su - 123 -> Vào welcome click OK admin, employee, superadmin
ad - 123 - > Vào welcome click OK admin, employee
em - 123 - > Vào welcome click OK employee
Login username: em, password: 123
Login successful =>> wellcome.jsp
Click admin & superadmin =>> accessdenied.jsp
Click employer =>> OK servlet
login.jsp
Java 2016
<%@page contentType="text/html" pageEncoding="UTF-8"%> <!DOCTYPE html> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Login</title> </head> <body> <h1>Login</h1> ${requestScope.message} <br> <form action="LoginServlet" method="POST"> Username: <input type="text" name="username"><br> Password: <input type="password" name="password"><br> <input type="submit" value="Login"/> </form> </body> </html>
wellcome.jsp
Java 2016
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Wellcome</title>
</head>
<body>
<a href="PermissionServlet?access=admin">admin</a><br>
<a href="PermissionServlet?access=employer">employer</a><br>
<a href="PermissionServlet?access=superadmin">superadmin</a><br>
</body>
</html>
accessdenied.jsp
Java 2016
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Access Denied</title>
</head>
<body>
<h1>Access Denied!</h1>
</body>
</html>
Servlet: LoginServlet.java
Java 2016
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
try (PrintWriter out = response.getWriter()) {
String username = request.getParameter("username");
String password = request.getParameter("password");
HttpSession session = request.getSession();
if (username.equals("su") && password.equals("123")) {
session.setAttribute("quyen", "su");
response.sendRedirect("wellcome.jsp");
} else if (username.equals("ad") && password.equals("123")) {
session.setAttribute("quyen", "ad");
response.sendRedirect("wellcome.jsp");
} else if (username.equals("em") && password.equals("123")) {
session.setAttribute("quyen", "em");
response.sendRedirect("wellcome.jsp");
} else {
request.setAttribute("message", "Tai khoan k hop le!!");
request.getRequestDispatcher("login.jsp").forward(request, response);
}
}
}
Filter: PermissionFilter.java
Java 2016
private void doBeforeProcessing(RequestWrapper request, ResponseWrapper response)
throws IOException, ServletException {
if (debug) {
log("PermissionFilter:DoBeforeProcessing");
}
HttpSession session = request.getSession();
String quyen = session.getAttribute("quyen").toString();
System.out.println("Quyen: "+ quyen);
String access = request.getParameter("access");
if(quyen.equals("ad") && access.equals("superadmin")){
response.sendRedirect("accessdenied.jsp");
}else if(quyen.equals("em") && access.equals("superadmin")){
response.sendRedirect("accessdenied.jsp");
}else if(quyen.equals("em") && access.equals("admin")){
response.sendRedirect("accessdenied.jsp");
}
}
0 nhận xét:
Post a Comment