权限登录系统案例-JavaWeb开发实例

创建用户实例，包括：用户名、密码、权限三种属性

public class User
{
    private String username;
    private String password;
    private String authority;

    public String getUsername()
    {
        return username;
    }
    public void setUsername(String username)
    {
        this.username = username;
    }
    public String getPassword()
    {
        return password;
    }
    public void setPassword(String password)
    {
        this.password = password;
    }
    public String getAuthority()
    {
        return authority;
    }
    public void setAuthority(String authority)
    {
        this.authority = authority;
    }
}

2、UserLoginServlet.java

获取到前端用户界面输入的用户名、密码及权限参数，判断这三种属性是否正确，转向相应的处理页面。

import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import com.shengsiyuan.bean.User;

public class UserLoginServlet extends HttpServlet
{
    @Override
    protected void doPost(HttpServletRequest req, HttpServletResponse resp)
            throws ServletException, IOException
    {
        User user = new User();
        HttpSession session = req.getSession();
        String username = req.getParameter("username");
        String password = req.getParameter("password");
        String authority = req.getParameter("authority");

        if("1".equals(authority)){
            //登录的是普通用户
            if("zhangsan".equals(username) && "123".equals(password)){
                // 将用户的信息放置到session当中
                user.setUsername(username);
                user.setPassword(password);
                user.setAuthority(authority);

                session.setAttribute("user", user); 
                //请求转发的形式转向下一步网页        req.getRequestDispatcher("/session/index.jsp").forward(req, resp);
            }
            else{
                //1、重定向，客户端重新发送新的请求
                resp.sendRedirect("session/login.jsp?username=" + username + "&authority=" + authority);
                //2、请求转发
//              req.setAttribute("username", username);
//              req.setAttribute("password", password);
//              req.setAttribute("authority", authority);
//              RequestDispatcher rd = req.getRequestDispatcher("session/login.jsp");
//              rd.forward(req, resp);
            }
        }

        else if("2".equals(authority)){
            //登录的是系统管理员
            if("lisi".equals(username) && "456".equals(password)){
                user.setUsername(username);
                user.setPassword(password);
                user.setAuthority(authority);

                session.setAttribute("user", user);
                req.getRequestDispatcher("/session/index.jsp").forward(req, resp);
            }
            else{
                //1、重定向，客户端重新发送新的请求
                resp.sendRedirect("session/login.jsp?username=" + username + "&authority=" + authority);
                //2、请求转发
//              req.setAttribute("username", username);
//              req.setAttribute("password", password);
//              req.setAttribute("authority", authority);
//              RequestDispatcher rd = req.getRequestDispatcher("session/login.jsp");
//              rd.forward(req, resp);
            }
        }
        // 登录失败，防止用户通过地址栏的方式直接访问
        else{
            //1、重定向，客户端重新发送新的请求
            resp.sendRedirect("session/login.jsp?username=" + username + "&authority=" + authority);
            //2、请求转发
//          req.setAttribute("username", username);
//          req.setAttribute("password", password);
//          req.setAttribute("authority", authority);
//          RequestDispatcher rd = req.getRequestDispatcher("session/login.jsp");
//          rd.forward(req, resp);
        }
    }
}

3、login.jsp

用户登录前端页面，用户可以输入相应代码

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
 <base href="<%=basePath%>">
  </head>

  <body>
    <% String username = request.getParameter("username");
       String authority = request.getParameter("authority");
    %>

    <form action="UserLoginServlet" method="post">

    username: <input type="text" name="username" value='<%= null == username ? "" : username %>'><br>
    password: <input type="password" name="password"><br>

    authority: 
    <select name="authority">
        <option value="1" <%= "1".equals(authority) ?  "selected='selected'" : ""%>>common user</option>
        <option value="2" <%= "2".equals(authority) ?  "selected='selected'" : "" %>>administrator</option>
    </select>

    <br>

    <input type="submit" value="submit">

    </form>
  </body>
</html>

4、index.jsp

验证正确的转向页面，可对不同权限的用户显示不同的功能按键。

<%@ page language="java" import="com.shengsiyuan.bean.User" pageEncoding="UTF-8"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <base href="<%=basePath%>">

    <title>My JSP 'index.jsp' starting page</title>

    <meta http-equiv="pragma" content="no-cache">
    <meta http-equiv="cache-control" content="no-cache">
    <meta http-equiv="expires" content="0">    
    <meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
    <meta http-equiv="description" content="This is my page">
    <!--
    <link rel="stylesheet" type="text/css" href="styles.css">
    -->

  </head>

  <body>

    <% User user = (User)session.getAttribute("user");
       if(null == user){
           response.sendRedirect("session/login.jsp");
           return;
       }
    %>

    <a href="QueryServlet">query</a><br>
    <%if(((User)session.getAttribute("user")).getAuthority().equals("2")){ %>
    <a href="UpdateServlet">update</a>
    <%} %> 

  </body>
</html>

5、QueryServlet.jsp

查询功能

package com.shengsiyuan.servlet;

import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

public class QueryServlet extends HttpServlet
{
    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp)
            throws ServletException, IOException
    {
        HttpSession session = req.getSession();
        //用户未登录
        if(null == session.getAttribute("user")){
            resp.sendRedirect("session/login.jsp");
            return;
        }
        System.out.println("成功");
    }
}

6、UpdateServlet.java

更新功能

package com.shengsiyuan.servlet;

import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import com.shengsiyuan.bean.User;

public class UpdateServlet extends HttpServlet
{
    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp)
            throws ServletException, IOException
    {
        HttpSession session = req.getSession();

        //用户未登录
        if (null == session.getAttribute("user")){
            resp.sendRedirect("session/login.jsp");
            return ;
        }

        User user = (User)session.getAttribute("user");
        //普通用户
        if("1".equals(user.getAuthority())){
            System.out.println("失败");
        }
        //管理员
        else {
            System.out.println("成功");
        }
    }
}