如何限制JSP / Servlet中的每个用户角色?
[英]How to restrict every user roles in JSP/Servlet?
问题描述
I want to provide many users in my JPS web application. 
我想在我的JPS Web应用程序中提供许多用户。 I dont want to have many pages to be redirected for every user. 我不希望为每个用户重定向许多页面。 I only want one page for all the user. 我只想为所有用户提供一个页面。 For example, I have one page that contains add, edit and delete button which is the primary or only role of the admin users. 例如,我有一个页面包含添加,编辑和删除按钮,这是管理员用户的主要或唯一角色。 If the login user is not admin I dont want any user to have access for add, edit and delete. 如果登录用户不是管理员,我不希望任何用户有权添加,编辑和删除。
2 个解决方案
解决方案1
2 已采纳 2013-01-27 06:26:32
It is possible even if you are using same JSP page for different role. 即使您对不同的角色使用相同的JSP页面也是可能的。 JSP compiled in server and transformed into raw HTML & js before sending it to client. JSP在服务器中编译并在发送到客户端之前转换为原始HTML和js。
So in JSP page you can put condition basis of user role. 所以在JSP页面中你可以放置用户角色的条件基础。 like - 喜欢 -
LoginServlet - LoginServlet -
public class LonginServelt extends HttpServlet{
public void doPost(HttpServletRequest request, HttpServletResponse response){
User user = userService.checkUserCredential(username,password);
Session session = request.getSession();
session.setAttribute("user",user);
}
}
<c:choose>
<c:when test="${isAdmin}">
You got Gold
</c:when>
<c:when test="${isCustomer}">
You got Silver
</c:when>
<c:when test="${isProducer}">
You got Bronze
</c:when>
<c:otherwise>
Better luck next time
</c:otherwise>
</c:choose>
So when user hit this page with different role in server itself it will populate role depended html. 因此,当用户在服务器本身中使用不同角色访问此页面时,它将填充角色依赖的html。
Note : you can even use scriplet to put condition which is treated as old technology.
解决方案2
1 2013-01-27 07:28:20
what you want is a filter a sessionfilter to be precise, you can try these: 你想要的是一个精确的过滤器sessionfilter,你可以尝试这些:
i assume you have a user class if not: 我假设你有一个用户类,如果不是:
User.java User.java
public class User implements Serializable {
private int accountId;
private String loginId;
private Role type;
public User(int accountId, String loginId, Role type) {
this.accountId = accountId;
this.loginId = loginId;
this.type = type;
}
public User() {
this.accountId = -1;
this.loginId = null;
this.type = null;
}
public void setRole(Role type) {
this.type = type;
}
public Role getRole() {
return this.type;
}
public void setAccountId(int accountId) {
this.accountId = accountId;
}
public int getAccountId() {
return this.accountId;
}
public void setLoginId(String loginId) {
this.loginId = loginId;
}
public String getLoginId() {
return this.loginId;
}
}
you can also create an enum for your role types: 您还可以为您的角色类型创建枚举:
Role.java Role.java
public enum Role {
ADMINISTRATOR, STAFF;
}
in your login.jsp, this is just an example to give you an idea: 在你的login.jsp中,这只是一个给你一个想法的例子:
<%
//put your login query stuff here
User user = new User();
user.setAccountId(1);
user.setLoginId("adminaccount01);
user.setRole(Role.ADMINISTRATOR);
session.setAttribute("LOGIN_USER", user);
%>
here is the filter: SessionCheckFilter.java 这是过滤器: SessionCheckFilter.java
public class SessionCheckFilter implements Filter {
private String contextPath;
@Override
public void init(FilterConfig fc) throws ServletException {
contextPath = fc.getServletContext().getContextPath();
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain fc) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
User user = (User) req.getSession().getAttribute("LOGIN_USER");
if (user == null) {
//put your redirect stuff here
res.sendRedirect(contextPath + "/to_your_login.jsp");
} else {
switch (user.getRole()) {
case ADMINISTRATOR:
//put your redirect stuff here
res.sendRedirect(contextPath + "/redirect_to_your_admin_path/admin_page.jsp");
break;
case STAFF:
//put your redirect stuff here
res.sendRedirect(contextPath + "/redirect_to_staff_path/staff_page.jsp");
break;
default:
break;
}
fc.doFilter(request, response);
}
}
@Override
public void destroy() {
}
}
and add don't forget to add these to web.xml 并添加不要忘记将这些添加到web.xml
<filter>
<filter-name>SessionCheckFilter</filter-name>
<filter-class>package_name_if_there_is_any.SessionCheckFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>SessionCheckFilter</filter-name>
<url-pattern>/your_path/*</url-pattern>
</filter-mapping>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.