猿问

一般给用户是怎么设置权限的。

在jsp中,在管理员页面,勾选一些项目,然后在普通用户访问时,只能查到管理员勾选的页面。原来一个学长做的是只有筛选功能的,能从这些项目中选出某些特定的项,比如:图书馆。而我想要的是,要我没选图书馆,别人就搜不到图书馆。这该怎么实现。是可以再用户页面隐藏这些项吗?

想要飞的更高
浏览 2338回答 3
3回答

码农的希望

回复 想要飞的更高:RBAC  基于角色的权限控制 tb_user tb_role tb_userrole tb_menu(增、删、改、查) tb_rolemenu1 说明我们给出三个页面:index.jsp、user.jsp、admin.jsp。 index.jsp:谁都可以访问,没有限制; user.jsp:只有登录用户才能访问; admin.jsp:只有管理员才能访问。2 分析设计User类:username、password、grade,其中grade表示用户等级,1表示普通用户,2表示管理员用户。当用户登录成功后,把user保存到session中。创建LoginFilter,它有两种过滤方式: 如果访问的是user.jsp,查看session中是否存在user; 如果访问的是admin.jsp,查看session中是否存在user,并且user的grade等于2。3 代码User.javapublic class User { private String username; private String password; private int grade;…}为了方便,这里就不使用数据库了,所以我们需要在UserService中创建一个Map,用来保存所有用户。Map中的key中用户名,value为User对象。UserService.javapublic class UserService { private static Map<String,User> users = new HashMap<String,User>(); static {  users.put("zhangSan", new User("zhangSan", "123", 1));  users.put("liSi", new User("liSi", "123", 2)); }  public User login(String username, String password) {  User user = users.get(username);  if(user == null) return null;  return user.getPassword().equals(password) ? user : null; }}login.jsp  <body>  <h1>登录</h1>   <p style="font-weight: 900; color: red">${msg }</p>    <form action="<c:url value='/LoginServlet'/>" method="post">     用户名:<input type="text" name="username"/><br/>     密 码:<input type="password" name="password"/><br/>     <input type="submit" value="登录"/>    </form>  </body>index.jsp  <body>    <h1>主页</h1>    <h3>${user.username }</h3>    <hr/>    <a href="<c:url value='/login.jsp'/>">登录</a><br/>    <a href="<c:url value='/user/user.jsp'/>">用户页面</a><br/>    <a href="<c:url value='/admin/admin.jsp'/>">管理员页面</a>  </body>/user/user.jsp<body><h1>用户页面</h1><h3>${user.username }</h3><hr/></body>/admin/admin.jsp<body>  <h1>管理员页面</h1>  <h3>${user.username }</h3>  <hr/></body>LoginServletpublic class LoginServlet extends HttpServlet { public void doPost(HttpServletRequest request, HttpServletResponse response)   throws ServletException, IOException {  request.setCharacterEncoding("utf-8");  response.setContentType("text/html;charset=utf-8");    String username = request.getParameter("username");  String password = request.getParameter("password");  UserService userService = new UserService();  User user = userService.login(username, password);  if(user == null) {   request.setAttribute("msg", "用户名或密码错误");   request.getRequestDispatcher("/login.jsp").forward(request, response);  } else {   request.getSession().setAttribute("user", user);   request.getRequestDispatcher("/index.jsp").forward(request, response);  } }}LoginUserFilter.java  <filter>    <display-name>LoginUserFilter</display-name>    <filter-name>LoginUserFilter</filter-name>    <filter-class>cn.itcast.filter.LoginUserFilter</filter-class>  </filter>  <filter-mapping>    <filter-name>LoginUserFilter</filter-name>    <url-pattern>/user/*</url-pattern>  </filter-mapping>public class LoginUserFilter implements Filter { public void destroy() {} public void init(FilterConfig fConfig) throws ServletException {} public void doFilter(ServletRequest request, ServletResponse response,   FilterChain chain) throws IOException, ServletException {  response.setContentType("text/html;charset=utf-8");  HttpServletRequest req = (HttpServletRequest) request;  User user = (User) req.getSession().getAttribute("user");  if(user == null) {   response.getWriter().print("您还没有登录");   return;  }  chain.doFilter(request, response); }}LoginAdminFilter.java  <filter>    <display-name>LoginAdminFilter</display-name>    <filter-name>LoginAdminFilter</filter-name>    <filter-class>cn.itcast.filter.LoginAdminFilter</filter-class>  </filter>  <filter-mapping>    <filter-name>LoginAdminFilter</filter-name>    <url-pattern>/admin/*</url-pattern>  </filter-mapping>public class LoginAdminFilter implements Filter { public void destroy() {} public void init(FilterConfig fConfig) throws ServletException {} public void doFilter(ServletRequest request, ServletResponse response,   FilterChain chain) throws IOException, ServletException {  response.setContentType("text/html;charset=utf-8");  HttpServletRequest req = (HttpServletRequest) request;  User user = (User) req.getSession().getAttribute("user");  if(user == null) {   response.getWriter().print("您还没有登录!");   return;  }  if(user.getGrade() < 2) {   response.getWriter().print("您的等级不够!");   return;  }  chain.doFilter(request, response); }}

想要飞的更高

谢谢你
随时随地看视频慕课网APP
我要回答