アクセス制御



1、手順1:filterに権限判断を追加する

  
  
  
  
  1. public class AuthFilter implements Filter { 
  2.  
  3.     @Override 
  4.     public void destroy() { 
  5.     } 
  6.  
  7.     @Override 
  8.     public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, 
  9.                          FilterChain filterChain) throws IOException, ServletException { 
  10.         HttpServletRequest request = (HttpServletRequest) servletRequest; 
  11.         HttpServletResponse response = (HttpServletResponse) servletResponse; 
  12.         String currentURL = request.getRequestURI();  
  13.         String targetURL = currentURL.substring(currentURL.indexOf("/"1), currentURL.length());  
  14.         HttpSession session = request.getSession(false); 
  15.         if (!"/login/login.html".equals(targetURL)) { 
  16.             // , session ,  
  17.             if (session == null || session.getAttribute("user") == null) { 
  18.                 //* session 
  19.                 response.sendRedirect(request.getContextPath() + "/page/login/login.html"); 
  20.                 // session login.jsp  
  21.                 return
  22.             } 
  23.         } 
  24.         // filter  
  25.         filterChain.doFilter(request, response); 
  26.     } 
  27.  
  28.     @Override 
  29.     public void init(FilterConfig arg0) throws ServletException { 
  30.     } 

 
2、web.xmlで構成し、アクセスをブロックするページ

  
  
  
  
  1. <filter> 
  2.     <filter-name>authFilter</filter-name> 
  3.     <filter-class>com.alibaba.hummock.console.filter.AuthFilter</filter-class> 
  4. </filter> 
  5. <filter-mapping> 
  6.     <filter-name>authFilter</filter-name> 
  7.     <url-pattern>*.html</url-pattern> 
  8. </filter-mapping> 

3、ログイン時にuserをセッションに書き込む