new HashMa();ublic void init(FilterConfig filterConfig) throws ServletExcetion context = filterConfig.getServletContext();if(context=null)logger.error("unable to init as servlet context is null");return;loadConf();("ManagerAuthFilter configure success.");rivate void loadConf() InutStream inutStream = context.getResourceAsStream(MAING_FILE);if (inutStream = null) ("unable find auth maing file " + MAING_FILE); else actions = arseConf(inutStream);rivate Ma arseConf(InutStream inutStream) try SAXReader reader = new SAXReader();Document document = reader.read(inutStream);return createActionMa(document); catch (Excetion e) (e.getMessage();e.rintStackTrace();return new HashMa();rivate Ma createActionMa(Document document) Ma ma = new HashMa();Element root = document.getRootElement();/处 理XML读入JAVA Object对象中。List actionList = root.elements();for (Iterator it = actionList.iterator(); it.hasNext();) Element e = (Element) it.next();String actionName = e.attributeValue("name");String auth_value = e.element("auth-value").getTextTrim();ma.ut(actionName,auth_value);(actionName + " is " + auth_value);return ma;ublic void doFilter(ServletRequest request, ServletResonse resonse,FilterChain chain) throws IOExcetion, ServletExcetion /处理某次提交的Action是否在权限定义范围内/权限共有：1:站长；2:；0:Admin ; all 代表所有人都可以。（均需要登录）HttServletRequest req = (HttServletRequest) request;HttServletResonse res = (HttServletResonse) resonse;/（）得到此次用户的提交请求String url = req.getServletath();/（）只有在配置文件中存在的 action 才进行处理String method = req.getarameter("method");if(method!=null)url = url + "?method=" + method;String auth_value = (String)actions.get(url);if(auth_value=null)("action is not in Manager Auth xml.");chain.doFilter(request, resonse);return;/第一必须要登录/ 取得当前用户；User manager = (User) HttUtils.getAdminUserSession(req);/ 检查管理用户是否登录if (manager = null) res.sendRedirect(req.getContextath()+"/sessionLost.do");return;/第二必须在权限定义范围内if(auth_value.indexOf("all")>=0)chain.doFilter(request, resonse);/必须返回给上一层。return ;else/ String currUserAuth = ","+Integer.toString( manager.getLever()+","String currUserAuth = Integer.toString( manager.getLever();if(auth_value.indexOf(currUserAuth)>=0)chain.doFilter(request, resonse);/必须返回给上一层。return ;elseres.sendRedirect(req.getContextath()+"/accessdenied.do");return ;ublic void destroy() ("in authfilter destroy");2.xml文件xml只给出了部分内容不过所有的内容都包括了。<?xml version="1.0" encoding="UTF-8"?><!-权限共有：0:Admin 具有所有权限包括增删改用户; 1:站长 ;2:;-><maing><!-xxxx管理模块xx列表,报名选手和历史比赛查询部分-><action name="/listallmatch.do"><auth-value>0,1</a uth-value></action><action name="/matchManager.do"><auth-value>0,</auth-value></action><action name="/rewrite.do"><auth-value>0,1</auth-value></action><action name="/leftHome.do"><auth-value>all,</auth-value></action><action name="/login.do"><auth-value>all,</auth-value></action></maing>3.用户表里面有一个用来保存用户级别的字段level具体用户表的信息有以下内容,我用实体类来表示用户表的信息因为没有表结构了。/* The comosite rimary key value.*/rivate String id;/* 用户编号*/rivate String userId;/* The value of the simle username roerty. */rivate String username;/* The value of the simle assword roerty. */rivate String assword;/* 0:Admin;1:站长;2:;*/rivate int lever=1;/* 创建用户的日期*/rivate Date createDate;所有的操作都显示在页面上当该操作时才进行权限控制抛出是否该用户有没有该功能的权限。第二种方式：利用专门的权限表来维护用户权限根据登录的用户的权限信息判断谋个功能是否显示在页面上来实现权限的控制。1.不用数据库表了我用实体类的属性来表示。rivate String id;/* 管理员id*/rivate String emloyeeid;/*管理功能id*/rivate String urlid;/* 功能名称*/rivate String urlname;超级管理员给每一个用户分配权限然后添加到该张表中。登录用户根据自己的权限可以判断是否显示该功能。权限控制表设计(用户+角色+权限) 大概有这几种模式： 用户+组+角色+权限 用户+组+权限 用户+角色+权限 用户+权限两种权限管理其一是功能权限的管理而另外一种则是资源权限的管理A.数据库表形式1.用户表用户编号, 用户名, 密码, 角色编号2.角色表角色编号, 角色名3.功能表(主要保存系统功能清单)编号, 功能名称, 父编号, URL4.角色权限对应表编号, 角色编号, 功能编号, 权限-imort java.util.Set; ublic class UserVo rivate Integer id; rivate String uname; rivate String assword; rivate Level level; ublic Level getLevel() return level; ublic void setLevel(Level level) t his.level = level; ublic String getUname() return uname; ublic void setUname(String uname) this.uname = uname; ublic String getassword() return assword; ublic void setassword(String assword) this.assword = assword; ublic Integer getId() return id; ublic void setId(Integer id) this.id = id; ublic class Level rivate Integer id; rivate String levelName; rivate Set<Quanxian> qx = new HashSet<Quanxian>(0); ublic Integer getId() return id; ublic void setId(Integer id) this.id = id; ublic String getLevelName() return levelName; ublic void setLevelName(String levelName) this.levelName = levelName; ublic Set<Quanxian> getQx() return qx; ublic void setQx(Set<Quanxian> qx) this.qx = qx; ublic class Quanxian rivate Integer id; rivate String quanxian; rivate Integer fatherid; rivate String url; ublic Integer getFatherid() return fatherid; ublic void setFatherid(Integer fatherid) this.fatherid = fatherid; ublic Integer getId() return id; ublic void setId(Integer id) this.id = id; ublic String getQuanxian() return quanxian; ublic void setQuanxian(String quanxian) this.quanxian = quanxian; ublic String getUrl() return url; ublic void setUrl(String url) this.url = url; ublic class AdminLoginCheck extends HttServlet imlements Filter /通过 一个过滤器 Filter 进行权限控制 rivate FilterConfig filterConfig; /Handle the assed-in FilterConfig ublic void init(FilterConfig filterConfig) throws ServletExcetion this.filterConfig = filterConfig; /rocess the request/resonse air ublic void doFilter(ServletRequest request, ServletResonse resonse, FilterChain filterChain) /System.out.rintln(thi